As organizations strengthen their customer support with new policies and technologies, they must also ensure they are building security and privacy into their overall support program. Businesses today are collecting an increasing amount of data. While this information can provide an enhanced experience for the end user, it also poses a major security risk. (One might say that with great data comes great responsibility.) And given the large amounts of sensitive personal information involved in customer service interactions, organizations must take measures to ensure this data is properly secured.
In today’s digital era, the implications of data breaches can be extremely far reaching. When valuable information is stolen from a company, the damage goes beyond initial cost to include brand reputation, customer loyalty and ultimately, revenue. Every company wants to avoid becoming tomorrow’s next mega breach headline, but one of the biggest missteps here is a lack of understanding that it’s no longer a matter of if a company will be breached, but when.
October was National Cybersecurity Awareness Month, and yet this month alone brought forth a number of troubling security incidents. While the security outlook may seem bleak these days, there are several measures organizations can implement to prevent breaches across their systems.
Here’s a look at the top four steps companies should take to bolster the security of their customer support program.
Step 1: Encrypt all communication
Encryption is a proven method of preventing data from exposure. Customer service experiences can involve a high volume of personally identifiable information (PII), including names, addresses, social security numbers, payment information and even account PINs. So, when it comes to customer support, encryption is a vital step in ensuring the protection of customer information and interactions.
Step 2: Implement the principle of least privilege
The principle of least privilege (POLP) is not a new concept, but it is an effective one. In a nutshell, POLP gives employees the lowest level of user rights that they can have and still do their jobs. Let’s say your company processes payment information. With POLP in place, only the employees that need that information for their job function will be granted access. Enforcing least privilege in your organization will help to reduce your overall security risk, while also keeping business disruption to a minimum. POLP can also be bolstered by checking access each time someone logs into the system.
Step 3: Build in strong authentication
With encryption and policies of least privilege in place, an important factor to consider is the authentication of users – essentially, the ability to confirm that an individual is the person they say they are. For customer support, this is important on both sides of the interaction. If a customer were to call in without being properly verified, there is strong potential for fraud. And there is an equal risk posed by individuals claiming to be customer support agents.
According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches involved the misuse of stolen, weak or default credentials. That’s why stronger methods of authentication are required to confirm an individual is who they claim to be. Technologies such as two-factor authentication and biometrics (fingerprints, facial recognition, etc.) are helping to solve this challenge for both consumers and organizations.
Step 4: Don’t Forget the Code
Vulnerabilities in software applications have posed a major threat to organizations over the years. However, there are several tools and methods available that can help alleviate the risk posed by insecure code. Application security tools can scan your code for any flaws or security holes. Additionally, penetration testing – a process where security experts attempt to exploit your software’s code – is an effective method of uncovering any potential security vulnerabilities that could expose your software to attack.
This article originally appeared in Information Management.