Barely a day goes by without a massive data breach hitting a global brand, government department or tech start-up.
These breaches don’t happen because hackers love data; these thefts are scouting operations that equip thieves with the tools to commit bigger crimes. The data is just a key to open the lock to the real treasure: your bank account.
Around Christmas and New Year, the increase in activity can leave everyone too busy to follow the usual security and authentication procedures. Hackers and thieves know that contact centres may be overwhelmed, and they exploit this by behaving like frustrated customers, threatening to cancel their contract if they don’t get what they want. Agents may find it difficult to refuse customers who sound very convincing – and eager to complain.
Research by Barclays shows that a quarter of online scams happen in the weeks leading up to Christmas. And considering that the new general data protection regulation (GDPR) allows for fines of up to €20 million (or 4% of turnover), then it’s clear that contact centres need to be vigilant.
Tracking and securing seasonal workers
Cyber criminals recognise the value of having a person on the inside. And they often go to great lengths to recruit employees who can be tempted to steal customer information in exchange for cash or gifts. While all employees may be approached by scammers, it could be argued that seasonal and temporary workers may be more tempted by recruiters – and less loyal to the contact centre – than your long-term colleagues.
While seasonal workers often need to be recruited and onboarded rapidly, it’s essential that they receive the same training and briefings as your year-round team, particularly in the areas of data security and fraud prevention. All employees need to understand that they are on the frontline of the fight against fraud, and they are responsible for protecting customer data.
Data security training
How regularly do you top-up fraud prevention and data security training? Given the high stakes associated with data breaches and the prevalence of cybercrime, it’s not enough to deliver training once and hope it sticks; training should be refreshed, and agents should be regularly reminded about ongoing threats – perhaps via email, or through messages embedded in ID&V solutions.
A report by IBM found that the average cost of a data breach is $3.86 million – so a small investment in training must be considered in light of the potential downside.
For every data breach facilitated by social engineering or corrupt colleagues, there will be one or two that rely on weak systems to give up the company’s secrets.
Key things to check:
- Data transit – is your data protected in-between applications?
- Storage – how secure are your databases and servers?
- Passwords – how regularly are they changed?
- Patches – are all your applications updated with the latest versions?
- Third parties – are there any weak links between you and your partners or software vendors?
Is your organisation ready to withstand the seasonal onslaught of fraud and hacking attempts?