Call centres (or contact centres) are attractive targets for cyberattackers because attacks against call centres can be monetised through
- Ransomware – The call centre’s data is encrypted and operations are crippled until a ransom is paid to obtain a decryption key
- Data Breaches – Personally Identifiable Information (PII) of the call centre’s clients’ customers are used for identity theft and in phishing schemes, or sold on the dark web
Such cyberattacks on call centres can be highly destructive, and even ruinous. More than even the cost of remediation, it is the loss of reputation that is likely to have the biggest financial impact and threaten the long-term survival of the call centre.
All call centres will clearly wish to avoid such consequences, but before we explore cyber defences, let us first understand how call centres are attacked.
How Threat Actors Compromise Call Centres
Cyberattackers launch their attacks through
- Credential compromise
- Phishing
- Malicious websites
- Infected email attachments
- Infected USB storage media
- Insecure networks
- Vulnerabilities in hardware and software
Attackers need not be external to the organisation. Internal attackers may use the same methods as external attackers but have greater impact because they have legitimate access to devices, networks, and data and are familiar with the organisation’s security measures.
With this background, we can examine how call centres can enhance cybersecurity in their facilities.
Reinforcing Cyber Defences in Call Centres
If you are concerned about the cybersecurity in your call centre, you should:
- Create a Cybersecurity Policy – The policy lays down roles, responsibilities, standards, permitted use, and penalties. The last is very important as policies that exist on paper but are not followed will not improve cybersecurity in any way
- Insist on Password Hygiene – Your organisation may already require long passwords with a mixture of characters, but such a password can still be easy to guess if it combines the user’s favourite colour, home town, and license plate number. A password is also easy to compromise if it is shared between employees. Constant reminders to maintain password hygiene are required in addition to technology measures to prevent credential theft
- Enforce Least Privileged Access – Every employee, no matter how senior they are, should have the minimum privileges required to fulfil their responsibilities (e.g., those who only need to view a document should not enjoy editing privileges). Following the principle of least privilege ensures that both external attackers (who gain access through credential compromise) and internal attackers will have limited impact due to limited access
- Apply Patches Immediately – Operating systems, applications, and hardware all receive updates to patch vulnerabilities. These patches should be applied as soon as they become available as the availability of a patch indicates an immediate threat arising from a vulnerability. Software and devices that have reached end of support should be replaced with alternatives that are, and will be, supported by their vendors
- Disable USB Storage Media – Disabling thumb drives and other forms of USB storage media prevents them from carrying malware into the organisation or data out of the organisation. Sophisticated security solutions will be able to block USB storage media while allowing USB keyboards, mice, and other peripherals to function
- Deploy Endpoint Security – Endpoints and servers that connect to the business network should be protected by enterprise-grade cybersecurity like K7 Endpoint Security. It is critical to ensure that all devices are protected by endpoint security as a single unprotected device could open the doors to a cyberattack
- Deploy Gateway Security – Gateway security devices, like the K7 range of Unified Threat Management appliances, provide network security at the perimeter of your organisation, preventing hackers from entering your network
- Provide Cybersecurity Training – A well informed user is one of your best defences against cyberthreats like phishing that use social engineering to target your employees rather than their devices. Training should be provided regularly to ensure that your staff are aware of the latest techniques that threat actors use to compromise businesses
How K7 Security Provides Effective Cybersecurity for Call Centres
In addition to providing critical endpoint security features, such as malware protection, malicious website protection, email attachment scanning, control over which applications and devices can be used, and cybersecurity management from a centralised console, K7 Endpoint Security (K7 EPS) includes benefits that call centres require from a security solution:
- Low-impact Protection – Endpoint security should have a low footprint and not affect the performance of a device, even if the device has modest hardware, to avoid productivity losses for the call centre. K7 EPS has won international awards for its efficiency, providing reliable protection without impacting device performance
- Low Bandwidth Consumption – Call centres depend on VoIP telephony and require consistent internet bandwidth. Endpoint security systems that choke bandwidth, even momentarily, can impact SLA compliance. K7 EPS is world renowned for its low bandwidth consumption, protecting endpoints without disrupting operations even when available bandwidth is limited to just 24 kbps
- Scalability – Call centres need to ramp up operations quickly based on contracts won. K7 EPS’s console has been proven to remain stable when hundreds, or even thousands, of devices are added to the network, allowing call centres to expand operations without worrying if their cybersecurity can keep up
- Rapid Rollout – 24/7 operations cannot afford disruptions due to prolonged and troublesome rollouts. K7 Endpoint Security ensures quick deployment through a small installer for fast downloads, automatic uninstallation of existing endpoint cybersecurity solutions from endpoints, a single installer for both 32-bit and 64-bit operating systems, and customisable endpoint installers (avoids waiting for suitable groups and policies to be assigned after installation)
K7 Security provides powerful enterprise-grade cybersecurity solutions that are cost effective and easy to manage. Contact us for more information on how we can help you secure the IT infrastructure in your call centre.