Using Network Segmentation to Secure Remote Contact Centers

The pandemic has created unprecedented challenges for contact centers — and the bad guys know it. Contact center fraud has spiked sharply in the past year as cybercriminals target vast numbers of work-from-home agents handling sensitive customer information.

Contact Center Fraud & the Pandemic

More than half (57 percent) of companies have experienced an increase in contact center fraud since the beginning of the pandemic, according to an October report from Forrester Research. Malicious actors are using social engineering, call spoofing, bot fraud and a variety of other techniques to try to get their hands on customer Social Security numbers, payment card information, login credentials and other personally identifiable information.

Such attacks are harder to manage in a decentralized contact center environment. Remote agents lack many of the enterprise-grade security measures in place at corporate facilities. At the same time, many are over overworked after months of handling dramatic increases in call volumes. Without any direct supervision or management oversight, they are far more susceptible to attacks.

Nevertheless, 83 percent of organizations in the Forrester study report that they still rely on agents to be their first line of defense against potential fraud. That’s not a sustainable practice for the long term.

Restricting Access through Network Segmentation

Entering the second year of the pandemic, organizations must increase their focus on securing remote operations. Network segmentation is one way organizations can mitigate these risks and improve security and data privacy.

Segmentation is the practice of dividing a network into multiple subnetworks for individual applications or services. By subdividing the network, administrators gain greater control over the flow of traffic over the network.

It has been used for years to boost performance, but has become a particularly useful practice for improving security in highly distributed environments such as remote contact centers. In the event a remote agent’s computer is compromised, segmentation helps prevent the intruder from gaining unfettered access to the sensitive financial and customer data scattered throughout on-premises and cloud environments.

Micro-segmentation techniques deliver even stronger security by allowing organizationsto establish fine-grained security policies at the workload level. Even after a user is authenticated, classification and encryption tools ensure that only those with proper credentials can see and access sensitive data. Content-level controls can also dictate what actions a user can and cannot take with data — for example, whether data can be downloaded or attached to an email. Logging mechanisms allow tracking, alerting and analysis of any anomalies.

Aiding Regulatory Compliance

Both techniques are also important for regulatory compliance. Organizations face increasingly stringent privacy rules that require more robust measures for protecting customer data.

Remote contact center agents also accept payments via multiple communication channels, which can complicate the process of meeting the Payment Card Industry Data Security Standard (PCI DSS) for securing cardholder data. By separating cardholder data into separate subnetworks, segmentation and micro-segmentation help organizations meet PCI DSS requirements for reducing the number of access points to the cardholder data environment.

Remote contact center agents capture and process a great deal of sensitive customer data in order to deliver a more personalized customer experience and optimize overall operations. However, it also makes them valuable targets for cybercriminals. Contact us to learn more about boosting your security posture and improving data privacy practices in your contact center.