Protecting Customer Identities in a Work-at-Home Environment
It is no secret that landing a job in today's tough economic environment is difficult. People must often commute many miles or spend hours in traffic because their community offers limited employment opportunities. This standard approach often excludes talented individuals, due to their inability to commute long distances and/or the costs associated with the commute, leaving an untapped market of unemployed people who are willing and able to work.
With this in mind, more and more customer care call centers are initiating opportunities for traditional white-collar jobs without the commute. Rather than driving long distances to sit at a desk, agents now have the luxury of doing their jobs and providing customer care from the comfort of their own homes. The ability to work at home has opened the door to greater operational flexibility, performance enhancements, disaster recovery capabilities, larger talent pools, and many other benefits, all with a new and larger demographic and radius.
The main concern with agents working from home is security of customers' information. In a time when data breaches occur almost every week, customers are often uncomfortable giving out their personal information to an unknown voice on the phone.
Following are seven strategies to help protect customer identities and confidential information when agents work from home:
1. Leverage managed thin client devices for work-at-home agents. First, PCI DSS always needs to be factored in when it comes to accessing and storing customers' sensitive data. Second, endpoint device management and security should be at the top of the list when protecting customer confidentiality. There are two approaches to computing for most work-at-home vendors, one being the scenario where the asset is provided by the agent (this is true with most outsourcers), and the other where the company provides the managed asset. With the agent-provided asset, additional software is leveraged to secure the endpoint device, thus eliminating the ability to store data locally. The other approach, deploying managed assets, is the least used but provides another element of security and control as the end agent has no administrative rights, access, or privileges on the asset. Leveraging company-provided thin client devices is a great option for virtual users as these devices include technology and software already in place to keep the computer at the server level.
2. Deploy endpoint encapsulation on the thin client device with a virtual desktop infrastructure (VDI). Provide a completely secured environment through both hardware and software. Centrally managed cloud-based VDI lockdown will prevent access to the Internet or private documents, only allowing the agent access to client-approved areas as defined by user rights. As part of the endpoint control, output options, such as the ability to print, leverage external storage device, access ports, etc., need to be managed, allowing access only as defined by each client.
3. Only allow network access after a minimum of two-factor authentication has been passed. A proven method for establishing user identification is leveraging a token generator and user profile for access rights. Access to the network and support tools should only be made available when the agent enters the correct user name, password, and token (which should only be valid for 60 seconds or less).
4. Employ agent biometric profiling. After the agent passes through the two-factor authentication, require a biometric validater, such as a thumbprint or keystroke cadence snapshot, as well, to authenticate the agent. This validates that the agent is the right person and ensures authorized access only after multiple factors have been authenticated.
5. Use technology to mask and distort confidential information. Install software that garbles touch tones associated with customer-dialed numbers, such as credit card or Social Security numbers. This software shields the customer's personal information from the end agent, delivers the confidential data to the client's payment gateway, and enhances security by eliminating the ability to commit fraud by disclosing confidential information.
6. Install antivirus and malware protection on every device as part of the virtual desktop. Upon login, the agent must provide validation and verification of the endpoint to confirm that there is no malware or virus that could breach the customer information. This holds particularly true in scenarios where the vendor leverages the agent's PC to support the end customer. Changes can happen daily on these devices due to the fact that the assets are owned, managed, and controlled by the agent, thus introducing more risk. With the cloud-based VDI environment, the endpoint is validated and securely locked down against malicious software.
7. Monitor and track activity to keep agents honest. First and foremost, require prospective agents to pass background and criminal checks. Next, monitor and track agent activity. This activity includes screen shots, voice recordings, and keystroke movements. Also, keep a log and report of who is logged in where, when, and why. Then monitor for unusual behaviors or patterns. If the worst-case scenario happens and customer information is breached, the agent at fault can quickly be identified.
Keeping customer information locked down is key to a good reputation in the customer care industry. A security breach can tarnish a company's reputation, which could, in turn, damage the relationship with its customer care provider. There are many other enhancement capabilities that can and should be employed to protect the integrity of the virtual environment, such as background checks, employment history validation, and employing a selective screening/assessment process, but these are table stakes and the norm. Establishing a secure at-home environment starts and ends with the people employed to support the customer; technology is the enabler and bridges the opportunity. Employing the above seven strategies will help protect your customer's information and your company's reputation.
Marc Robinson is global director of product management for Sitel Work@Home Solutions, where he is responsible for the planning, execution, and delivery of the Work@Home product globally. He has more than 15 years of leadership experience in the contact center space, both as an outsourcer and as a consultant.
01 Aug 2008
You're nothing without your data -- so what are you doing to protect it?
Working from Home Is a Reality
04 Aug 2010
You just need the right software-as-a-service workforce management solution.
Lessons Learned from the Zappos Breach
02 Mar 2012
Don't make these mistakes.
Solving the Portable Data Security Headache
14 Sep 2012
A proliferation of removable data calls for comprehensive precautions.
Navigating Privacy Land Mines
09 Nov 2012
Businesses with an online presence need to proceed with caution.