Splunk & DTEX Partner to Deliver Noise-free Human Telemetry to the SOC. READ THE NEWS HERE.

WORKFORCE CYBER
INTELLIGENCE

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

The Why & How of Stopping Call Center Security & Insider Threats

From a security standpoint, call centers are one of the riskiest areas of the enterprise. Like any branch of an organization, they’re susceptible to malware, APT, and other security threats. But there’s one security concern that they need to pay extra special attention to: the insider threat. Call centers have several unique features that put them at higher risk for an insider threat attack. Over the course of 15+ years of insider threat investigations, we’ve noticed certain patterns that CISOs need to watch carefully.

Here’s just a few reasons why you need to watch out for the insider threat at your call center:

Call Center Employees have Access to Sensitive Customer Data

By nature of their job, call center employees have direct access to sensitive customer information. Every day, your employees handle hundreds of customers’ credit card information, passwords, bank info, health care information, or even social security numbers. This level of direct access comes with an inherent spike in risk. Plus, it means that you have to be doubly aware of what’s happening in this branch of the business.

Call Center Employees are Entry-Level and Low-Income

Low-level employees are especially risky insiders for two main reasons:

They don’t tend to have as much employer loyalty or view their jobs as a long-term career.Employees who are struggling financially are much more likely to be tempted by offers from outside agents. They’re also more likely to sell or use customer information themselves.

These two factors combined create a risky demographic. You have a large number of insiders who are more likely to need money, and who may be comfortable with the idea of hurting their employer. That’s a bad combination when it comes to the insider threat.

Call Centers Have a High Turnover Rate

Most insider data theft takes place when an employee is leaving the company. Call centers have a high turnover rate — the average US call center turnover rate hovers around 33%, with a quit rate of 60% of the total turnover. In other countries, this number is even higher: average call center turnover in India, for example, is 55%. These rates mean that you’re constantly exposing yourself to the risk that a departing employee might take sensitive customer data when they leave. Plus, a high turnover rate means a greater number of employees passing through your door each year, which in turn means exposing your data to more people. It only takes one errant employee to cause a breach, so this opens you up to greater insider threat danger.

Trust but Verify: Monitor Changes in Behavior BEFORE Data Theft Occurs

You need to accept the reality of the risks within your enterprise, but the answer isn’t to treat every employee like a future criminal. Tight restrictions will likely hinder productivity, frustrate employees, and, ultimately, upset customers. Instead, focus on getting true visibility into employee activity. With that knowledge, you can target the real risks within your enterprise. Most of your call center employees should be accessing the same types of applications and information within your databases. If an employee starts deviating from that normal behavior, you need to be ready to leap into action. The key is to make sure you have effective internal visibility and that you’re looking for the right warning signs. Here’s just a few that you should be watching for:

An unusual rate of copying/moving files to a local machine or a different serverA user accessing The Onion Router (TOR)Unusual use of incognito/Private Browsing modeAttempting to disable/tamper with security controls (e.g. DLP)…And many more. If you’re curious, we’ve put together a handy checklist of 17 red flags that call centers need to watch out for. Download it below.

To keep your call center data secure, you need to approach your security with open eyes. If you know what you’re looking for, you’ll be able to mitigate the insider threat risk without resorting to overwhelming lockdowns.