Keeping Call Center Data Secure in Remote Work Settings

Call center agents have access to ample information—often more than what they need to properly assist customers. That issue has only been exacerbated during the COVID-19 pandemic, as call centers have remained closed and agents are set up for home support. 

Typically, companies are enabling remote agents through virtual private networks (VPNs), enabling access to legacy on-premises systems through their personal device. Unfortunately, this method presents several issues: it’s expensive to both setup and maintain, it provides poorer call quality, and it’s tougher to scale.

Perhaps the biggest challenge, though, is security. VPNs put a strain on IT resources since they require a call center manager to request access to every user individually. Limiting call center workforce access within customer relationship management (CRMs) systems and other mission-critical applications is complex. Applications have different ways of naming user access controls, and many don’t have the same level of detail. As call center workers move between applications, companies need appropriate controls in place across all of them. Agents for health care providers have even more to consider, such as the HIPAA Privacy Rule, which establishes national standards for protecting medical records and other personal health information.

Without standardized controls, call center workers have different levels of access. Most teams still need to share data with each other, but a VPN suffers from slow transfer speeds. The result: data either gets siloed off or shared in ways that aren’t secure, such as through third-party sharing sites or even over text—leaving it vulnerable.

How Companies Have Been Battling Remote Agent Data Access

The National Security Agency warns that with more companies using VPN, the threat of cyberattack via malicious actors has increased. Agents are routinely handling PII such as customer names, addresses, credit card or banking info, and social security numbers. That leads to technology threats and the potential for both insider attacks and social engineering scams, where a hacker poses as a customer to unearth private data.

It's clear agent access makes company data more vulnerable. So, how are companies addressing this solution?

In most cases, it’s one of two extremes. Some companies install minimal security operations. For example, they’ll require a password change every three months—a practice based on an old-school mentality that doesn’t increase security. Even the FTC says so; attackers who have previously learned a password can more easily guess the user’s new password, and users with the weakest passwords are most susceptible to having future passwords guessed by applying transformations.

Alternatively, a company may take the opposite mindset, introducing a Big Brother-esque scenario. As part of its remote work policy, Colombian company Teleperformance required workers to submit to installing AI-powered cameras in their homes to identify restricted objects around the workspace, such as paper or phones. The company also collected biometric data and asked employees to take polygraph tests in security studies. These requirements not only led to a collective distrust of management — they created public backlash and hurt the company’s reputation among customers.   

You don’t need Goldilocks to tell you neither one of these situations is just right. While a VPN may have been a quick fix at the start of the pandemic, something needs to change for remote call center agents.

Current Remote Call Center Options are Unappealing

As companies deal with the reality that remote work is likely here to stay in some capacity, they’re faced with increased security tooling for employees. This route involves using software tools as a support system for vulnerability and risk identification. We may see more headway in these areas through AI, which is being used as a complement to both customer conversations and human agents. However, for many companies, security tooling isn’t a feasible choice, as it’s pricey and the right tools may not exist for their contact center framework. 

Even if a company could do this, the potential for data leakage is still high. For example, a company using a transcription service must remove all PII from any files—a quality assessor should not have access to customer data to make sure call center workers are providing appropriate service.

Nullafi for Call Center Data Security and Efficiency

Providing security tooling is costly, time-consuming, and may not solve all company problems. Additionally, the same data privacy risks faced before the pandemic still must be resolved.

But what if there were a way to ensure users only see the data they need to see, without resorting to complex tools, relying on manual fixes, or blocking too much data? Enter Nullafi — our proprietary data security software intelligently recognizes and obfuscates sensitive data in transit before it gets to a user’s device.

Because Nullafi operates at the network level, we can work with any application, any data, anytime, anywhere, with no application integrations necessary. All you need to do is change a single configuration file on your network, and using simple-yet-powerful controls, you can detect and redact sensitive data, solving data privacy, security, and access challenges.

Don’t wait to protect your sensitive data — schedule a demo today.