Guest Blog
If you deal with large volumes of data – like call centers tend to – you may find yourself a target of cyber criminals and your cybersecurity may be at risk.
The trouble with cybersecurity is that it’s only ever as good as its weakest point. When you have a large number of staff, the possibility that one of them might turn out to be the weakest point can be significant. Without the right training, it’s easy to make mistakes. We’ll take a look at seven of the main ways to keep them up-to-date, but first, let’s consider what exactly cybersecurity in a call center involves.
Cybersecurity in a Call Center
In order to understand how to train your staff, you need to recognise some of the most common threats:
- Data breaches. This is an extremely common result of cyber-attack, involving the unauthorized gathering of business data or confidential customer information through criminal means. This data might be held for ransom, released publicly, or handed to competitors.
- Denial-of-service. This is where a cyber-attacker ringfences the operation, meaning legitimate users can’t access it, usually until a ransom is paid.
- Social engineering. Call center staff might be manipulated into revealing confidential material, through the use of baiting, scareware, and phishing techniques. A common example of this is a fake password reset email leading to login information being shared.
- Physical security breaches. While the question of what is call center technology usually elicits a standard answer across a company, the provision of physical spaces can often be a little inconsistent. Does every office have CCTV? What about keycard/code-based access? Not all cybercrime starts in the digital space – sometimes it’s as simple as walking in and stealing a USB drive.
7 Ways to Train Call Center Staff on Cybersecurity
So, we’ve seen the ways call centers can find themselves exposed to cyber-attacks. What can we put in place to counter these threats? As so often in life, a lot can be accomplished with sufficient training. Here are some ways you can do this.
1. Educate about attack styles:
Not all staff will be aware of the kinds of attacks that call centers may encounter. So, it’s important to ensure that all your agents understand these tactics. By teaching them about techniques such as phishing, you can ensure they recognize issues with email formats, sender addresses, and link legitimacy. In much the same way that cybersecurity fuzzing is used with devices in order to bolster defense, be sure to cover as many attack styles as possible, so that staff are adequately prepared for most eventualities.
2. Educate about the impact
Nothing sharpens the mind like being told about worst-case scenarios. Sometimes, staff simply won’t appreciate the catastrophic effects that a casual approach to cybersecurity can lead to. So, it’s important to ensure that your agents are aware of such consequences to customers, the business, and the employee themselves.
One way to emphasize this is to include specific case studies in your training content. For instance, in January 2023 Mailchimp were targeted through social engineering, with the perpetrator accessing details on over 100 accounts. And in February 2022, Yahoo had their intellectual property stolen and shared. By showing that even big name companies suffer from attacks, you can make sure your staff understand the risks.
3. Consider your culture
Cybersecurity should become an everyday practice, like signing in and out. It’s not enough to simply lecture agents on best practices, you need to show how they can implement them into their daily workflow.
You can use internal newsletters and meetings to open discussions on best practices, and to ask the staff to relate their experiences of practicing cybersecurity. Such discussions are often a good way of evolving team risk management strategies. By involving everyone in the process, it becomes easier to keep everyone on the same page.
4. Make cybersecurity accessible
Sometimes, your IT team will use jargon and technical terms. This is fine when everyone’s at the same level of fluency, but for non-tech staff, this can be off putting. When it comes to training sessions, make sure everything is accessible and easy to follow. If jargon must be used, explain it first.
This applies across all communication regarding security – vague or baffling instructions can lead to a failure in compliance.
To ensure that your call center agents have access to comprehensive and user-friendly cybersecurity training materials, consider incorporating an elearning strategy. Elearning platforms can provide interactive and engaging courses that break down complex concepts into understandable terms, making it easier for non-tech staff to grasp essential cybersecurity principles.
Additionally, you might explore the use of event management software to streamline the scheduling and tracking of training sessions.
5. Make it a priority
New staff should have training straightaway on cybersecurity. Cybercriminals won’t wait, and neither should you. So, make it a key part of onboarding, even for short term and seasonal employees.
Additionally, don’t treat it as a one-off. Regular updates should be provided for existing staff. This helps to keep the practice of cybersecurity prominent in the minds of those who might become complacent over time. It also means that you can inform them about any new threats that may be trending.
6. Establish sound password protocols
Yes, passwords can be hard to remember. This is why so many end up being ‘12345678’ or ‘password’. Such fall-backs are a gift to a hacker. So, the absolute bedrock of good cybersecurity practice is the proficient creation of passwords.
You can assist in this by having certain conditions apply. For instance, the password should be at least eight characters long, and include upper and lower case letters. There should be at least one numeric character in there, plus at least one symbol.
But things shouldn’t stop there. Make sure your agents know not to use the same password for different tools, and make use of two factor authentication where possible. There should be an understanding from everyone that you should never reveal your password to anyone else, either in the organization or outside it.
One mistake many people make is having a very secure password – and then writing it down and putting it on their desk! Don’t forget to emphasize that physical security is as important as digital security, and passwords should never be left on display.
7. Have regular drills
Take a tip from fire safety: use drills. You can have all the theory in the world, but you can’t beat practical experience for training value. You could send a bogus email with a strange-looking address and see how your staff responds. Or you can engineer a suspicious-sounding call to see what staff do in reaction. Drills are a good example of internal audit methods, in that they expose vulnerabilities very effectively.
Make sure not to shame anyone who fails, however. Instead, provide extra training based on the results – cybersecurity can be tricky, and you want to encourage understanding rather than build a culture of fear. That way, if anyone does fall for a real attack, they’ll be confident enough to tell you, letting you resolve the problem as soon as possible.
Cybersecurity training is vital
We touched on the consequences of casual approaches to cybersecurity. Let’s finish with this eye-watering fact. The average cost of a data breach in the US in 2023 is $9.48 million. You can add to this the cost of all the bad publicity that will attach itself to the situation. It’s not a price easily afforded by many call centers.
Luckily, you know what to do. Establish clear and effective training from day one of an employee’s tenure. Have regular updates, and perform drills. Lastly, make it part of the culture. Everybody should be living and breathing cybersecurity every day. That’s how you beat the cyber criminals
