As more organizations shift their contact center to work from home or a hybridized model, the importance of cloud security becomes increasingly apparent. The cloud is indispensable when it comes to creating a successful contact center in a work from home environment. It gives agents access to data and productivity tools stored where they can access it from wherever they are. Ideally, this information flows freely between channels, is un-siloed and presented using one interface.
Table of contents
Clouds are scalable and dynamic. But, they are complex to manage from a security perspective.
Here we put forth eight cloud security best practices.
A proactive approach to cloud security requires the identification of potential attackers. Most attackers are cybercriminals, hacktivists, or social engineers. Understanding why and in what way these usual suspects might target your organization is a step you can take to counter security threats.
Assess what kind of information your contact center manages. Identify what information might be attractive to specific attackers and put measures in place to protect it.
Security are ever-changing. You can stay one step ahead by automating the threat identification process.
Make sure your agents are knowledgeable about threats and cloud security. An agent that misuses your cloud, due to negligence or lack of knowledge, creates a gap in your defense. It is important your agents understand:
- How to securely access and use your cloud contact center platform
- What security threats look or sound like
Sharing this knowledge protects your cloud by preventing your agents from unknowingly tearing holes in your security system. It empowers agents to be vigilant for threats. The more eyes you have watching the better you can detect and trace threats back to their source.
Educating your agents on how to recognize tactics attackers may use protects your organization from falling prey to them. Training your managers and agents and afterward, present your contact center with placebo threats. Measure performance in these practice activities. This gives your agents to put action to their knowledge and allows you to identify weak links. Practice makes perfect and further training can be provided if necessary.
Users don’t always come up with the most secure passwords (‘your name’ 123, anyone?). While a necessary and age-old security measure, passwords are a vulnerable piece of the security puzzle. Password protection is crucial to keeping your cloud secure.
Verification procedures make access to the cloud more difficult. Think of them as the door chain on your cloud.
Two-step verification is an easily deployed security feature. Once a user inputs their password, they can be verified by sending a code to a trusted device. This extra step adds significant security when accessing the cloud.
Cloud-based contact centers can use verification to make sure they are not making changes or giving out sensitive information to parties who are not who they say they are.
Segment the Network
Network segmentation is a strategy that lets you set rules for which services are permitted between accessible zones. You can restrict access between segments. Segmenting your network is a bit like an airlock. You can isolate particularly sensitive areas of data through access control. Threats are unable to easily make lateral movement among the network.
But what happens when revisions to the rules need to be made constantly to keep up with the network? This is the case with cloud platforms.
Cloud segmentation is achievable by automating change management. Your cloud remains fluid and dynamic while adjusting and accounting for changes in the network.
Plan for Incidents
Regardless of how scrutinous you are in your cloud security management, you need to be prepared for an incident of a security breach. Think of a security breach as a worm wriggling through the smallest hole. If that worm goes undetected, who knows what friends may follow and how the hole might grow. Security for your cloud platform should
- Identify the incident quickly
- Pinpoint the entry point and segments affected
- Contain the incident
- Remedy damage done
- Learn from mistakes
Perform Penetration Tests
Your cloud security should be tested periodically by running routine penetration tests. An undiscovered gap in your cloud infrastructure leaves you vulnerable to security threats. If you can find these gaps before nefarious parties do, your cloud will be all the more secure for it.
The contact center is the perfect environment for running penetration tests. With many users accessing your cloud there are opportunities every day to test multiple potential entry points. This also means that the cloud-based contact center is more susceptible than most cloud-based organizations and running penetration tests is even more important.
Encrypt Your Data
Sensitive data needs to be encrypted. When you encrypt your data you limit who has access to it based on a set of keys. Only those with the keys can access your encrypted data.
The contact center is often in the possession of sensitive and/or personal data. Because of this, it is essential for cloud-based contact centers to perform data encryption. Without it your customer’s data is vulnerable
Layer Your Security
Firewalls have been a big part of network security from the beginning. Traditionally firewalls were deployed between a trusted network and the internet at large. But, the division between a trusted network and the greater internet is gone. Once the first and most important line of defense against threats, the firewall is now simply not enough.
While you can, and certainly should, employ a firewall to secure your network, you need to add layers of security. Layers can include
- Cloud specific firewall
- Intrusion prevention systems
Sometimes contact centers process customers’ payments. This type of interaction involves highly sensitive data. In the course of payment processing, you wouldn’t want account information or access codes laid out for prying eyes to see. Make sure your transactions happen behind layers of security.
Cloud-based contact centers are responsible for protecting personal information about your customers, your organization’s trade secrets and sensitive account details. Cybersecurity should be proactive and take a holistic approach. Perform research often, invest in artificially intelligent tools and ensure open communication.
Information held in the contact center’s cloud can be used to actively manipulate individuals to disclose confidential information for use in fraudulent activities. If your cloud is not adequately secured serious harm can be done. Make sure cloud secure best practices are at the top of your to-do list.