We’re all becoming far too familiar with stories of large organisations being hacked and sensitive information being stolen.
In recent weeks more alarming stories of retailers like Home Depot and Supervalu being infected by point-of-sale malware that secretly siphons away payment card information, and transmits it into the hands of online criminals.
But you would be mistaken to think that the only organisations who might be putting our private information at risk from attack are retailers, or that the only threat is external hackers.
For instance, what about the increasing number of companies who run call centres, where thousands of staff members may have access to your personal account information?
Even if accounts are protected by passwords (with you having to offer a handful of characters from your password when you call up), that doesn’t stop a crooked call centre member from making a note of your private information, or abusing information that you might share with them.
Compound that with the problem of high staff turn over at contact centres, and low wages in some parts of the world – and the temptation for call centre staff to be tempted to abuse the information they gain access to might be significant.
And don’t forget that this internal threat runs constantly alongside the risk that your sensitive data may not have been properly protected from external hackers, or that the call centre staff might be susceptible to sneaky social engineering attacks which manage to trick them into believing they are speaking to a legitimate customer, and unwittingly grant criminals access to accounts and potentially illegal access to funds.
Bearing that in mind, I wasn’t surprised to hear about a new study published by AKJ Associates, that polled 500 British adults, and discovered 76% were worried that call centres were not keeping their sensitive information safe.
76.4% of the people polled by AKJ, the organisers of the PCI Portal “Securing the Contact Centre” conference due to be held in London this month, declared themselves to be “concerned” by call centre security, with over a third (35.8%) saying that they were “very concerned” about how information – such as their name, address, contact details and credit card information – might be protected at call centres from hackers and rogue staff.
“It’s clear that no firm can afford to be complacent about its contact centre’s security,” said Robert Walker, director at AKJ Associates. “Every day, we hear about major data breaches of large firms, impacting thousands of consumers – and contact centres are a potential weak point in the armour. Without proper defences, hackers could steal a treasure trove of sensitive information.”
I agree that call centres are a concern, and something that more companies need to be aware of and proactively tackle from the security point of view, rather than wait until a call centre breach occurs to them.
The PCI Portal “Securing the Contact Centre” 2014 conference, will be held at Hilton Tower Bridge, London, on Wednesday 17 September, and will see industry experts present solutions and practical case studies to help defend businesses.
Even if your company isn’t able to be there, I would urge it to explore if it’s doing enough to secure its call centres, and not dismiss the security challenges they raise as too difficult to tackle.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.