Tag Archives: Disaster Planning and Recovery

Why Hackers Target Medical Records Instead of Credit Cards


Amtelco-medical records

By Nicole Limpert

Despite the care most of us take to protect our credit card information, credit card fraud is the most common form of identity theft in the United States. According to a report from Javelin Strategy & Research, 15.4 million consumers were victims of identity theft or fraud in 2016, which cost US consumers more than 16 billion dollars.

However, cyber criminals increasingly target electronic protected health information (ePHI) because hackers can get a premium price for this personal information on the dark web.

Sold to the Highest Bidder

Raw credit card numbers—those that are missing PIN and user information—are worth a dollar or less each on the dark web. More complete credit card records that include personal information command a higher price—up to thirty dollars each, depending on the country of origin. However, the most valuable prize for fraudsters is someone’s medical record. Estimates vary, but in general health records consistently sell for seventy to ninety dollars each. Some hackers claim to sell blocks of thousands of records and receive over one hundred dollars per individual record.

Historically, healthcare data breaches were the result of internal staff actions (both accidental and intentional), but the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data in 2015 discovered that the primary reason for healthcare data breaches was due to criminal attacks.

The report states, “Employee negligence and lost or stolen devices still result in many data breaches, according to the findings. However, one of the trends we are seeing is a shift of data breaches—from accidental to intentional—as criminals are increasingly targeting and exploiting healthcare data.”

While the progress is slow, it appears that more hospitals are using ePHI and beginning to catch up with the technological needs to protect it. Click To Tweet

Why ePHI Is So Valuable

It is estimated that the global healthcare industry will be worth 8.7 trillion dollars by 2020. Cyber criminals are cashing in by using stolen patient data primarily for insurance fraud, medication fraud, and financial fraud.

The Identity Theft Resource Center, a US nonprofit that provides victim assistance and consumer education, reported there were 355 healthcare breaches in 2016 affecting 15 million records.

Information contained in a medical record is particularly useful for lucrative fraud schemes because it’s high-quality, deeply personal, and permanent. On the dark web, this type of data is referred to as “fullz” (full packages of personally identifiable information). Fullz can’t easily be replaced (the way credit card numbers can), so it is more useful and provides more value to criminals.

Because the information contained in a health record is complete and comprehensive, it’s extremely versatile, and it takes much longer for fraud to be detected. The information can be used in a variety of fraud scenarios.

Sometimes personal identities are stolen to receive medical care. The Ponemon Institute provides an example where a patient learned his identity was compromised after receiving invoices for a heart procedure he hadn’t undergone. His information was also used to buy a mobility scooter and medical equipment, amounting to tens of thousands of dollars in fraud.

Why Is ePHI So Vulnerable?

In response to increasing threats to patient health data and poor security, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted in 2009. The act provided a 27 billion-dollar incentive to encourage health providers to switch from paper medical records to electronic files.

The results have been disappointing. Many healthcare organizations were slow to adopt electronic files because of struggles connecting different technologies. These disparate technologies need to work together so electronic health records (EHRs) are available to the appropriate staff.

When Barrack Obama was interviewed by Vox’s Ezra Klein and Sarah Kliff on January 6, 2017, he explained that this lack of interoperability was something he and his administration didn’t expect:

We put a big slug of money to encouraging everyone to digitalize and catch up with the rest of the world here. And it’s proven to be harder than we expected, partly because everyone has different systems. They don’t all talk to each other, it requires retraining people in how to use them effectively, and I’m optimistic that over time it’s inevitable it’s going to get better because every other part of our lives, it’s become paperless.

But it’s a lot slower than I would have expected; some of it has to do with the fact that it’s decentralized, and everyone has different systems. In some cases, you have economic incentives against making the system better; you have service providers—people make money on keeping people’s medical records—so making it easier for everyone to access medical records means that there’s some folks who could lose business. And that’s turned out to be more complicated than I expected.

As a result, hospitals and clinics have been operating, at least in part, with outdated technology, thus exposing them to the dangers of cyber-attacks.

Are Paper Medical Records Better?

It may be tempting to think that paper medical records are a safer option, but according to a recent study published in the American Journal of Managed Care, paper and films were the most frequent location of breached data.

Verizon’s 2018 Protected Health Information Data Breach Report also found that 27 percent of data breach incidents were related to sensitive data on paper. The Verizon report authors wrote:

Medical device hacking may be in the news, but it seems the real criminal activity is found by following the paper trail. Whether prescription information sent from clinics to pharmacies, billing statements issued by mail, discharge papers physically handed to patients, or filed copies of ID and insurance cards, printed documents are more prevalent in the healthcare sector than any other. The very nature of how PHI paperwork is handled and transferred by medical staff has led to preventable weaknesses—sensitive data being misdelivered (20 percent), thrown away without shredding (15 percent), and even lost (8 percent).

The Future of ePHI

While the progress is slow, it appears that more hospitals are using ePHI and beginning to catch up with the technological needs to protect it.

In 2017 the American Medical Informatics Association released a report using information from an American Hospital Association survey about hospital information technology. They measured “basic” and “comprehensive” EHR adoption among US hospitals and found that 80.5 percent of hospitals had at least a basic EHR system. Data breaches in the US healthcare field cost around six billion dollars annually. Even though the latest IBM Security/Ponemon Institute study found that, in the United States, healthcare data breach costs are higher than any other industry sector, the average cost per record is decreasing. The average data breach cost per record in the healthcare industry was 380 dollars in 2017, down from 402 dollars the year before.

Amtelco-medical records

Nicole Limpert is the marketing content writer for Amtelco and their 1Call Healthcare Division. Amtelco is a leading provider of innovative communication applications. 1Call develops software solutions and applications designed for the specific needs of healthcare organizations.

Surviving the Storm



Texas-Based Call Center Reflects on the Trials and Tribulations of Hurricane Harvey

By Kevin Ryan

The first question often asked when a serious storm approaches is, “Are we prepared?” Over the years, we’ve educated ourselves on disaster preparedness. We’ve faced natural disasters before and worked through them successfully. We took this experience and built out our company with redundancy at the forefront. All our equipment is in a tier-4 data center in the middle of the state, away from the coast. We have two of everything: call servers, communication servers, power sources, data connections, and server farms, all backed up into the cloud.

We also have multiple office locations in San Antonio, Corpus Christi, Houston, and Beaumont. Each office has redundant routers with two different incoming data circuits. Short of the data center completely going up in smoke, nothing could take us down. Then came Hurricane Harvey.

Harvey Arrives

Harvey first appeared as a tropical storm on August 17, 2017. By August 20, reports indicated the storm could gain hurricane status, with the Texas coast as the projected target. By August 23 all indications showed the storm had built up to a Category 4 and would hit Texas somewhere near Corpus Christi.

Hurricane Harvey made land fall on August 25 in Port Aransas as a Category 4 storm with sustained winds of 135 mph. The Rockport community was immediately devastated, with over 30 percent of the homes destroyed by high winds. As soon as Harvey made landfall, it quickly weakened. Wind speeds dropped, and the rain was consistent but not overwhelming.

We woke up on August 26 thinking we were okay. Our office south of Corpus Christi was back to fully operational, with just a few tree branches littering the parking lot. The staff had checked in. All were fine, and we were relieved. The forecast showed Harvey weakening and heading back out into the Gulf.

San Antonio made it through the storm almost untouched: no power outages, just some light flooding. There was general celebration. We had dodged the bullet. We knew the rain would continue and there might be some flooding. We supplied them with food, water, and clothing. Many had lost everything, and this was the first delivery of aid they had received. Click To Tweet

Harvey Hits Huston

By August 27, Harvey had moved back out into the Gulf of Mexico and stopped just off the coast near Houston. It was now categorized as a tropical storm. But as it churned over the Gulf, it dumped massive amounts of rain on the greater Houston area.

A colossal amount of rain still pummeled Houston well into August 28. The area of flooding was larger than the state of New Jersey. Houston and the surrounding counties were declared disaster areas. Over fifty inches of rain fell on the city, shutting it down. Throughout the storm, we did all we could to stay in contact with our Houston staff to make sure they were safe. Most had or were being evacuated. Communication was spotty.

On August 29 Harvey came back inland, making landfall near Port Arthur and Beaumont. Our second-largest office is in Beaumont with thirty-plus employees. For the first time, we felt we were in real trouble. We had over forty employees from the Houston and Beaumont offices who were unaccounted for. The ability to stay in communication with our team members decreased by the hour. Our main priority was making sure our teams were safe, doing whatever we could to help them. Almost every business between Houston and Beaumont was closed, which caused a massive call surge on our lines.

Callers were trying to reach medical providers, pharmacies, service technicians, and city offices, all of which were closed and would remain so for the rest of the week. The fourth-largest city in the country would be closed until the following Monday. Our people were exhausted.

A Dire Situation

On Friday, September 1, our Beaumont office manager was finally able to get through to us, but she relayed a dire situation. Most employees had lost cars and homes. All were in shelters. There was no water, no food, and limited electricity.

At our office in San Antonio, we collected food, clothing, toiletries, and medicine. We organized a relief caravan to take off as soon as the roads opened, and by September 4, we had connected with all employees but one. We left early Friday morning with two trucks and a cargo van, each loaded down with food and supplies and met our Houston team at a Walmart just off the highway.

When we pulled into the parking lot, nine employees were waiting for us with their families. We supplied them with food, water, and clothing. Many had lost everything, and this was the first delivery of aid they had received. We will never forget their tears of joy. We spent two hours dispersing supplies before we were off to our next stop, Beaumont.

Making It to Beaumont

The drive to Beaumont was surreal. I-10 is the major east/west transit for the southern half of the US. What are normally open plains on either side of the road were now lakes. Floating debris could be seen in all directions. The water had a blue-green hue to it from the chemicals that had leaked out of the refinerys in the area. The city water system was still offline, so the only clean water for Beaumont residents was bottled water. There were lines of semitrucks stacked with water. Staging areas for water around the city had been set up. Because so many residents had lost their cars, most walked to an area to pick up a case of water.

We pulled into our Beaumont office parking lot around 5:00 p.m. Most of our staff had already arrived with their families and were waiting for us. We began unloading the food, water, and clothing into the hallways of our office.

A Hot Meal and a Bit of Normalcy

Once the trucks were unloaded, we drove to an open grocery store, purchased food, charcoal, and beer and returned for a family cookout in the parking lot. It was the first hot meal most of them had eaten in six days. With smoke billowing out of the grill, we finally relaxed. It was an opportunity to come together for a barbecue and much- needed normalcy.

The effects of Hurricane Harvey would last for months to come for our staff and business. Numerous employees remained in shelters well into November.

Over a year later, we still feel the effects of Harvey. However, our company stuck together through the trials and tribulations this storm inflicted on us. We continue to help each other through the ongoing challenges and consider ourselves better prepared for the future.

Kevin Ryan is the managing partner of business development at TAS United.

Business Continuity and Disaster Recovery: Hope for the Best, but Prepare for the Worst



By Michael Dozier

Disaster can strike your business at any time and in a variety of ways. Once an effective, well-designed, and professionally managed telephony disaster recovery plan is in place, you can rest secure in the knowledge that fire, flood, power outage, natural disasters, or other problems don’t mean a change in your business’s fortune.

Statistics about Disaster Recovery:

  • There were 102 disaster recovery declarations by FEMA (Federal Emergency Management Agency) in 2016 and 136 in 2017. An even larger number of security, technology, network, and telecommunications outages and disruptions occur annually.
  • A Gartner study states, “Two out of every five companies struck with a major disaster are unable to recover. Of the survivors, one-third goes out of business within the next two years.”
  • Twenty percent of businesses experience an emergency failure in any given year, and 80 percent of those businesses will go under in just over a year, according to the U.S. Bureau of Labor Statistics.
  • Nearly 40 percent of small businesses close after a disaster, according to FEMA.
  • Only 25 percent of businesses that close due to a major disaster ever reopen, according to the Institute for Business & Home Safety.

Technologies and Mitigating Strategies:

In such circumstances, what technologies are available to businesses that might be used to keep telephony up and running 24/7? Start with session initiation protocol (SIP). SIP trunking offers high flexibility in the event of a disaster and has the capability to provide disaster recovery options for your business telephony. Most service providers offer:

  • Automatic Failover: In the event the primary T-1 or internet connection fails, calls automatically switch to a secondary, tertiary, or 4G LTE connections.
  • Automated Distribution and Rerouting of Calls: If your location fails to receive calls, calls are automatically rerouted between geographically diverse sites, to a designated off-site number, or another call center. This allows you to maintain receipt of inbound calls in the event of a power, system, or circuit failure.

Next look at disaster recovery as a service (DRaaS). Voice over IP (VoIP) needs to be at the core of any well-planned communications recovery strategy and should be used to bolster disaster recovery plans. Call centers with VoIP can expect a high availability in the event their system (either premise-based or hosted) fails or they lose connectivity to their system. Some key attributes of a failover, cloud-based backup system are:

  • Calls are automatically delivered directly to operator desktops via softphones.
  • Calling party ID and customer name or account number are delivered to the operator.
  • A cloud-based IVR provides multiple call queues, skills-based routing, and redirect of calls at the DID level.

The best line of defense in the event you lose the ability to work from your existing location due to fire, storm, power outage, or another disaster is a hot standby emergency system for remote continuity. Send employees home or to locations with internet access to work with a computer softphone and headset. You may be able to resume critical functions in minutes at a temporary location. The same key attributes of a failover, cloud-based backup system are available.A true business continuity telephony solution needs to be able to handle any kind of problem, no matter how big or small. Click To Tweet

Finally, realize that communication continuity also depends on redundancy in the business continuity and disaster recovery provider’s infrastructure. Here are some criteria to consider:

  • Does the provider utilize redundant, geographically diverse data centers?
  • Are these data centers Tier 3 high-availability data centers or Tier 1 and Tier 2? Organizations selecting Tier 1 and Tier 2 solutions typically do not depend on real-time delivery of products or services for a significant part of their revenue stream.
  • Tier 3 data center services providers depend on colocation services for the critical lifeline of their business. Rigorous uptime requirements and long-term viability are usually the reasons for selecting strategic solutions found in Tier 3 and Tier 4 site infrastructure.
  • Is SIP trunk redundancy available? Insure connectivity of each SIP trunk to geographically diverse data centers, so if there is a data center issue, carrier issue, or other problem, the other takes over for all trunks and DIDs.
  • Is toll-free number redundancy available? In the event of a major failure at one carrier, all toll-free numbers are activated on a secondary carrier.
  • Do they provision DIDs to multiple carriers to terminate traffic? In the event of a major failure at one carrier, not all DIDs are out of service.
  • Does each of their data centers have connectivity to multiple national networks? If there is a problem with quality or service issues with one network, calls are routed to another.

A true business continuity telephony solution needs to be able to handle any kind of problem, no matter how big or small. Whatever disaster recovery methods for telephony a company uses, the effectiveness of the whole recovery plan will have a massive impact on how well a company deals with the disaster.

Create a Telecommunications Disaster Recovery Plan:

  • You need a serious plan if your regular communication method fails. Consider how your employees will react to the change in communication as well. Both customers and employees are key to your business running smoothly. Take both into consideration as you develop your plan.
  • Create a well-written document regarding how your telecommunications systems operate. Include important information like failover specifications and remote capabilities. Some issues can be resolved remotely with the proper plan in place. Be sure to document any critical operation functions and any service level agreements associated with them. Include the technical support reporting processes and escalation processes and contact information for all critical providers.
  • Identify the potential crisis that may affect your business telecommunications systems and create well-defined procedures to handle each crisis. Make sure various departments within your organization review the procedures, and make adjustments and addendums as necessary. Be sure to plan for the transition for resumption of service. Lastly, create roles and responsibilities for employees overseeing business continuity and recovery efforts. Does staff know where they should work from in the event of a disaster recovery plan being implemented?
  • The best way to ensure that your disaster recovery plan is effective is to implement a test.

Establish, develop, and manage strategies, plans, policies, and procedures to protect your people, facilities, and supporting technology in case of a disaster. Make sure your organization is prepared for the worst.

Michael Dozier is president and CEO of Pulsar360, Inc., a leading provider of SIP services and disaster recovery solutions for call centers.

Communications Factors to Consider for Disaster Preparedness

By Alan Creighton

More than a month after Hurricane Sandy hit, reports show that telecom service disruptions were recorded in 158 counties and ten states stretching from Maine to Virginia; as many as 8 million customers were left without the ability to communicate, according to an FCC estimate. All the major service providers were hit: AT&T, Verizon, Sprint, and T-Mobile all reported significant disruptions. Julius Genachowski, chairman of the Federal Communications Commission (FCC), estimated that about 25 percent of wireless cell towers in the Northeast were knocked out during the storm, and some 911 emergency call centers were even disabled.

Hurricane Sandy was a reminder to do everything we can to protect ourselves, our businesses, and our call centers. While wireless and wired networks experienced downtime after Hurricane Sandy, services backed by geo-redundant architecture were able to stay up and running. Organizations unprepared for disasters often lose communication capabilities, which in turn jeopardizes sales opportunities, revenue, and valuable client contact. Every enterprise should take the time to ensure that it has a disaster recovery plan in place and that its provider is prepared to keep communications up and running. Here are three key factors to consider regarding your business communications before catastrophe strikes:

1) The Location of the Cloud. Though its services are virtual, the cloud is tied to a physical location along with the information stored there. As we saw after Hurricane Sandy, flooding knocked out several carriers’ switches in New York and New Jersey, leaving thousands of business lines down across the country. Businesses can avoid a breakdown in communications by simply choosing a provider that has a geographically dispersed network infrastructure with switches in more than one location. Geo-redundancy insulates businesses from having to experience the effects of a core network crash and prevents disruption in business communications. In the event of a switch outage, another location can serve as backup and thereby preserve uptime.

2) The Core Network Infrastructure. Providers that rely on Time-Division Multiplexing (TDM) trunks for communication set businesses up for trouble in the wake of a disaster. TDM trunks are physically tied to a local switch, so if flooding knocks out the circuit, businesses can’t access their communication network. TDM trunks are a single point of failure because numbers tied to a TDM trunk are unable to easily move to another switch.

Hosted VoIP providers use the power of the Internet to deliver voice services and run with IP-based core network infrastructures that allow numbers to be instantly moved to a backup switch to process calls and maintain network uptime.

3) The Point of Access. By choosing cloud-based VoIP services, businesses can ensure that employees are able to continue business correspondence and access communications in a number of different ways. When a circuit goes down, users with hosted VoIP can reach their business line with a unified communications application by utilizing a Wi-Fi hotspot or a cellular voice or data network.

If you can access any form of a wired or wireless network, you can get to your business communications with inbound and outbound business identity dialing. Features like Unreachable Destination can also ensure that businesses can continue to communicate, even when the IP access circuit is out of operation, by enabling users to set an alternate phone number to which calls can be routed.

Other Benefits: Hosted contact centers also eliminate the downtime associated with software upgrades, hardware maintenance, and other outages. In addition to keeping your operation up and running reliably, cloud-based contact centers offer a number of other benefits that include virtual queues, reduced technical and operational costs, and the opportunity to build a nationwide team of US-based remote agents and supervisors. Many businesses that implement these contact center solutions generate an increase in revenue. Data released by Yankee Group shows that businesses can save up to 45 percent on the total cost of ownership by choosing a hosted solution instead of an on-premise service. The overall value-added benefits of hosted services are evident and driving market growth at rapid rates, with a predicted compound annual growth rate of 18 percent in 2013.

Hosted contact centers increase productivity with the ease of management and provisioning for multi-site, remote, and expanding businesses without the costs associated with in-house call centers or loss of quality often associated with outsourcing or offshoring. Businesses can also eliminate virtually all software, hardware, implementation, and recurring maintenance expenditures.

Businesses without these services found themselves without a way to communicate during the outages that followed Hurricane Sandy. VoIP technology is mature, and the features and benefits clearly outweigh TDM. Put your business communications in the cloud with a geo-redundant solution so that if disaster strikes, your business will stay up and running.

Alan Creighton is CEO of Momentum Telecom.

[From Connection Magazine April 2013]

Planning Is the Best Way to Minimize Disaster Impacts

By Donna Fluss

As Hurricane Sandy bore down on the East Coast, I was reminded of the importance of disaster recovery (DR) and business continuity (BC) planning, something that too many contact centers neglect. Most enterprise leaders agree that disaster recovery and business continuity planning is critical, but often budget constraints prevent organizations from making the necessary plans. Unfortunately, hurricanes, tornadoes, snowstorms, floods, fires, and acts of terrorism remind us of how important it is to have strong DR and BC plans in place.

Preparing for a Disaster: The primary goal when preparing for a disaster is to build a plan to keep your contact center operating during a crisis. The strategy you choose will depend on your technical capabilities and resiliency, the number of sites and their geographical dispersion, the percentage of work that can be deferred in the short term without major business ramifications and serious customer dissatisfaction, and how much you are willing to spend to keep your business going in the event of a disaster. Here are a number of ways to prepare your contact center and limit the negative impact and cost of disasters:

  • Have geographically dispersed locations if possible. Set up business continuity routing plans to move interactions from an impacted site to its backup.
  • Invest in contact center infrastructure that is resilient and comes with full backup capabilities.
  • Invest in a cloud-based contact center infrastructure solution as your backup, but be sure it’s based in a different geography from your primary system.
  • Establish a business continuity plan with your carrier(s) that allows you to easily alter your routing scheme.
  • Be prepared to use self-service solutions as your primary customer interaction point for as long as half a day. This is not ideal, but if it becomes necessary, you should have an interactive voice response (IVR) application ready to be implemented. Build these environments and hope you’ll never have to use them.
  • If your contact center technology supports work-at-home agents, assign 20 percent of agents to be DR staff. Implement the technology needed in their homes, train them to use it, and test it once a quarter to make sure they know how it works. (Make sure they have the necessary bandwidth to handle calls and other types of customer interactions.)
  • If work-at-home is not an option and you don’t have a second site in a different geography, find an outsourcer in a different region that can provide backup agents and technology on short notice. The outsourcer’s agents must be trained and have availability to your systems and processes. To ensure they are ready, they should be tested every quarter.

Testing Is Key: In a worldwide benchmark study on contact center disaster recovery, DMG found that only 36.7 percent of companies were confident that they could operate during a disaster without serious impact on service quality and the customer experience. This percentage is actually low, because a majority of contact centers either do not have DR and BC plans or are not keeping them up-to-date.

This same study revealed that only 4.7 percent of companies test their DR and BC plans on a monthly basis. This leaves 95.3 percent of contact centers at risk of a major meltdown in an emergency, which is not a position anyone wants to be in. The best plans won’t help if your staff does not know what to do and the technology does not work. So, it’s essential to run a full business continuity test once a year and test various aspects of the plan on a quarterly basis.

Final Thoughts: Nobody likes to think about disasters, but whether they are weather-related, such as a hurricane, or manmade, such as a terrorist attack, they do happen. Not every company will be hit by unexpected events, but all contact centers should be prepared so they can mitigate the impact on their customers and bottom line without putting their employees at risk.

Donna Fluss is the founder and president of DMG Consulting LLC, a provider of contact center and analytics research, market analysis, and consulting. Contact Donna at donna.fluss@dmgconsult.com.

[From Connection Magazine December 2012]

Disaster-Proofing Your Call Center

By Nicolas D’Alleva

Disasters that may potentially disrupt your call center can manifest themselves in different ways. In today’s world of heightened customer expectations and real-time tweeting and blogging about service interruptions that could tarnish your image, disaster-proofing your call center operations must be an essential part of your business strategy. Broadly, disasters can be classified as 1) semi-predictable and 2) completely unpredictable in terms of the impact of the disaster.

Semi-predictable disasters include power outages, hardware failure, and weather-related damage. In general, it is easier to plan for continuity of service in such cases, as most call centers have redundant power, redundant data storage, migration procedures, and equipment that allows off-premise agents to interact with customers in the event of the transportation difficulties that are common with weather related disasters.

Unpredictable disasters, such as a fire or a terrorist attack, are more difficult to plan for. Similarly, disasters may be localized to your call center alone or may be more widespread and affect an entire city, state, or even country. Regardless of the classification or the reason for the disaster, your customers expect you to be omnipresent and impervious to the unpredictable. Is this fair? Probably not, but as long as you know you are doing everything possible to thwart the inevitable, the uptime statistics are in your favor. It all starts with effective disaster response.

Effective disaster response includes two parts: 1) Ensuring that the highest priority activities continue uninterrupted and 2) reverting back to normal operations as quickly as possible.

Part 1: Prioritization for Disaster Recovery

The first step in disaster-proofing your call center is prioritizing the various components in your call center, since it won’t be possible to offer all services and meet all SLAs (service level agreements) while operating during the recovery phase.

Nature of Calls and Types of Customers: The first step in disaster recovery planning is to take an inventory of the various types of customer calls (or services) that your call center receives. After this, you need to identify the critical calls and the not-so critical calls based on the business objectives of the call center. If there are different levels of customers, such as platinum level, gold level, and so on, then you would need to prioritize these as well.

Once this has been completed, identify which calls and services cannot be stopped (even for a few hours), which ones can be recovered within a day, and which ones can be stopped until your operations are back to normal. A cost benefit analysis of loss of customer satisfaction compared to the cost of recovery options can help to make this prioritization exercise more fruitful.

Hardware Equipment: Once you have an idea of the reduced volume of transactions to be serviced during the recovery phase, it is easy to identify the components in your call center that require redundancy to be built in. While designing the network architecture of the call center, it is essential to identify the level of redundancy that you’ll need for each of the elements in your call center. It is also important to have adequate backup power available in the form of UPS and generators.

Vendors: You will need to build in redundancies at the vendor level as well; try to utilize at least a couple of vendors for your telephone services. This will ensure that a disaster at a single vendor site does not totally shut down your operations. You may also want to enter into preventive maintenance contracts and service contracts with your hardware vendors, so that an equipment failure does not result in long downtimes.

Call Agents: Depending on the skill sets needed to serve the high priority calls, you may decide to have a group of backup agents who can work from home to handle your calls in case your location is affected by the disaster.

Role of Management: You should have a disaster recovery team identified and trained on the necessary steps to be taken immediately after a disaster. Specific personnel should be identified to:

  • Inform and coordinate agents and their activities
  • Inform vendors and request service and support
  • Inform financial institutions to activate your emergency line of credit
  • Activate emergency scripts in the call center
  • Coordinate communication to stakeholders (such as organizations and callers) on the measures taken and alternate channels of service delivery provided (such as website, email, etc.)

Part 2: Getting Back to Normal

Once the immediate response is taken care of and the recovery phase operations have stabilized, your next focus must be getting back to normal operations. Filing insurance claims is an important step in this phase. Top-level management should meet to chart out activities that need to be performed in order to get back to normal as quickly as possible.

Once a plan has been prepared, it is important to communicate that to your clients so they continue to place their trust in your call center.

Nicolas D’Alleva is the owner of Specialty Answering Service (SAS), a global telephone answering service and call center provider.

[From Connection Magazine September 2012]

Is Your Business Disaster-Proof?

By George Mwangi

With the rise of extreme weather in recent years, have you given thought how your business would survive a major disaster? Many companies put off developing a contingency plan until the last minute and unfortunately pay the price. Taking the time to set up systems to ensure that your company is able to function in the face of unforeseen circumstance is a critical part of business planning.

So what exactly is disaster planning? Well, there are a number of components. We’ll look at some of the most common.

Succession Planning/Chain of Command: Although you never want to think about getting ill or passing away suddenly, this is an important issue to consider when it comes to your business. You should have a documented and clear succession plan, naming individuals who would step up in the event you become temporarily or permanently unable to run your company.

Succession planning is not just about designating a new chairman or CEO; it also ensures that your brand image and the experience your customers have grown to expect will continue uninterrupted. Therefore, take some time to think about who you would want to run the company in your absence and distribute a copy of your succession plan to your senior management team.

Customer Service/Call Routing: Another key area to think about is customer service. In the event of a storm or power outage, will your customers be greeted by a busy line and endless hold times? This is seriously damaging to the customer experience and your company as a whole. However, there are options to avoid this scenario.

Many companies outsource their entire customer service operations to dedicated companies. These outsourced or “virtual” customer service centers have a number of benefits built in. In addition to allowing the business to maintain an efficient, low-maintenance customer service option, they have built-in functionality in case of emergencies.

The best companies have more than one office, preferably located in different states. This allows the different locations to cover for each other and does not limit your ability to service your customers due to regional weather issues.

Another option is to use a customer service firm in the event of an emergency only. With a virtual call center, you can set up a plan to route calls from your office to their lines in the case of an emergency. This can usually be done by calling into a specified number and entering a specific code, which will then divert the calls. Using a company outside of your geographical location provides assurance that your calls will still be answered if your location is hit with heavy storms or a natural disaster.

Cash Flow: Last but not least is ensuring continued cash flow through your business in the event of an emergency. In some circumstances, this means having an ample reserve set aside to cover customer defaults, business expansion, and miscellaneous unforeseen expenses. It is always important not to run on too tight of a margin, as this allows you to be flexible in meeting the needs of your company.

In addition, it is important to have emergency and long-term contingency plans in place. If a warehouse is destroyed or you experience a bad sales year, would you have ample funds to recover or see you through the dry spell? Planning for unforeseen financial situations, as well as natural disasters and management shakeups, is a smart move and one that may make all the difference in the your company’s ability to weather the storm.

As the Boy Scouts say, “Be prepared.”

George Mwangi is general manager at Call Desk Inc, a privately owned customer service organization based outside Portland, Oregon.

[From Connection Magazine April 2011]

Improving Crisis Management in Call Centers Using Desktop Integration

By John Broderick

Recently, while making travel arrangements, I called my travel agent’s customer service line. On hold for the better part of an hour, I listened to Muzak and intermittent assurances that my call was, indeed, very important. I experienced the same dilemma everyone does in this situation: “Should I call back later in hopes that the call volume has died down?” or “Should I wait this out so this time is not wasted?  It might only be a minute more.” Then it hit me. As this was during the height of the swine flu panic, they were most likely flooded with inquiries about air travel safety, added precautions, cancellations, and the like.

A majority of consumer service brands employ call centers. Even in today’s world of online transactions, sometimes you just have to speak to a “live person” to resolve an issue. In addition, when there is a full-blown crisis, no matter what the reason, call centers can become overwhelmed, less able to provide the level of customer service they strive for under normal circumstances. In order for call centers to handle “moments” of crisis, they must first be running as efficiently and effectively as possible. During crises, they need the ability to adapt quickly, provide agents with up-to-date information, and deliver a high level of customer service, particularly regarding immediate conditions. So what can call centers do to better handle different types of calls during periods of emergency and maintain the same high quality of customer service when it is most needed?

Desktop Integration and Automation – The Optimal Solution: At the heart of a call center, regardless of its purpose, are systems that assist management and call center representatives in managing their calls and providing necessary customer services. To provide quick and accurate support, agents need current and pertinent information regarding the caller and their issue, but valuable time is too often wasted by switching between applications and application screens, waiting for information to load, and, when necessary, calling in additional resources. Meanwhile, the caller is getting increasingly frustrated and forming negative associations about the company. This perception is compounded during times of crisis when customers are likely struggling with a negative experience, potentially more easily angered or panicked, and in need of immediate resolution of an issue. Companies using desktop integration can respond to these periods of crises by deploying new information from other systems, automating new processes, or providing pop-ups that walk agents step-by-step through relevant procedures.

Desktop integration defines and streamlines business processes, integrating systems where they are used – at the desktop. Desktop integration is an effective approach to organize complex work environments, simplify processes, and reduce the time required for knowledge workers to complete tasks. In addition, desktop integration is noninvasive and requires no server-side integration, thereby reducing integration costs, eliminating the need for additional, complex infrastructure, and lowering implementation times from months to weeks.

We all know how complicated and costly it is to change or cancel travel plans, so consider what it must have been like for travelers booked on flights to Mexico when the swine flu epidemic began. As agents working for the airlines and travel providers during this time can attest, anything that enabled them to quickly access necessary information and resolve issues would have been a godsend. This is just one example – all companies employing desktop integration would benefit from the same solutions, not only for the purposes of automating processes for regular call times but also to quickly adapt during periods of crisis. Your call center agents’ productivity and the level of customer service they can provide can only be improved by streamlining processes at the user level. Investing in solutions to integrate your disparate applications and automate necessary processes will reduce the time it takes to get an issue resolved and, more importantly, build customer brand loyalty.

With more than thirty years’ experience in business and finance, John Broderick joined Cicero Inc. in 2001 to manage the company’s global finance functions. He can be reached at 919-380-5000.

[From Connection Magazine March 2010]

Mind Your Business: Providing Disaster Relief

By Steve Michaels

Q. We generate a lot of extra revenue whenever there is a hurricane, power outage, or snowstorm. Is there any way that we can capitalize on all the work we do for these clients during natural disasters?

A. That’s a great question and I have a great answer from Wil Porter from Ansaphone Service in Massachusetts:

The day after a snowstorm, tornado, power outage, or flood you have a great opportunity to reinforce or introduce clients to the great value you bring to the table. I know many of you are literally exhausted from the onslaught that just happened, but the advantages could far outweigh this extra effort.

This is the time to call your large clients as well as those clients that used you more than what would be typical for that day, telling them that you wanted to make sure that they have recovered from the storm. Are they all dug out, above water, with power restored?  Do they need you to continue to provide services for them until things are back to normal? Review the types and number of calls received. Most calls received during a disaster will be far different from those received during normal circumstances. These messages can provide great insight and lead to recommendations of other services and solutions.

A good introduction might be, “We should review your instructions and obtain additional information in case this kind of thing happens again.” Some other suggestions to consider:

Coordination: “If there is a weather-related event coming, who should be called to coordinate information?”

Facilities: “Can we store the names and numbers of people to contact in the event that your management staff needs to reach building managers to alert them of problems or receive updates?”

Call out protocols: “Some of your employees, especially new ones, may not remember the protocol for reporting absences. Let us know how to handle those calls more efficiently for you.”

Snow line: You can suggest setting up a “snow line” for employees to call to find out if they are supposed work.

As Wil concluded in his email, “We are not just one less thing to worry about, but one great thing that they can count on!”

Steve Michaels is a business broker with TAS Marketing and can be contacted at 800-369-6126 or tas@tasmarketing.com for questions.

[From Connection Magazine April 2009]

A Disaster Recovery Solution

By Bill Curtin IV

John D. Rockefeller’s pragmatic view of disaster recovery – “I always tried to turn every disaster into an opportunity” – is one which holds true for today’s call center industry just as it did for the oil industry of the late 1800s. Even so, actually turning a disaster into a business opportunity involves much more than reacting to a difficult situation when it occurs.

The first step towards disaster recovery is disaster preparedness – identifying all of the emergencies that could confront a call center and putting plans in place to deal with them in a quick, efficient, and effective manner.

Most call center clients expect more today than ever from their call centers. Many even require SLAs (Service Level Agreements) and proof that adequate disaster recovery plans are in place. In the event of an emergency, they want their calls to be answered.

The three most important resources for a call center to consider are the inbound telephone lines, the call center’s client data for properly processing calls, and the labor to answer the calls. A good disaster recovery plan addresses all three of these resources.

In order for a call center to take calls, calls must have an inbound path to the ACD (Automated Call Distribution) system. There are many disasters that can do away with this inbound phone path, and it can be very challenging to reroute the calls to a backup location.

Using the PSTN (Public Switched Telephone Network), a call center’s options are limited by the services its phone company can provide. The call backup and call forwarding services that many phone companies provide vary greatly, so considering backup options when shopping for phone service is extremely important.

Alternative routing or call overflow are common product names that many PSTN phone companies use for describing their call forwarding service. How these services work will also vary by service provider. Usually these services will allow a call center to forward all of its DID numbers to a single 800 toll-free number if phone service goes out.

If a call center subscribes to an alternative routing service that forwards calls to a toll-free number, it can add more flexibility to its phone routing by having the 800 number reside at a RespOrg (Responsible Organization) instead having the 800 number resident within its phone company. The services that different RespOrgs provide also vary – some allow a call center to redirect calls to its 800 number using a website, while others require the subscriber call center to call in to make the forwarding request.

Sometimes trunk groups can be used to forward overflow calls to a backup location. Every phone company uses different names for these services, and just finding the name of the service can be one of the bigger challenges.

Many call centers already are taking advantage of VoIP/SIP phone service providers – for a number of reasons and in equally as many ways. One advantage of SIP (Session Initiation Protocol – an Internet transmission method) providers is that they can have DID lines from many area codes terminate to one IP (Internet Protocol) address.

Many call centers can realize a cost savings using SIP services instead of using dedicated phone circuits to transport their DID traffic. These SIP phone providers also can aid in a call center’s disaster recovery plans.

When a call center gets its phone service from a SIP provider, the phone service is sent to an IP (Internet Protocol) address. To move the phone service to a call center’s backup facility, the SIP service provider directs the calls to another Internet IP address. These IP addresses can be changed manually, through a website, or can be set up to failover automatically.

The newer VoIP (Voice over Internet Protocol) technologies are allowing call centers to “collocate” their hardware to off-premise data centers. When the hardware is housed off-site, the entire staff can connect to the system like remote agents.

In addition to easing worries over power constraints, backup generator power, cooling, and Internet connectivity, collocation removes many of the worries of disaster recovery planning because the datacenter has already addressed them. Even if you are using PSTN phone lines, a collocation facility can provide you with greater reliability. Data centers have fiber SONNET rings that connect them to the phone company’s CO (central office). For a reasonable fee, datacenters will allow you to run your PSTN phone lines from the CO to the datacenter on their SONNET ring, which provides two paths for your phone calls to travel from the CO to the datacenter. If one of the paths disappears, you won’t notice any loss of service.

With this network architecture, the main disaster concern for a call center is maintaining agent workstations. Since SIP connections can be initiated from any workstation with a live Internet connection, this is a powerful operational model for reducing a call center’s risk in disaster situations.

Based on a similar principle, real-time data backup can be a powerful disaster recovery tool for any call center. Utilizing existing ISDN or T1 telephony connections, an off-premise data center can receive a live update whenever there is a change to a call center’s primary database. Several software solutions exist that allow database backup over the Internet. Instead of doing a full database backup, these backup software solutions backup the real-time changes. Every time a change occurs, the data is sent to the backup database through the Internet. The backup databases can be located in scattered and separate locations that are often geographically removed from the area that would be potentially impacted by an emergency.

In the event of a disaster that interrupts the primary database or ACD, service can be restored within minutes by turning on your backup server at the data center. With service rerouted to the backup server, an agent can connect and process calls without noticing any difference from being connected to the primary server.

Reliability is fundamental to the reputation and success of any call center. Being fully prepared for a disaster, with devoted resources and plans of action in place, ensures that when a disaster occurs, the visible effect to the call center’s clients and callers is as minimal as possible.

When a call center’s clients realize that even though a disaster has occurred, their service has not been affected in any way, the call center has turned that disaster into a good client retention opportunity.

Bill Curtin IV is director of corporate IT services for Amtelco and manages Amtelco’s hosted services enterprise offerings.

[From Connection Magazine June 2008]