All It Takes Is One: Why A Wave Of Litigation Regarding At-Home Agents Is Expected
By James Isaacs, Cyara
Enabling at-home workers has been a hot topic in 2020 for obvious reasons. The pandemic has forced governments around the world to issue work-from-home mandates and close non-essential workplaces to stop the spread of the virus. For contact centers, this has meant sending all of their customer care agents home to perform their duties. Hundreds of thousands of customer care agents moved from a highly controlled, managed, monitored, and secured corporate environment to their homes. And their homes are the absolute opposite – not highly controlled, managed, monitored, or secure.
Companies scrambled to procure and provision at-home agents with laptops, headsets, display monitors, and other secure devices and VPNs to avoid the potential external risk factors of a highly dispersed workforce. However, companies may be ignoring that the real risk factors may be the at-home customer care agents themselves: through either unintentional carelessness or premeditated malice, in this new work-from-home world, the customer care agents can cause serious information security problems.
While the vast majority of contact center agents are well-intentioned folks that just want to help their customers, inevitably, there is always a risk of a few members of any population having malicious intentions. Because contact center agents are operating from home, they may receive and possess sensitive customer information on their at-home devices – enabling them to potentially copy or save that information for later illegitimate use.
While agents don’t always need to discuss sensitive information with their callers, those that operate in financial and healthcare industries are often presented with personally identifiable information (PII), such as social security numbers (SSNs), bank account numbers, loan information, personal addresses, insurance policy claims, and loads of other extremely sensitive medical or health information. Even agents that work in unrelated industries, such as retail, travel, or hospitality can easily gain access to credit card numbers and PII like email addresses, physical addresses, and dates of birth.
You may be saying, “but I trust my employees – they’re the salt of the earth and would never intentionally cause any harm to our loyal customers!” You may be correct, but the security risks of at-home agents aren’t purely caused by bad actors within the contact center’s ranks. Sometimes all it takes to cause a security breach is a momentary lapse of judgment or a missed software update.
Often, when working in the contact center, agents would have requirements to check their devices at the door or to keep them off the desk and out of sight during work hours. If at-home agents are using personal devices – or even if they’ve simply failed to update their work computer to the latest version of Windows, Google Chrome, or their company’s unified communication (UC) platform – they may unknowingly be opening the door to security threats. In addition, if the agent’s home Wi-Fi goes down, they may need to find a public place to work, such as a coffee shop or library, which is more susceptible to hackers.
As more contact centers migrate to the cloud and enable remote agents to perform their duties, there is also increased risk regarding security and privacy protocols. In 2021, we will see at least one catastrophic security breach – either from a malicious bad actor or carelessness – that will cause a wave of new litigation regarding consumer privacy for at-home contact center agents. It’s up to contact centers to ensure that their agents are complying with security protocols and standards and that all of the tools provided to at-home agents are vetted and up to date when it comes to the security of sensitive customer PII.
About The Author
James Isaacs is the President of Cyara.