Eric Greenwood
VP of Product Innovation
insights
PART 1: Cybersecurity in the modern Contact Center
October 16, 2023
Contact centers have and continue to evolve from isolated customer service (voice and data) organizations to sophisticated operational hubs that manage company wide customer interactions, communications, and data. They have become the repository of vast amounts of both unstructured and structured customer data, playing a pivotal role in the interface between businesses and their customers. This in turn has made them a prime target for cybercriminals in an environment of ever-escalating cyber security threats.
Contact centers are often the first point of contact for consumers looking to interact with a business. And as such, more often than not, they collect personal and financial information. A breach in the security of a contact center can have dire consequences. Compromised personal data can lead to identity theft, fraud, and personal loss, exposing the company hosting the contact center to both financial and regulatory liabilities. Ultimately, the reputational impact can be even more devastating than the immediate financial and regulatory liabilities.
As contact centers become even more tightly integrated with the overall business, a breach in the contact center can act as a gateway into a business's other operational systems, magnifying the potential exposure. However, despite the obvious dangers, it is imperative that the company takes into consideration the operational and user impact of the security protocols that are being proposed. Protocols that are too onerous can negatively impact operations and the associated customer experience and may lead to an erosion of the business that exceeds the cost of a security breach.
Common Cyber Threats
Phishing Attacks
Phishing attacks are a form of cyber threat where cybercriminals craft deceptive emails and/or more recently QR Codes, to trick the recipients into performing certain actions that could compromise security or provide sensitive information.
Quishing, also known as QR code phishing, involves tricking someone into scanning a QR code using a mobile phone. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information.
Examples:
1. Fake Customer Inquiry: A representative may receive an email that appears to come from a potential customer. The email might contain a link, claiming to lead to a product query or a customer complaint. Once clicked, this link might redirect the representative to a fake login page, tricking them into entering their system credentials which the attacker then captures.
2. Tech Support Scams: The attacker might pose as a member of the IT department, sending an email to representatives claiming there's a need for an "urgent system update" or a "password reset." The email might ask representatives to click on a link and input their login details, or it might have them download a piece of malware disguised as an update.
3. Invoice Scams: Contact center representatives might receive fake invoices that seem to come from legitimate vendors or company departments. The goal is to lure them into clicking on malicious links or downloading infected attachments, which can then provide a backdoor to the system.
4. Emails with Malicious Attachments: An email that looks like it's from a trusted source might contain an attachment, supposedly a customer’s order form or a voice recording of a previous call. Once the representative opens the attachment, malware or a virus is unleashed onto their workstation.
5. Spoofed Executive Emails: Cybercriminals might mimic the email address of a senior executive or manager, instructing the representative to share specific customer data urgently. Given the seeming authority of the request, representatives might comply without verifying.
6. Quishing: The following is an example of a QR code phishing email.
Vishing (Voice Phishing)
Vishing, or voice phishing, is a type of social engineering attack where scammers use phone calls instead of emails to trick their targets. In a contact center setting, vishing can target both the representatives themselves and the customers they interact with.
Examples:
1. Impersonating a Customer: A scammer might call a contact center representative, claiming to be a customer who has forgotten their account details. Using social engineering techniques, they might convince the representative to bypass standard security protocols, thereby gaining access to confidential account information.
2. Posing as Tech Support: A scammer might call a representative, pretending to be from the company's IT department. They might claim there's an issue with the representative's system that requires immediate attention and convince them to share their login credentials or even install malicious software.
3. Fake Supervisor Calls: An attacker could impersonate a supervisor or manager from another branch or department, pressuring the representative to quickly provide customer details for an "urgent audit" or "system update."
4. Targeting the Customers Directly: Scammers might also reach out to customers directly, pretending to be representatives from the contact center. They could claim the customer's account has been compromised and request personal or financial information to "verify their identity" or "secure their account."
5. Fraudulent Promotions or Offers: Scammers could impersonate contact center agents offering special promotions or refunds. They would then ask customers for payment details or personal information, ostensibly to process the offer.
Malware and Ransomware
Malware is a broad term used for malicious software designed to infiltrate, damage, or exploit computer systems. Ransomware is a subtype of malware, specifically crafted to encrypt the victim's data and then demand payment to restore access.
Examples:
1. Email Attachments: A representative might receive an email, seemingly from a trusted source, with an attachment labeled as a "customer complaint" or "invoice." Upon downloading and opening this attachment, malware could be introduced into the system.
2. Compromised Software Updates: Cybercriminals could disguise malware as a routine software update. When representatives or IT personnel install this "update," they unknowingly introduce malicious code into the contact center's system.
3. Infected USB Drives: If representatives use USB drives to transfer data or bring personal USB devices into the workplace, there's a risk of malware being introduced if these drives are infected.
4. Drive-by Downloads: Representatives visiting an infected website might inadvertently download malicious software onto their workstations. Even reputable websites can sometimes be compromised to deliver malware.
5. Ransomware Lockdown: A representative could accidentally activate ransomware, either through a phishing link, email attachment, or malicious software update. This ransomware encrypts valuable data, making it inaccessible. The cybercriminals then demand a ransom, typically in cryptocurrency, promising to provide the decryption key upon payment.
6. Trojan Horses: Malware disguised as legitimate software might be installed on a representative's workstation. Once activated, it can steal data, monitor activities, or create a backdoor for further attacks.
Insider Threats
Insider threats, unlike external cyber threats, originate from within the organization. These threats can be posed by current or former employees, contractors, or business partners who have inside information concerning the organization's security practices, data, and computer systems.
Examples:
1. Data Theft for Personal Gain: An employee in financial need, might sell customer data to third parties, such as marketing companies or criminal organizations. This data could include personal details, financial records, or account credentials.
2. Sabotage: A disgruntled employee with access to the system might intentionally disrupt operations. This could be through deleting essential data, introducing malware, or tampering with communication lines.
3. Revenge Motivated Breaches: An employee who has been terminated or feels wronged might access and leak sensitive company information to competitors or on public platforms as an act of revenge.
4. Unintentional Insider Threat: Not all insider threats are malicious. Sometimes, employees accidentally cause breaches by failing to follow security protocols, misconfiguring systems, or being careless with login credentials.
5. Credential Sharing: An employee might share their login credentials with a colleague to ease a task, unknowingly granting them access to sensitive data they shouldn't have access to.
6. Collusion with External Threats: In some rare instances, an insider might collaborate with external hackers, providing them with valuable information or system access to facilitate a cyber attack.
DDoS Attacks in Contact Centers
DDoS, or Distributed Denial of Service attacks, involve overwhelming a target with traffic from multiple sources, with the primary aim of making a server or network resource unavailable to its intended users. When aimed at contact centers, these attacks can cripple communication channels, leading to significant downtimes, loss of customer trust, and potential financial implications.
Examples in a Contact Center Setting:
1. Overloading Voice Channels: In a voice-based DDoS attack, a contact center's phone lines might be flooded with fake calls, rendering them unusable for genuine customers trying to get through.
2. Saturating Web Chat Systems: For contact centers offering support through web chat, a DDoS attack might involve flooding the chat system with automated bot messages, causing genuine customer messages to be lost or delayed.
3. Disrupting Backend Systems: DDoS attacks could target the backend servers supporting a contact center's operations. Overloading these servers might cause them to crash, leading to a full stop in operations until the issue is resolved.
4. Targeting Support Websites: If a contact center provides support through a specific website or portal, a DDoS attack could flood that website with traffic, making it inaccessible to customers.
5. Internal System Misconfiguration: Client end points requiring connectivity a host application may inadvertently flood the internal network if pings remain unanswered due to a misconfiguration.
Best Practices for Safeguarding Contact Centers:
1. Training and Awareness:
- Regularly train representatives to recognize and report suspicious activities.
- Educate them about phishing, vishing, malware, ransomware, insider threats, and DDoS attacks.
- Employees should be made aware of the repercussions of breaches and the importance of data security.
2. Authentication and Access Controls:
- Implement Multi-Factor Authentication (MFA) to reduce the risk of unauthorized access.
- Strictly control access to data and systems, ensuring employees only access essential information.
- Review and update permissions regularly.
3. Encryption and Data Security:
- Encrypt sensitive data to protect it from unauthorized access.
- Limit unnecessary data collection in line with acts like PIPEDA.
- Establish clear communication and information request protocols to prevent breaches.
4. System and Software Vigilance:
- Ensure timely system updates to fortify against known threats.
- Install and update antivirus and anti-malware software.
- Employ robust firewalls and utilize Web Application Firewalls (WAFs) for added protection.
- Implement advanced email filtering to quarantine malicious emails.
5. Monitoring and Analytics:
- Use traffic analysis tools to detect suspicious patterns, especially against DDoS attacks.
- Monitor employee behavior using analytics tools, flagging unusual data access patterns.
- Conduct regular security audits and review call logs for potential security lapses.
6. Backup and Redundancy:
- Backup data frequently and store in a separate location to restore operations in case of ransomware attacks.
- Establish redundant servers or communication channels to ensure continuous service during threats.
7. Response and Recovery:
- Have a comprehensive Incident Response Plan for all potential threats, from phishing to DDoS attacks.
- Ensure swift containment and recovery measures to minimize damage.
- Foster clear whistleblowing policies for employees to report suspicious activities.
8. External Coordination and Cloud Protection:
- Collaborate with ISPs for potential DDoS mitigation solutions.
- Adopt cloud-based DDoS protection services, like Cloudflare or Akamai, to shield infrastructure.
Contact centers, particularly in the digital age, require stringent measures to safeguard against multifaceted threats. With robust training, vigilant monitoring, and adaptive security protocols, businesses can ensure the security and continuity of their operations, adhering to standards such as PIPEDA and optimizing the balance between utility and risk.
Like what you're reading? Stay tuned for part two of this series coming soon!
And if you don't want to miss any news from Connex, sign up to our newsletter below.