Contact Center Solutions Featured Article

Security Outside the Office

February 25, 2013
By TMCnet Special Guest
Kevin R. Kammer and Steven Parker, Vice President and General Manager and Director of Information Security for Arise Virtual Solutions Inc.

The work-from-home model provides a number of business benefits including improved agility, better access to superior talent, decreased capital expenditures, and lower total cost of ownership (TCO). In fact, experts at ITAC have calculated as much as a $25,000 annual savings for each at-home agent as compared to a traditional call center resource. Yet despite the advantages, instances of fraud and identity theft are still causing executives to be wary of outsourcing customer service to a solution that utilizes a distributed, work-from-home network. But as nineteenth-century theologian William Shedd astutely pointed out, “fear of a storm is not a justification for keeping a ship in harbor when ships are made to sail.”

Confidence in any work from home solution starts with protecting the data and applications that connect a company with its customers. While the most secure approach is simply to restrict all access, growing customer demand for real-time transactions has eliminated that as a viable option. In fact, sensitive customer data is already readily accessible from any PC, tablet, laptop or cell phone. The key to developing an effective work from home solution, however, is to not add to this risk by further exposing sensitive data during storage, transmission or actual servicing.

Below are four security recommendations for executives who want to enjoy the benefits of the work-from-home model and still sleep soundly at night.

1.       Avoid Creating Additional Storage for Data

Whenever possible, do not create additional storage for customer data. If working with an outsource partner, consider leveraging your existing, in-house data storage by using a “thin client” approach for any work from home access. Tools such as Citrix XenApp, Microsoft (News - Alert) Terminal Server or other virtual machine applications will allow users to securely connect to corporate computing platforms through a simple graphical user interface. Inputs are redirected over the network to existing centralized servers, where application execution takes place in a secured location. The same applies to any voice, chat or e-mail applications such as voice switching devices (an ACD or PBX (News - Alert)), on-line engagement tools, quality management software and operational data stores. 

If additional hosted support is needed (such as a hosted ACD, QA monitoring tools, or a Citrix farm for hosting the secure applications), verify that the partner’s infrastructure and procedures meet all applicable government and industry standards including the Payment Card Industry Data Security Standard (PCI (News - Alert) DSS) or the Health Insurance Portability and Accountability Act (HIPAA).

2.       Protect Data Transmissions

It is also important to protect any transmissions to or from the work-from-home agent. Data communications should always be encrypted. Additionally, voice communications, if applicable, should leverage the Public Switched Telephone Network (PSTN) using a dedicated phone line in the home. If you prefer Voice over Internet Protocol (VoIP), use advanced session border controllers to properly authenticate callers and agents. This will reduce the risk of fraudulent or unauthorized calls. It’s important to note that protections targeted at securely storing or transmitting sensitive information are only effective if coupled with a program and the tools to actively monitor and prevent intrusions or disruptions to the environment. Arise uses a proactive intrusion prevention and detection system to deliver the most advanced network awareness in the industry, including superior threat protection up to Layer 7.

3.     Control Access and Usage at the Workspace

Ensuring proper use and access of data begins with requiring a dedicated environment at the home workspace with equipment that doesn’t introduce additional risk. Avoid wireless communications, including keyboard and mouse, and, if supporting a voice channel, require a dedicated home phone line without advanced features. Other useful security strategies for the workspace end-point include:

  • Multi-factor Authentication. When logging in, work-from-home agents should use multi-factor authentication to access a secure network. Multi-factor authentication takes advantage of a combination of several inputs when verifying someone’s identity.  Although password-based authentication is well-suited for website or application access, it is not secure enough for online financial transactions.
  • Virtual Private Network. Providers with established work from home solutions have long incorporated secure virtual private network (VPN) access but should also consider specialized tools to monitor and authenticate online activities in real time by correlating behavioral analysis, device profiling and inputs from community-based fraud repositories. RSA’s (News - Alert) Adaptive Authentication is an example of such a tool that is currently used by over 8,000 organizations in the healthcare, financial services, government, insurance, automotive, real estate, manufacturing, and pharmaceutical industries to protect more than a quarter of a billion users worldwide through risk-based authentication. 
  • Desktop and Browser Controls. A secure work from home solution should also incorporate tools for restricting or “locking down” what agents see and do via their desktops. Along with limiting the desktop’s functionality -- disabling copy, paste, and print functions – companies need to consider technologies that also protect the environment and restrict where the agent can navigate while they are servicing. 

4.       Work with Quality Talent

Finally, eliminating security risk from any work from home solution, especially potential internal fraud or misconduct, is certainly affected by the quality of the individual agent. In addition to performing background checks on 100 percent of the work from home agents, consider business approaches that deflect applicants interested in work from home opportunities strictly for the intention of committing fraud.  Work from home approaches that require more effort, in time and money, to complete their application or certification processes create a natural barrier to fraudsters.

As mentioned at the outset, firms in all industries can effectively leverage work from home without taking on any additional or unnecessary risks as long as they have a comprehensive discovery plan and tight adherence to security best practices. As you evaluate how you build work from home into your customer service, sales or back office solutions, make sure to identify the upfront investments in infrastructure and tools or consider partnering with an expert that understands the risks and has developed the processes and technologies to address them.

For a complete copy of Arise’s White Paper (News - Alert) on “Security Outside the Office”, visit the Resources tab at www.arise.com.

Kevin Kammer, Vice President and General Manager at Arise Virtual Solutions Inc., is responsible for delivering Undisputed Top Performance™ for the company's clients in the Banking, Financial Services and Insurance industries. Prior to joining Arise, Kevin was Vice President of Strategic Business Development at West Corporation, Chief Operating Officer at Artios and President of Debit Services at First Data Corporation.

Steven Parker is the Director of Information Security for Arise Virtual Solutions Inc.  Steven has over twenty years of professional experience in IT, information security, risk management and converged information security environments, and he is certified in the following areas: CCNP, CISSP, CISM, CISA, ITIL, and ASIS CPP. Prior to joining Arise, Steven was Vice President, Manager Information Security Services at First Citizens Bank, and previously held senior executive roles at Cisco, Mizuho Financial Group, INT Technologies, TSL Corporate Security Services, Century 21, and NYC Department of Investigation. 




Edited by Rich Steeves

Article comments powered by Disqus

Related Contact Center Solutions Articles

Aspect Software Declares War in Workforce Optimization Market

We may be closing in on the holiday season and a time of "good cheer," but reality is that competition in business is a 24/7/365 affair. And, depending on whether you are a competitor or possible customer, it looks like this holiday season thanks to a new initiative by customer experience solutions provider Aspect Software you are either looking at a possible lump of coal in you X-mas stocking or a valuable present. The reason is Aspect has dropped the gloves in the hotly contested Workforce Opt… [ Read More ]
11/21/2014

Ozonetel Integrates CloudAgent with Zoho CRM

A big part of improving the customer experience, regardless of whether you are an enterprise or a service provider, is breaking down the silos of customer information that exist inside an organization. Having a full view of the customer is important to customer lifecycle management and hence the overall customer experience. And, one of the big places to look for enhancing visibility into all things customer related is obviously tight integration with various capabilities with customer relationsh… [ Read More ]
11/21/2014

LiveVox Data Center to Bring Cloud Contact Center Capabilities to Canada

As financial results from various contact center and unified communications (UC) solutions providers continue to flow in for this quarter two things are becoming increasingly clear. First, is that those seeking to upgrade their customer experience capabilities are accelerating the adoption of the cloud and hybrid solutions as their preferred path. Second, is that North America continues to be the hotbed of this with not just the large U.S. market as a target of opportunity, but also the vibrant … [ Read More ]
11/21/2014

Contact Centers Join the Fight-JITC Certifies T-Metrics Contact Center on Microsoft Lync 2013

For the last 10 years, T-Metrics has designed, developed, and deployed numerous approved products on APLITS (Approved Products List Integrated Tracking System. As of today, T-Metrics is the only provider of contact center software that has been JITC certified to work on Microsoft Lync 2013, and their solution can be found on the Approved Products List (APL) for purchase by Department of Defense organizations at www.disa.mil/ucco. [ Read More ]
11/21/2014
Subscribe here for your FREE Contact
Center Solutions
enewslettter.

Events

Weekly Live Demo
Contact Center Solutions

Register Today!


Weekly Live Demo
CaaS Small Center

Register Today!