How cybersecurity (or the lack of it) can directly affect your contact center

Cybersecurity, computer attacks, malware … these are words that still seem like something out of a futuristic Steven Spielberg movie. But we can affirm that the future has already arrived: cybersecurity (or the lack of it) can directly affect your contact center and is a fundamental part of our day to day life. And if this is still not your case, it is time for you to begin to get familiar with this concept.

After a 2020 marked by the digitization of all communications, logically, dangers have increased. Assuming that through our mobile or computer someone can enter to all the sensitive information of a company, at least it has to give us a chill.

Are we really aware of the danger that this implies?

How is the current situation regarding cybersecurity?

Lt’s start with Spain. According to a Business Insider article, different experts consulted agree that the national industry has a solid foundation to become one of the safest countries in the world. Although the 2020 pandemic was extremely difficult to anticipate, progress in this area had been considerable in recent years and this helped to react swiftly to this new scenario. For example, in 2020, the National Cybersecurity Institute (INCIBE) managed 133,155 cybersecurity incidents.

On the other hand, Latin America stands out for its advanced regional regulatory frameworks, as well as its avant-garde regulations at the national level in leading countries in terms of digitization (Brazil and Mexico). But we must also counter this optimism with the exposition of certain weaknesses that, it should be noted, are present, to a lesser or greater extent, across the globe.

We found 3 main weaknesses regarding cybersecurity in Latin America:

1) Outdated technological infrastructure;

2) the overcrowding of Android mobile devices, a very fragile operating system exposed to Malware; Y

3) the lack of professionals and technicians with solid training in the field of cybersecurity who can provide advice to institutions and companies (same situation as in Spain).

Consequences of cybersecurity failures

Okay, we understand that a technological failure can be serious and affect the entire operation of a company. But do we REALLY understand the consequences it can have?

• Million Dollar Losses: The McAfee company has calculated how many losses cybercrime caused in 2019, and the numbers are huge: more than a trillion dollars, over 800,000 million euros. Slightly more than 1% of the Gross Domestic Product of the whole world. This includes ransoms paid to hackers and downtime losses.

• Reputation crisis: it can destroy years and years of work building a brand. Leaking sensitive information not only hurts customers who are exposed, but also speaks very badly of a company that does not care enough of the data collected.

• Fines: The Spanish Data Protection Agency is fining more than 8 million euros to companies that have problems with the privacy of their users’ data. In Brazil, for example, there are fines of 2% on annual income as a result of a data protection violation. You know now that is better to prevent than to cure, because the cure is REALLY expensive.

• Business closure: It is no surprise that some businesses are unable to move forward after a cyber attack. So one of the biggest challenges is ensuring their survival and being able to overcome as soon as possible to return to normal activity.

Something as simple as the scan of a QR code can be lethal for our security. This daily activity can lead us to download potentially dangerous files to our mobile phones that end up accessing the corporate network when we connect from this device. Little by little we start to understand the implication of this subject for us and our source of employment.

Cybersecurity scandals that triggered the alarms

In recent years we have seen how companies that, a priori, seemed impenetrable, have had serious cybersecurity problems. Here you have some examples to refresh your memory:

• In July 2020, Twitter was attacked. Within minutes, tweets were published from the accounts of Joe Biden (at that time a candidate for the US presidency), Barack Obama (former President of the United States) and Elon Musk (businessman, CEO of Tesla) that promised to give away cryptocurrencies (bitcoins) to people who donate money.

• In December 2020 (already when we thought that the year was ending and that nothing bad could happen), FireEye, one of the largest cybersecurity companies in the world, reported that it had been the victim of an attack where internal tools used to perform security tests in other companies were stolen. 

• Not even vaccines were safe! The pharmaceutical companies Johnson & Johnson, Novavax, Genexine, Shin Poong, Celltrion and AstraZeneca, which during 2020 worked on the development of vaccines against Covid-19, reported that were victims of cyber attacks. There is no certainty that these attacks have been successful, but without a doubt, they were an attractive target due to the magnitude of the damage that could cause a blockage in their activities or the leak of sensitive information.

• Several hospitals in Spain were also victims of ransomware and phishing attacks during 2020. The Hospital de Torrejón de la Comunidad de Madrid published in January 2020 (even before the Covid arrived in Spain) that for several days they were not able to use its computer software because of a cyber attack.

• Regarding LATAM, there were no “scandalous” attacks, but the figures are: 60% of the companies in the region claim to have suffered at least one incident during 2020. A decrease in massive attacks was evident and a transition towards attacks to targeted companies, which main goal is to increase the possibility of collecting economic ransoms.

There is no turning back: digitization has come to stay. IoT (Internet of Things), Smart cities, real-time connectivity, etc. More and more devices keep us connected to the internet and that in one way or another can be the “Achilles heel” of our IT security.

Our topic: cybersecurity in the contact center

For this topic we have consulted an expert in the subject: Jordi Ubach, CISO (Chief Information Security Officer) at TECNOideas 2.0, Company of offensive Cybersecurity and training.

In his EVOLUTION Talk, a series of talks on digitization and technologies that we organized at ICR Evolution, he mentioned that call and contact centers are in danger as they have a very high level of exposure. This, added to remote work or home office, are a quite explosive combination. What is the problem? That the further away we are from the office, the more difficult it is to have control over the IT security. We used to work in a controlled perimeter, now that has been dynamited.

Call centers and contact centers have also had to suddenly adapt to a 100% digital way of working, and different software as our, EVOLUTION, had to adapt as well. Constant updates and fine-tuning have allowed our call and contact center software to offer an optimal experience, even when everything was uncertain.

Having highly trained and committed professionals is a determining factor. It is the best tool to develop quality software and offer a secure solution to our clients, so that they can carry out their mission with the peace of mind that the information in their call center or contact center is being protected.

How can we protect our contact center from cybersecurity attacks?

We are all exposed to suffering a cyber attack in our contact center, but there are 3 fundamental aspects that we have to consider if we want to prevent these attacks on our security: software, equipment and training.

• Updated software: quality software with the latest updates can be the determining factor of our security. Technology moves forward one step and hackers are surely also improving their techniques at the same time. Investing in good software can prevent you from several headaches!

• Modern equipment: equipment obsolescence is also a factor to consider. Each technological device has a useful life, which after that period will stop being receptive to updates and will begin to fail. Providing modern and quality technology to each person who works in the company is already a great first step.
• Employee training: Jordi Ubach in his EVOLUTION Talk about cybersecurity talks about “click incontinence”: we receive a link and we cannot help clicking immediately. Is that you? Well, it has resonated a lot for us! We must know how to identify when a link may be malware or respond to a phishing technique. Although since 2020 employees claim to be receiving more training on cybersecurity, 50% of employees in Spain admit to have used a non-work application on a corporate device, and 26% of them have uploaded corporate data on that device. Maybe it’s time for a second talk about it.

As general recommendations, you should know that it is important in your company:

• To work with connections through VPN, which are secure connections to the company;

• Implement a BYOD (Bring Your Own Device) framework for when non-corporate resources are used;

• Establish people responsible for security and device update policies;

• Avoid remote desktops and team viewers as much as possible;

• And finally, a recommendation that we all know but don’t use that much: strong passwords! Include uppercase, lowercase, numbers, and symbols.

There’re only two types of companies: those that have been hacked and those that will be.
Robert Mueller. FBI Director. 

 

Is technology insecure or are we irresponsible in its use?

This question is like the chicken or the egg, there is no final answer. Technology can clearly suffer from certain flaws that allow gaps on your security systems. Obsolete devices, lack of updates, security investment cost savings are some of the factors that can make a technological device easily penetrable.

Now, on our side, as users, we also have a great responsibility to take certain measures to reduce these potential risks.

We have to have in mind that these risks not only affect us personally (a bank account hack, for example), but that we can put at risk the integrity and stability of an entire company.

Our mobiles and computers are the gateway to the entire corporate network to which we are connected, so it is up to us to wait for malware with open arms and leave everything ready for them to fulfill their mission, or put obstacles and blocks to restrict entry into the system and that at least they have to make an effort if they want to harm us.

Do you want to know more about EVOLUTION, our call center and contact center software? Send us a message and we will contact you shortly.