The risk of data security threats and cybercrime has increased significantly during COVID-19 as cybercriminals exploit weaknesses in remote work set-ups. While working from home gives our employees safety, convenience, and flexibility, it also increases chances for online treats. The vulnerability of home-based networks is providing cybercriminals with new opportunities for data theft and digital disruption that literally holds businesses to ransom.
Between January and August 2020, Interpol’s assessment of cybercrime activity revealed that cybercriminals had used COVID-19 to their advantage, moving their efforts from individuals to larger businesses. In that period, Interpol’s private-sector partner detected 907,000 spam messages, 737 malware incidents, and 48,000 malicious URLs related to COVID-19.
In 2020 and 2021, the list of cyberattacks around the world – particularly ransomware attacks – includes large corporations like Brazilian-based JBS, Fujitsu, Colonial Pipeline (the US’s largest fuel pipeline), Twitter, and government organisations like Ireland’s national health service and even the European Commission. Furthermore, half of all UK manufacturers fell victim to cyber-crime attacks in the last year.
The increase in cybercrime heightened pressure on employers to equip their remote workers with secure networks and appropriate software, to protect both their own and their customer’s data.
How is data security threatened?
Hacking into private networks and accessing private data has become easier as remote workers use shared home internet connections. They also access company data outside a virtual private network (VPN) and work in sight of non-employees – not to mention many people use laptops without high-level malware, phishing, spam and virus protection.
The most concerning cybersecurity and remote working threats go as it follows:
- Hackers use ransomware to extort money from organisations in return for the safety of their data. GCHQ have publicly warned both citizens and businesses that this is the biggest threat to online security in the UK. This activity not only compromises data but the operational and financial safety of a business.
- Phishing attacks jeopardize data with malicious links. Hackers use them to target employees in standard-looking emails that actually download malware. This enables cybercriminals to record login details and gain unauthorised access to the organisations’ network. The 2020 Cyber Security Breaches Survey found that 86% of UK businesses experienced a phishing attack, resulting in one in five experiencing a material loss.
Customer support centres are attractive targets for cybercriminals due to the large amount of valuable customer information they collect and use. GDPR rules have helped protect this data, however, without implementing adequate monitoring and security protocols on all IT assets, customer data is still at risk.
The importance of keeping customer data secure
Maintaining data security and preventing cyber-attacks are multi-faceted matters of legal compliance, financial protection, business integrity and customer relationship management. The consequences for contact centres that experience a data breach are twofold:
- Organisations face huge fines and penalties under Cybersecurity laws and the GDPR. Businesses in the UK can be levied a maximum fine of £17.5 million or 4% of global turnover (whichever is greater) for DPA and GDPR infringements.
- Customer trust and business integrity are eroded, resulting in lost business. A PCI Pal survey of consumers showed that 44% of UK consumers would stop spending their money with a business for several months after an incident, and 41% would never return if their personal data was compromised.
Unfavourable publicity around data breaches only further damages an organisation’s ability to attract and retain new customers, damaging their financial performance until sufficient protective measures are put in place to prevent the incident from occurring again.
Measures you can take to prevent security breaches
Safeguarding the data that customers entrust to a company is far more complex than simply using a password-protected database – it requires a combination of watertight protocols, software and hardware, monitoring, and training.
Working from home puts more pressure on organisations and their customer service personnel to be vigilant about data security. Contact centres can protect their customer and company data by:
- Using secure cloud-based contact centre software that offers remote agent tracking and communication tools.
- Providing staff with company-owned devices that are pre-configured with firewalls and security software such as anti-virus and anti-phishing programs.
- Implementing a VPN and two-factor authentication for access to the corporate network. This is a great quick solution to balancing cybersecurity and remote working.
- Encouraging staff to locate their desk where the computer is not in sight of other people and to ensure that it is password locked and secured when not in use.
- Providing customers with the facility to enter their card information directly into their mobile phone or into a landline using dual-tone multi-frequency (DTMF) masking technology. For large or regular transactions, consider implementing voice biometrics.
- Implementing least privilege user access (LUA) on all systems so employees only have the data they need to do their work and nothing else.
Secure your customers’ data and protect your business
The threat of cybercrime is ever-present – in the UK one small business is successfully hacked every 19 seconds. While the danger for UK businesses is lower than elsewhere in the world, their security spending is also lower, leaving brands exposed to devastating damage to their finances, reputations and legal standing.
With an adequate budget and the right protocols, software with PCI DSS, GDPR and PDA compliance, and monitoring in place, contact centres can find a balance between cybersecurity and remote working. But they need to act now.