BY BRUCE BELFIORE | September 29, 2017
Security breaches in the contact center environment can be enormously expensive and damaging, so it is worth real money to approach these matters the right way. It is important to foster a strong security culture supported by well-designed processes - - rather than rely on a patchwork of technologies that simply give a warm fuzzy feeling of security. Security is a journey - - not a destination - - and corporate culture and business process must mesh with the technologies that support them, not the other way around.
As a contact center manager, you should be concerned about these issues because there is a natural tension between the needs of security on the one hand and the desire to facilitate easy, effortless customer access to information. It takes an “eyes-open” culture to balance the objectives of both sides. Unfortunately, many companies today do not have the culture or processes that support the appropriate use of defensive technologies, while at the same time facilitating the conduct of business with customers.
You have an opportunity to be a catalyst of change for your contact center’s information security culture. However, you may need to open your mind a bit. Start by considering your own experiences:
- Have you ever felt that your security colleagues have placed unnecessary obstacles in your way?
- Have you felt misunderstood by the very people who say they are trying to protect you?
If so, you are not alone. These are signs of an organization that needs to evaluate how information security is approached –with an eye towards changing attitudes, instituting best practices with collaboration and mutual understanding, and giving more thought to the timing of critical conversations.
While a secure-but-business-friendly culture has many components, we offer a few key items for consideration here:
- Security starts at the top. Senior-level leadership is needed to raise awareness, articulate the right values, and initiate programs that support a healthy security culture.
- The corner office folks should share their concerns and needs with security specialists, making it clear that they can and must communicate with other parts of the organization about security in an open and collaborative way.
- Operations managers (including call center managers) should include security experts in their planning and execution of new technology initiatives, especially before contracts are signed.
Think about a company in which all of the above best practices are implemented and working well. It is a company that can build corporate value in a more healthy and secure way.
The customer contact function presents special sensitivity for security, especially in regulated industries. Points of vulnerability include CRM (customer relationship management) software, which draws upon databases that may include patient health records, credit card or bank account information, and social security numbers. It is incumbent on customer contact managers to be part of the security culture, and not part of the problem.
Experience shows that a well-oiled security culture will save money and improve your economics. Having superior security capabilities will avoid a lot of very expensive and time-consuming problems. If you have weaknesses, address them early in your project to avoid impacting downstream operations, which might require compensatory compliance processes at additional cost (“run-the-engine” cost). Audit and added oversight may then be needed to ensure that the work-around processes are properly functioning.
Be honest. If your organization does not fit a “best practices” profile for a security culture, then please consider this article an urgent call to action. Assess your strengths and weaknesses and reach out to your colleagues in IT. Be ready to collaborate to plug holes, lower risks and, ultimately, improve your financial performance. To move forward and evolve the culture and improve the business, be persistent, rinse and repeat, a.k.a “Test and Learn”. Security is a journey, not a destination or a single product.
Bruce Belfiore is Senior Research Executive and CEO of BenchmarkPortal, custodian of the world’s largest database of contact center metrics. He hosts the monthly online radio show "CallTalk" and is chancellor of The College of Call Center Excellence, which provides courses for call center professionals. He has consulted for many Fortune 1000 companies, helping them to improve the strategic value, efficiency and effectiveness of their customer contact operations. He is the author of the book Benchmarking At Its Best for Contact Centers and holds bachelor’s, MBA and JD degrees from Harvard University.
“Contact Center Economics 101” articles are written to spotlight practical opportunities for financial improvement of contact center operations. Tony Grimshaw is a security architect and risk management consultant with over 20 years of experience spanning three continents. Bruce Belfiore (Harvard MBA) is Senior Research Executive and CEO of BenchmarkPortal. This article is refreshed from one published in 2014. Readers who would like to discuss security architecture or implementing best practices for their organization may contact the authors via BruceBelfiore@BenchmarkPortal.com. http://www.BenchmarkPortal.com