As CPI’s Facility Security Officer, I’m required to take training classes on an ongoing basis. I recently completed a course on Cybersecurity Awareness. I came away with several key tips that can be applied within the framework of how we conduct ourselves in the “cyber” world.
Usually our blog posts focus broadly on contact center operations – centered on improving efficiency, increasing customer satisfaction, and even generating revenue. However, in light of the recent cyberattacks on Chase, Target, and Home Depot, this information is not only relevant to you as a consumer, but also relevant with the type of scrutiny your reps will receive by your customers as they discuss sensitive information.
As one of our recent blog posts pointed out, we are living in a society where more and more individuals use other means besides the telephone to communicate–including e-mail, web sites, and social media. This includes how consumers reach out to contact centers to ask questions, access product information, resolve issues, etc.
Cyber “hackers” are keenly aware of this and are targeting these electronic outlets as a way to try and gain access to proprietary information. This can lead to the hacker being able to use the information to access a company’s network.
Here’s a brief overview of the means hackers use to launch their cyber “attacks”:
- Reconnaissance – Hackers research and identify individuals to target through the information in their posts/comments/blogs on websites and social media outlets. Picking up key pieces of personal information (birthdays, dates, names of family members, pets, etc.) is often all a hacker needs to identify “weak” passwords and exploit computer system vulnerabilities.
- E-mail Intrusion – Attackers send “phishing” e-mails to target users within companies by encouraging them to clink on attachments within the e-mail that include malicious links or ways for attackers to gain access to domain credentials.
- Establish a Back Door – With domain credentials, hackers can move within a company’s network, installing back doors for future and continued intrusion.
Here is a list of countermeasures to share with your staff and customers to help them when communicating through electronic means:
- Do not include passwords or personal identifying information, such as a Social Security Number, when reaching out to a company/contact center electronically
- When expecting a reply back from a company via e-mail, only open messages from a trusted source. Do not open any e-mail or attachment from an unknown origin, even if it looks official (indictors of suspicious e-mail may include bad grammar, misspellings, and/or generic greetings)
- Do not install or download any unfamiliar software to your personal computer or to your company’s network without first consulting with your IT Department
- Confirm that your organization has anti-virus software in place and monitor for any successful or attempted intrusions to your network
Lastly, here are a few general reminders that we should all keep in mind to lessen the risk of cyber compromise:
1. Password protection:
- When creating passwords, combine letters, numbers and special characters
- Do not use personal information or common phrases
- Avoid repeating passwords across sites and systems
2. Delete suspicious e-mails and report potential incidents to your IT Department
3. Removable media (thumb drives/flash drives) are popular giveaways for promotion and at trade show; always confirm these drives are from a reliable source before running them on your computer
Hope you can use some of the security awareness tips and tricks I’ve shared as you continue to navigate through the cyber world! If you have questions, drop me a line. I would be happy to address any of your cyber concerns.