Security Checklist for Remote Customer Support Agentsby Chris Mullaney |
With more and more support agents either currently working from home or transitioning into a remote environment, a customer support organization leveraging cloud contact center software can provide laptops to remote agents or have agents access the platform through an installed application or internet browser on their own computer.
Regardless of which system is used, it’s important that remote agents are following security tenets to keep customer data and company information secure as well as protecting company data and customer personal identifiable information (PII). If agents have a company-issued laptop, the IT department can remotely manage many security settings.
Here is a security checklist support agents and supervisors should follow to ensure the company and personal computers they use to provide support are secure.
1. Operating System
Windows® and OS X® are the operating systems almost everyone uses. If you have an older OS installed, you might have unpatched security issues. Make sure your computer always has the latest security updates installed. These security updates address vulnerabilities that can allow hackers to take control of your computer and steal your company’s data and improve performance and security.
If you’re using an older operating system, find out how you can upgrade to the latest version to make sure you also have access to the latest security features available with the operating system.
2. Hard Drive Encryption
Once you have the latest operating system installed on your computer or laptop, encrypting your hard drive is the next step to securing your company’s data, customer data and your own personal data. Most modern operating systems provide a utility for hard drive encryption (FileVault® for OS X and BitLocker® Drive Encryption for Windows) so it is easy to install and use to secure your data.
The best part about using hard drive encryption is that if your laptop or computer is stolen, the thief cannot access any customer, company or personal confidential or personal data, or applications.
You should have an antivirus app on your computer. This can be the antivirus app that is included in your operating system or a third-party app that periodically scans your computer and checks for any malicious programs. Some programs, like keyloggers, record everything typed on the keyboard and send that data to malicious parties.
Others can look for logins and passwords for sensitive accounts. Along with antivirus, make sure any emails you view are from trusted sources and not from phishers trying to steal your sensitive information like account numbers. Clicking on malicious links in an email can install trojan programs, ransomware, or other malware that can hijack your computer and data.
A personal firewall prevents unauthorized access to a computer. Agents need to access online platforms to do their jobs and it’s essential their systems are protected from any attacks.
The company office will have a robust firewall to protect internal systems, but a home router will not provide the same level of security. Install a work-approved personal firewall on your computer (Windows and OS X each have one) and keep unwanted intruders out.
5. Password Manager and Two-Factor Authentication
Agents shouldn’t use identical passwords with any online account. Your security and compliance teams likely have company password rules for you to follow.
Complex passwords that include a range of letters, numbers, and symbols to increase password security. To make it easier to create and manage complex passwords, use a password manager to create high-quality passwords and save them in a secure online vault.
When agents need a specific password, they only need to sign in to the password manager with a single, easy to remember strong password. This also helps to ensure agents are using secure passwords to limit access to different accounts.
Two-factor authentication, also known as multi-factor authentication or MFA, adds another layer of security. Two-factor authentication requires a second verification method to ensure the right person is accessing an account. This can be a text code, a generated code in an authentication app, an emailed code, or code obtained through a mobile app.
6. Internet Browser
Google Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge are the most popular browsers. If you use a CCaaS platform, you can log in through a browser tab. Some browsers, like Chrome and Firefox, allow you to use multiple user profiles. This means you can create and silo your work account from your personal account and keep data separate as well.
If you are using a personal device, creating a separate work account will give you a clean browser that doesn’t migrate any personal information or preferences. A work account enables you to use all the necessary work-related tools and keep that information away from personal accounts.
A work account should also only install work-approved plug-ins or extensions. Some plug-ins and extensions read tab data which could include confidential customer information that isn’t meant to be shared. Always make sure you have the latest browser version. Like an OS, browser updates will add new security updates and optimizations.
Video chat-based customer support isn’t common, but support teams may video conference their team members for meetings. It’s important to be aware when the camera is on and also when it’s recording live video. A physical camera cover is useful for everyday situations when the camera isn’t in use to prevent unexpected sharing or camera hacking.
Agents should use a headset with a microphone to speak to customers. A wired headset will have the best connection and audio quality. But also be aware that the laptop has its own microphone for recording and can be listening, by default, to activate a voice assistant in the operating system. Agents should set the headset microphone as the default input device and if necessary, deactivate the laptop microphone.
If agents need to record calls, the IT department should ensure call recordings can be stored securely and only retained for as long as they’re needed for business purposes. Call recordings and video recordings are both considered personal data and should be handled accordingly.
It’s convenient to connect peripherals for comfort and productivity. Typing with a full-size keyboard and a wireless mouse instead of a cramped laptop keyboard and touchpad can be more ergonomic during work hours. But leaving Bluetooth open and “discoverable” can be a security hazard. If you have all the devices you need already registered, turn off active scanning on your computer or laptop.
10. Screen Recording
Rarely will an agent will need to record their screen during a call, but they may need to record for other occasions like training. Any app that records the screen should be vetted by IT to ensure the recordings are stored securely and are only retained for as long as they’re needed for business purposes.
Call recordings and video recordings are both considered personal data and should be handled accordingly. Also if agents are screen recording, they need to be sure that anything shown on the screen doesn’t contain sensitive information.
Location-based services are very common on mobile devices. But laptops also use location services. Microsoft’s location service and privacy page states:
“Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and your IP address to determine your device’s location. Depending on the capabilities of your device, your device’s location can be determined with varying degrees of accuracy and may in some cases be determined precisely.”
The most common use of locations is for weather forecasts, but websites can also ask for location information through an internet browser. Be aware of how an agent’s location is used when they’re supporting customers and if it isn’t necessary to collect location information, turn off this setting on their computer.
Geo-location is also personal data and shouldn’t be collected unless it is needed for business reasons. When it is collected it should be securely stored and deleted once it is no longer needed.
12. Cloud-based Storage and Backups
In addition to encrypting your systems’ hard drive, one of the safest ways to secure company, customer and personal information is in a cloud-based storage service. Most modern operating systems provide access to cloud-based storage services (OneDrive® for Windows and iCloud® for OS X) so it is easy to install and use to store your data securely.
You can, and should, regularly backup your computer and your data to cloud-based storage to reduce the risk of losing your data to hard drive failure or other types of data loss.
Awareness and Precaution
Keeping company information and customer data confidential is important. It’s easier to be aware in an office setting where everyone is reminded about keeping high security standards. But when you are home with your work-issued laptop or personal device, you can become relaxed without realizing it.
Check to make sure agents are following security best practices and ensure that all software is up-to-date, permissions are correctly set, and important information stays secure.
To learn more about how to best protect customer data and ensure the safety and security of the entire customer journey, listen to our FREE webinar, Protecting Personal Data and the Customer Experience.
The best customer experience content delivered right to your inbox.