Thursday, November 29, 2018

Securing Network Access for Call Center Staff


The importance of getting access management right cannot be overstated. You need to make sure that anybody accessing your systems – and the data within - is exactly who they say they are.

This is especially important when dealing with agents and customer service representatives who have access to vast amounts of sensitive data. This trusted access to cardholder data, personal details or medical records helps ensure the best customer experience but it also makes the call center a prime target for a security breach.

Many organizations fall down in the same areas where access management is concerned. So to help you, here are details on four of the most common mistakes when it comes to managing access across your networks:


1. Time and disruption for IT

At first, we wouldn’t think this is a big mistake but following some research, we found that one of the biggest barriers to adopting a technology is the amount of time it takes IT to actually manage the software. Of the 250 American companies we surveyed, 18% of them believe that ‘time to manage and oversee’ is the biggest barrier to adoption.

The thing is, if you spend too much time managing the software, it has some serious repercussions on productivity. This impact on productivity means that the total cost of ownership for the tool is often much higher than you would initially think. The best advice would be to try the product first, if you can, to make sure that it’s the right choice for you.

Security solutions with ‘stickiness’ tend to be simple to implement and intuitive to manage.


2. Adoption by your users

If security overwhelms and stifles productivity, users can’t do their job and the solution is already dead on arrival. Organizations are, however, aware of the problem — 47% believe that complex IT security measures in place within their organization negatively impacts employee productivity.

Security should be behind the scenes, protecting the users and the environment until the moment the user is truly conflicting with security protocol.


3. Monitoring every last bit of the network

As said before, you need to make sure that anybody accessing your system is exactly who they say they are. Spending all your (limited) time trying to monitor every last bit of the network, looking for anything that looks out of place is a failing proposition.

It's a pretty costly mode of operation; it requires significant IT time and resources to put proper detection mechanisms in place, will likely raise an initial set of false positives that need to be fine-tuned, and necessitates reports and meetings to ensure the detection is actually working.

You are far better off running and monitoring solutions that offer automated controls in addition to threat identification and real time response.

In short, should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done – not only when IT intervenes.


4. Blaming rather than empowering employees

While users are often the weakest link in any network security, they can also be the solution if you empower them in the right way. Call center agents are (usually) human. They are careless, flawed and often exploited. In fact, attackers love exploiting the naivety of your employees because it’s so easy.

All it takes is one successful phishing email to persuade just one user to hand over their organizations login details. And also keep in mind that almost every external attack eventually looks like an insider threat. The use of compromised internal credentials by an external attacker is the most common threat action in data breaches (Verizon, Data Breach Investigations Report 2018).

Education is key. Once you’ve put an education program in place, you need to then ensure that your access management software can warn users themselves of unusual connection events involving their credentials.

Who better than the user to judge whether the activity is suspicious or not.

Sensitive Data is at Risk

Many call center and BPOs in today’s cybersecurity world are facing these four issues. To solve this problem, we suggest looking for access management solutions that include context-aware security.

In a nutshell, when someone attempts to connect, this approach uses and benefits from supplemental information to make a decision on whether this access is genuine or not. After that, the system can automatically grant or deny access using admin-set rules that are based on this supplemental information.

Restricting access in this way monitors the right aspects of security, doesn’t take much time to manage, doesn’t force users to jump through hoops all the time, empowers those employees to make the right security choices and doesn’t force you to choose between security and convenience. It’s a win-win scenario for you and your call center agents.

Learn more about how call centers can verify access to the network and the data within.

All numbers quoted are from IS Decisions’ research into the access security priorities of 500 IT Security Managers in the US and UK.

________________________________________________________________________


François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.

IS Decisions is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.

Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies; and save time and money for the IT department.

Connect: LinkedIn | Twitter

No comments:

Post a Comment