By William Lane
Like it, or not, your call center is connected to the Internet. Whether you utilize a premise or cloud-based model, PRIs or VoIP, are located in Bar Harbor, Maine, or Los Angeles, California, or have four agents or 1,004, you are dependent on the Internet in some way. The bad news is that every person, business, organization, and government connected to the Internet is vulnerable.
Vulnerable to What? A few of the threats facing all of us every day include distributed denial of service (DDoS) attacks, malware, toll fraud (international calls being made from your switch), phishing, crypto-lock attacks, and unfriendly probes. Having antivirus software from a leading company is not enough.
Not only is there an explosion of malware (some estimates are as high as 200,000 new malware samples released every single day), but research shows that only 5 percent of threats are actually identified by existing security software, and in the majority of cases the average time-to-detection rate takes two months (Marc Goodman, Future Crimes).
Our networks, computers, switches, and every other device connected to the Internet are vulnerable to attack. Some of the bad actors are out for the lulz (the fun of it), but an increasing number are out for money. If you don’t believe me, try searching for ransomware.
Your Network, System, or Switch Is at Risk: Some attacks are direct, some are indirect, some (as mentioned above) are just for the fun of it, and some are malicious, purposeful targeting. Often victims of cyberterrorism are merely collateral damage. For example someone releases a malware to Windows, and every Windows user gets the sickness. Or a bad actor releases a web crawler, and it identifies an open public port on your switch, notifies the perpetrator, and your telephone bill goes up thousands of dollars until you notice the charges on your invoice. Experts estimate that some form of cyberterrorism will affect one in eight businesses each year, and the threat is only growing.
So, after painting this bleak picture of the vulnerabilities of contact centers (and everyone else, by the way) being connected to the Internet, what can be done to protect critical systems from cyberterrorism?
- Be Aware: Understand that every system is vulnerable; so prepare for how to deal with the various challenges before an attack occurs. Don’t be blind to the very real threats that are growing daily; plan contingencies on how to keep your business running should such an attack occur.
- Practice Safe Software Management: Ensure that all available updates are installed quickly. This will mitigate exposure to known threats. For instance, Microsoft does not even issue security updates for Windows XP anymore. Yet millions of computers with this software are still running, making them vulnerable to attack. Make certain your call center stays up-to-date with software versions and security updates, and avoid open source software not shepherded by your vendor and its partners.
- Implement Resiliency: Install software and hardware that ensures constant monitoring of your system, such as robust firewalls, routers, and network management tools. Proper resiliency may not prevent every attack, but it will ensure that your system continues to operate (even if in a degraded state) and alert you to issues in a timely manner so you can repair the damage and stay in business.
- Execute Redundancy: Implement a business continuity disaster recovery plan and test it frequently, ensuring that your system is completely backed up and accessible in a crisis.
- Choose Trusted and Experienced Partners: No one can do it all on their own. Ensure that your chosen vendors and partners are at the forefront of technology implementation. Make sure they have the ability to enable you to practice safe software management in a cost-effective and timely manner and have key partnerships in place to assist you.
- Utilize Encryption Technology: Use encryption technology wherever possible, such as secure messaging, databases, routers, and firewalls.
- Perform Security Audits: Contract with a competent third-party auditor to ensure compliance with best practices for security, including PCI and HIPAA. Use vendors and partners whose products and environment are annually audited.
Recognizing that we live in a dangerous world and seeking solid partners who understand technology and know how to mitigate the risk of cyberterrorism is not only prudent – it is an essential element in today’s world for ensuring that your business not only continues, but thrives. A little self-reflection and thoughtful examination of system and software vulnerabilities may not make it possible to avoid every cyberterrorist attack, but it will certainly create an environment of awareness and minimize the impact on your business.
William Lane has been involved in software development for nearly thirty years and has worked at such companies as Oracle, Microsoft, and ARIS. He is the president and CEO of Startel and Professional Teledata.
[From Connection Magazine – May/June 2016]