Three pillars of contact center security

December 13, 2023
Author: Keith Talbot
Blog | Communications | Digital Workspace | Security

Ensure the safety of your organization customers with enhanced cybersecurity solutions and built-in contact center security tools from a security partner like CBTS.

The transition to a hybrid work model has led to a revolution in the contact center world. Administrators now oversee agents worldwide, responding to customer communications across various channels, including voice, chat, instant messaging, video, and SMS messaging. While this revolution offers new methods of reaching customers and greater efficiencies, it also increases security risks. CBTS offers a variety of solutions that integrate seamlessly to provide the best security for your Contact Center as a Service (CCaaS) solution.

Each CCaaS vendor provides built-in security features for every product. However, those features only protect the platform itself. Built-in security does not address many other threats, especially those that target contact center employees. To ensure the total safety of the contact center, your organization must combine built-in security with expertly implemented add-on tools to provide a complete defense.

This post will review the threats not covered by built-in security, as well as the three pillars that defend against cyberattacks.

Read more: How CXsync is transforming small and midsize businesses through cloud-based contact centers

Threats to contact center security

There are several categories of threats to contact center security. The three most common include:

  • Hardware failure – When storage devices fail, whether from a natural disaster or data corruption, it is vital to have backup systems in place to maintain business continuity.
  • Data leaks – A leak of sensitive data may be accidental or come from a malicious attack. Hackers have developed sophisticated ransomware, phishing, and other social engineering schemes that target the weak points of security systems.
  • Weak network security – Segmenting a contact center network from the rest of the organization is critical. In an unsegmented network scenario, a data breach in one area of the company could affect the contact center (and vice versa).

This post focuses on the latter two threats: data leaks and unsecured infrastructure. For more on creating secure cloud backups to protect against physical media failure, read Seven tips and tricks to manage disaster recovery solutions for the Cloud.

Built-in protections vs. add-on security

CCaaS vendors must provide secure platforms, not just from a compliance point of view but also to maintain their reputations. Vendors have a substantial investment in maintaining backend security to keep their customers safe and their brand image intact.

But those protections often end at the front end. Unfortunately, threat actors target weaknesses outside built-in security—such as employees, poorly written software, and unsecured infrastructure. The good news is that with a few simple steps and the guidance of security experts, your organization can significantly reduce the risk of data breaches. Additionally, your team will have a response plan to mitigate damage in the event of a successful attack.

Pillars of contact center security

The first pillar is focused on securing infrastructure, while the other two focus on securing the human elements of your organization—employees and customers. Each pillar will help your organization stay compliant with pertinent security regulations.

Pillar 1: Secure technology

Apply zero trust principles when building your contact center architecture including performing a threat modeling exercise against the target architecture to identify, remediate and mitigate vulnerabilities prior to implementation.

  • Secure all identities: Require MFA for contact center employees and implement continuous
  • Secure all interfaces: Require a web application firewall (WAF) to protect your exposed web applications, VPN access, and voice traffic.
  • Data encryption: Sensitive data such as personally identifiable information (PII)—social security numbers, credit card numbers, and driver’s license numbers—must be encrypted in transit and at rest (backups) to prevent unauthorized access or disclosure.
  • Keep technology stack current: Attackers probe systems continuously for vulnerabilities and weaknesses, like default usernames and passwords. A contact center must keep its technology stack updated with regular patching and vulnerability scans to block the attackers.
  • Restrict access to sensitive data: Sensitive data must be secured to mitigate risk.
    These efforts include:
    • Closely managing employee permissions by implementing the principle of least privilege and granting only the required access needed to do the job. Remove employee access and permissions as soon as they leave the organization.
    • Implement a data classification program and mask sensitive information from employees. Only display the last four digits of a PII number, such as a social security number or credit card.
    • Delete credit card information once a transaction is complete. While inconvenient for the customer, this is a more secure practice.
  • Logging, monitoring, and alerting: Last but not least, ensure you are logging all auditable events and have a monitoring and alerting capability to notify you of anomalous activity. This can be with a SIEM tool or similar log aggregation solution.

Pillar 2: Secure operations

  • Build a culture of security: It’s essential that leadership endorse and support a continuous security improvement program for contact center employees, as well as employees at all levels. To establish a culture of security for your team, provide quarterly training on how to spot malware, phishing, and social engineering schemes. Additionally, implement strong password best practices and shred (or digitally shred) sensitive data.
  • Test security: Routinely perform security audits and penetration tests with the help of your security partner. Schedule regular antivirus and malware scans. Provide secure devices for at-home agents and monitor usage, blocking untrustworthy websites and applications.
  • Prepare for a data breach: Create an Incident Response Plan that covers data breach incidents. This plan should cover how to notify customers and employees, as well as include instructions on how to maintain business continuity.
  • Bots and AI: Implement a WAF that blocks bot attacks and distributed denial of service (DDOS) attacks. Make sure your users are trained on the latest AI generated phishing e-mails and voice (vishing) attacks.  

Pillar 3: Secure customers/users

  • User authentication: Implement phishing resistant MFA for your customer portal. Requiring secure authentication for your customer login portal will significantly reduce the risk of a breach. Microsoft estimates that 99.9% of account compromise attacks can be prevented by implementing MFA.
  • Data privacy policy: With new state privacy laws in California, Colorado, and other states, it is essential to clearly communicate to your customers how your contact center uses a customer’s data. Offering them insight into how their data is used and protected builds trust and brand loyalty. You will also have to provide a process for your customers to delete their data. This is known as the “Right to be Forgotten.”

Building your pillars

Hybrid work models create greater efficiencies for contact centers but also produce new security challenges. Even a single data breach could expose your organization to significant risk, both legally and in terms of financial loss. Many companies face steep fines, ransoms, and reputational damage. Some organizations never recover.

Choosing the right partner to help you build the pillars of contact center security is crucial. CBTS has decades of experience in telecommunications. Our team has overseen hundreds of contact centers transitioning from legacy systems to cloud-based communications. CBTS security experts speak to the security challenges unique to your contact center.

From security assessments to choosing the right CCaaS platform, our team has the depth of knowledge to help your contact center make informed decisions. Additionally, we can advise your company on merging CCaaS with Unified Communications as a Service (UCaaS) systems to create a more cost-efficient, streamlined system that boosts productivity and collaboration across the enterprise.

Get in touch today to learn more.

Related Stories

Schedule a complimentary
30-minute consultation with an engineer

Join the Conversation!

Related Solutions