Call center security best practices to protect customer data

Technology-related best practices

Organizations should follow several technology best practices to protect customer data.

Encrypt data

Encryption translates an organization's stored or transmitted data into different forms, which require a specific key to translate it back into its original format. Organizations often encrypt data to protect specific customer records, including medical, credit card or personal information.

Update technology

Keeping technology current ensures systems and components are up to date with safeguards. Bad actors continuously test systems, looking for cracks that enable them to access data, and organizations must stay ahead.

Key practices to update technology include the following:

• use antivirus software;
• install software patches; and
• eliminate legacy systems the vendor no longer supports.

Minimize data availability and access

With more data stored and more individuals with access, an organization multiplies its risk of a potential data breach.

Best practices to minimize availability and access to data include the following:

• Minimize the number of people who can access sensitive information.
• Use system permissions to manage who can access specific data.
• Delete employee access to accounts as soon as the person leaves the organization.
• Mask sensitive data to limit the information displayed to employees. For example, place asterisks over the first five digits of a Social Security number.
• Use alternate technologies to capture sensitive information. For example, send a caller to an interactive voice response system to enter credit card information.
• Limit the storage of critical information. For example, delete the data after a customer provides a credit card number in a transaction. This scenario represents a tradeoff between customer convenience and data security.

Customer-related best practices

Organizations should follow several customer-related best practices to protect customer data.

Maintain transparency

Organizations must be transparent with customers, including telling them why the business requires sensitive data and how it uses and protects the data. Effective transparency goes beyond typical privacy statements, and organizations should share this information in an easy-to-understand format.

Transparency improves customer confidence, which instills a higher level of trust in the organization. Additionally, if an organization can teach its customers how to protect themselves -- like how to monitor credit card usage -- they feel better about sharing information.

Use authentication protocols

Authentication aims to prove somebody is the person they claim to be. In the past, typical authentication requested that users enter a single piece of identifying information, such as a password, which is called single-factor authentication.

In recent years, many organizations have transitioned to multifactor authentication, where users must enter multiple pieces of identifying information, like a password and an additional code. In many cases, the system sends the code to the user's mobile device.

Business-related best practices

Organizations should adhere to the following business-related best practices to protect customer data.

Everybody, even individuals outside of call centers, is responsible for customer data security.

Train employees

Organizations need training to ensure employees understand how easily bad actors can steal customer data. Employee training should focus on specific behaviors to protect customer data, including the following:

• Follow smart practices to maximize password strength, like avoiding easily identifiable information.
• Shred documents with personal information and don't leave written notes around. Eliminate paper documents wherever possible.
• Limit the information sent electronically to customers, like personal medical information.

Share the responsibility for data security

Everybody, even individuals outside of call centers, is responsible for customer data security. Organizations can practice broad ownership of customer data security in many ways, including the following:

• Report suspicious activity.
• Restrict unauthorized hardware or software and access to questionable websites and documents.
• Bring unattended sensitive documents to leadership.

Test security controls

Organizations must continuously test their technologies and processes to protect customer data. Business leaders should never assume everything will work as planned, especially when dealing with human behaviors and sophisticated bad actors.

Examples of testing security controls include the following:

• Perform security audits, including security log reviews if a breach occurs.
• Scan for malware and other unauthorized software regularly.
• Perform office and home workstation reviews to ensure employees follow security best practices.

Prepare for a security breach

Customers are more likely to feel confident in the recovery process if an organization quickly shows control over a breach and has an action plan to protect customers.

Organizations should include security breach preparation in disaster recovery and business continuity plans, with specific actions including the following:

• how and when to notify customers;
• how and when to notify employees; and
• how to support continued operations.

Call center security best practices have always been critical to protecting customer data, but the expanded remote work environment and increasingly sophisticated ways to compromise data force organizations to increase their focus on protecting call center data.