Skip to content

Tell me how are the remote organizations overcoming the sensitive data concerns?

11/2/2015

  Printer Friendly Format    

Question
Tell me how are the remote organizations overcoming the sensitive data concerns?

Answer

Your question is very broad, and addresses a serious issue for any organization that has remote employees. As DMG Consulting concentrates on contact centers, we’ve responded to your question from this perspective. The list below provides contact center industry best practices for protecting an organization’s sensitive data.

Operational Practices

  • As part of the hiring process, do a background check of potential employees to rule out anyone with a questionable past.
  • Make sure that workstations at remote locations are secure per your organization’s standards.
  • Document security procedures, and train your employees to use them.
  • Train your employees to treat your organization’s and customers’ data as a valuable corporate asset.
  • Establish a formal communication process between supervisors and remote employees so that you can stay on top of what is happening at remote locations. Supervisors and remote staff should be in touch at least daily.
  • Do quality management (QM) regularly on remote locations to make sure that secure processes and procedures are being followed.
  • Monitor all personnel who have access to your systems, for unusual data access patterns or behavior.

Technical Practices

  • Require remote users to access contact center services through a secure multi-protocol label switching (MPLS) network or Internet/virtual private network (VPN) connection.
  • If MPLS/VPN access is not available, use secure socket layer (SSL) protocol for transmitting log-in and password data over the Internet.
  • All data transmitted between the remote location and the contact center solution should be encrypted using the latest security standards.
  • Voice and screen recording should be done in the datacenter; do not record audio or screens on remote workstations.
  • Use software to automate the process of blocking the recording and capture of sensitive data. Additionally, use software that prevents agents from even hearing sensitive credit card information.
  • Ensure that encryption is applied to the media from the moment it is captured, and maintain encryption anywhere that data is transmitted or stored.
  • Use role-based permissions to control the data and information made available to each employee.
  • Do not allow remote workers to write data to external devices such as universal serial bus (USB) drives; disable PC USB ports and the ability to write to digital video disk/compact disk (DVD/CD) drives.
  • Use self-encrypting or encryption software to secure hard drives on workstations and datacenter servers.
  • Use encryption software to force authentication before all remote workstations boot.
  • Force workstations to erase all data after 5 failed log-in attempts.
  • Program workstations to lock out after 2 minutes of inactivity.

These practices will limit risk and mitigate loss from the exposure of sensitive data. However, there is currently no way to fully protect company data, whether employees work on-site or at remote locations.