Contact centres safeguarding Australian industry
As Australian businesses grapple with the mounting complexities of modern commerce, contact centres have become an indispensable resource to maintain cybersecurity across the nation’s most critical sectors.
From the sparkie coordinating power line repairs to the telecommunications advisor fielding inquiries about the latest internet outage, the potential threats posed by malicious actors or inadvertent data breaches are ever-present.
And regardless of whether the agent is an in-house employee or a contracted partner, the need for robust cybersecurity measures is paramount to safeguard sensitive customer information and ensure the continuity of critical services.
TSA’s Group Manager of Quality & Risk, Storm Doyle, says contact centres have evolved from customer service providers to become the guardians of sensitive commercial and personal data.
Ms Doyle says every time a customer calls to pay a bill, order a prescription refill or arrange a delivery, they’re entrusting third parties with private details that could prove absolutely disastrous if they fell into the wrong hands. From financial records to medical histories, the information passing through these gateways is the crown jewel of the digital economy.
“We’re considered the gatekeepers of sensitive data because all of that data is necessary when you are speaking to a customer,” Ms Doyle says.
“If a customer calls in, all of the information that a company holds becomes available to the contact centre, and all of that data needs to be stored somewhere for the contact centre to access it.”
In such a high-stakes environment, Ms Doyle says contact centre operators can no longer afford to view cybersecurity as an afterthought. Instead, she says they must instead take a proactive, ‘defence-in-depth’ approach to protecting client data and sustaining public trust. This multi-layered strategy needs to incorporate robust safeguards at every potential point of vulnerability.
Cybersecurity starts with people
At the forefront of that strategy is the ‘human firewall’.
Ms Doyle says ensuring each and every agent is prepared to repel potential fraud starts with rigorous access controls and authentication protocols to verify that only authorised individuals are viewing or handling sensitive information. In addition to access controls and robust background checks during recruitment, Ms Doyle says constant training and updates are necessary to ensure contact centre agents remain vigilant and keep pace with advancements in cyber risks.
“Around 80 per cent of data breaches are through social engineering and through human error, where someone has clicked on a link that they shouldn’t click on,” Ms Doyle says.
“It’s more important now than ever to make sure that people within the business are trained and are experts on picking up emails that don’t look like they should.”
However, Ms Doyle says while the rapid leaps in AI development currently occurring are incredibly exciting, they also come with significant risks.
“Large language models like ChatGPT are already available on the dark web and they’ve been trained on creating malware codes and drafting communications that look authentic,” she says.
“Some of the key markers that many of us had been trained to look for in a phishing email are less likely to appear now, like spelling mistakes and poor grammar, because people have run the emails through a large language model. That means the likelihood of someone clicking on a link in an email like that is becoming higher.”
Outside of the human element, TSA Group Vice President of Engineering Aydarus Ahmed says the defence-in-depth strategy leans on three other key pillars to ensure data is protected.
“You need to have multiple layers of technology, on the endpoint side from the PC or the laptop, to the applications that the end user is accessing, and each and every device in between,” Mr Ahmed says.
“Physical security matters too – companies need to have barriers to protect sensitive equipment and information.”
And finally, organisations need to comply with legal and regulatory requirements. There are now many governance and compliance obligations relating to cybersecurity and data retention that greatly assist in cybersecurity.”
Dealing with data retention
Another big cybersecurity challenge contact centres can help address is the risk of data retention, according to Ms Doyle. Following a series of high profile data breaches in recent years, the Australian government has pledged to review mandatory data retention laws passed in 2015, which require organisations to hold a range of sensitive customer data for two years to allow access for law enforcement.
“Many businesses are real data hoarders because of how easily we can store data now,” Ms Doyle says.
“Many organisations are storing way more data than what they need and for much longer than what they need it for. A key risk reduction measure is having a strategy in place around the retention of data and data collection. It might not reduce the risk of a data breach happening, but it significantly reduces the impact of a data breach if that happened.”
Contact centres crucial for defence-in-depth
At the end of the day, Mr Ahmed says today’s contact centres can no longer be thought of as mere cost centres or line items on a balance sheet. Instead, they are indispensable strategic assets that are central to the relationship between businesses and their customers. Protecting that bond of trust with rigorous cybersecurity practices must be a core priority.
Contact centre providers that fall behind the security curve put not just their own reputations at risk but the credibility and commercial standing of every company they serve.
As essential service providers continue to integrate these third-party operators ever deeper into their operational fabric, it’s time we saw them for what they truly are – the first and last line of defence.
TSA are Australia’s market leading specialists in CX Consultancy and Contact Centre Services. We are passionate about revolutionising the way brands connect with Australians. How? By combining our local expertise with the most sophisticated customer experience technology on earth, and delivering with an expert team of customer service consultants who know exactly how to help brands care for their customers.