Ensuring Data Privacy with Unified Communications and Collaboration

One reason data protection is such a difficult task is that most of us don’t really understand where our data is located. We tend to think of it as existing within folders on our computers, saved to a dedicated storage device or possibly uploaded to a cloud storage platform, but that’s not the whole story.

Most businesses will find that significant amounts of sensitive data exist beyond those typical sources. Many of the applications and tools we use to remain productive have become de facto storage repositories for all sorts of content. For example, unified communications and collaboration (UCC) solutions create, transmit and house a great deal of business and personal data.

A UCC system is not a single product, but a set of products with a unified user interface. As such, it generates and transmits data through a variety of distinct applications including voice, email, chat, file sharing, video and web conferencing. These features have made UCC solutions incredibly valuable for supporting remote workforces, including remote contact center operations.

Growing Risk

At the same time, UCC data has become an enticing target for malicious actors. According to a recent Dark Reading survey, 25 percent of organizations say they have experienced an uptick in attacks on their communications infrastructure over the past two years, with robocalls and phishing the most prevalent threats.

Remote contact center operations are also under attack. Forrester Research reports that 57 percent of organizations say they’ve experienced increasing numbers of attacks targeting their contact center communications platforms, with hackers seeking access to sensitive customer data such as Social Security numbers, payment card data, account numbers and purchase histories.

To mitigate these risks, organizations should take steps to ensure their communications infrastructure complies with data privacy regulations such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR). Even if these regulations don’t directly apply to your organization, they provide meaningful guidance for protecting sensitive business and customer data.

Security Suggestions

Of course, you can’t secure data if you don’t know where it is. The first step in meeting data privacy requirements is conducting data discovery to identify where data resides, how it used and who can access it. With an accurate inventory of data assets across all repositories, applications and services, you can then begin to implement protections such as:

  • Encryption. With remote users requiring anytime/anywhere data access, it is important to encrypt stored data and data in motion to prevent eavesdropping or data leaks. Using 256-bit Transport Layer Security (TLS) encryption offers the best protection.
  • Access controls. Implement strong password policies, two-factor authentication and identity and access management solutions to limit access to UCC services, accounts and data.
  • Traffic control. A session border controller helps secure the network edge, regulate traffic in and out of the network, and normalize signaling and media used in real-time communications.
  • Activity monitoring. Integrate your UCC solution with a Security Information and Event Management (SIEM) solution to collect real-time log data and identify suspicious activity.
  • Limit exposure. Video and chat apps are particularly vulnerable to disruption and eavesdropping. Data loss prevention solutions examine these communications and generate alerts if any sensitive information is being shared.

The ability to extend leading-edge communication and collaboration solutions to the remote workforce is a business imperative these days, but organizations must take steps to secure the data being generated, transmitted and housed within their UCC solutions. The business communication experts at IPC can help you develop and implement a plan to ensure your communications infrastructure meets data privacy and compliance mandates.