Partner: SecureState

Contact centers, much like traditional call centers, face constant turnover as a regular part of doing business. Keeping employees in any customer-service oriented job is often a nearly impossible task, and with this constant turnover, security becomes a major problem. While traditional call centers faced these issues, the issue is only exacerbated by the nature of the modern contact center, where traditional phone-based customer service is paired up with online communication tools such as email, texts, and chat. With so many people potentially having access to company resources, security professionals need to make extra efforts to maintain the proper levels of security at these companies.

Tip 1: Manage New Accounts Carefully

With high turnover, new accounts will be needed on a regular basis. To protect the contact center, accounts and access need to be carefully controlled. For new employees, accounts need to have only as much access as is needed for that person’s work, and no more. By doing this, the contact center can be certain that the employee cannot cause undue additional damage to areas of the center that they didn’t actually need to use.

A role-based approach, in which employee access is defined by the role of the employee in the company as a whole, allows for the careful management of access. For example, consider a simple contact center, with three separate levels of employee:

  • Manager
    The manager account should have the most access of these accounts to various parts of the center’s network, but should also be the least frequently used. Ideally, only a few people should have this level of access. As an example of access levels, the manager might be able to view the access levels of other employees, grant access to lower level employees, and establish new projects in a project management system.
  • Supervisor
    A supervisor should have less access than the manager, but still be able to monitor the actions of the people he or she supervises. Due to having less access, the supervisor account may be more common in an organization. In terms of access, the supervisor should be able to view reports on his or her supervisees, and view and potentially modify projects.
  • Customer Service Representatives (CSRs)
    CSRs will have the lowest level of access, but will also be the most common account type. Many companies may even segment the CSR access levels based on what type of communication they will be using. CSRs may also be restricted based on projects assigned to them.

Many companies will have many more levels than this example, but the idea is to place careful restrictions on accounts, which limits the amount of access that any employee has while also protecting the company in the instance that one of these accounts is breached.

Tip 2: Get Rid of Old Accounts Immediately

In any company with high turnover, there are going to be a lot of accounts that need to be deactivated. Any time an employee leaves, another account needs to be deactivated. However, in these kinds of busy environments with such high turnover, the removal of old accounts can often be overlooked. These accounts then remain rip for attackers to find ways to exploit, and newer security staff might be unaware these accounts even exist.

To avoid this, companies should adopt a standard practice of removing old accounts and permissions as part of an employee leaving. On the day they leave, the accounts should be deactivated. Though adopting this policy may means a bit more work in the short term, it prevents the buildup of unused accounts.

Contact centers themselves often add an extra wrinkle to this process, as they use specific applications that place customers in direct contact with employees. These applications may have separate accounts that need to be reconfigured or deactivated based on turnover.

Tip 3: Plan Ahead for Turnover

From the highest levels of a company to the very lowest, losing a person can often mean losing their unique skills and knowledge. Preparing for this loss ahead of time can reduce the impact of a person leaving. In addition to the aforementioned procedures for deactivating accounts, exit interviews can be used to identify exactly what is being lost as a part of this person leaving.

Though most often associated with higher level employees, a basic cessation plan can help even at these low levels by establishing a method for knowledge transfer between a leaving employee and the remaining staff. While this might not at first seem like a security concern, these discussions can often highlight specific areas that an outgoing employee may have had access to that a security team would need to address after they leave.

Turnover as a Security Concern

With so many new employees coming in and old employees leaving, it’s easy to see that contact centers face many security concerns due to their turnover rates. The increased use of communication methods outside of traditional call center phone lines means that even more careful consideration needs to be given to security in a contact center than in most other environments. The amount of information moving in and out of these centers on their own would be a security concern, but the added issues of turnover mean that special attention needs to be placed on making sure these businesses remain as secure as possible.