CONTACT CENTER CYBER SECURITY

­čôś Leitfaden: So finden Sie eine sichere Contact-Center-Software

Choosing a suitable contact center software makes a decisive contribution to making your operational processes secure. This guide will help you and your team assess the cybersecurity characteristics of cloud contact center systems.

Learn how to choose secure contact center software for your business ­čĹë

More on that below ÔČç´ŞĆ

Cyber ÔÇőÔÇősecurity is a fundamental issue for any company that works with customer data.

Cyber ÔÇőÔÇősecurity is a fundamental issue for any company that works with customer data.

Traditionally, cybersecurity has been viewed as a technical challenge. Only in the last decade or so has the focus on the human factor increased. However, cybersecurity is a far-reaching issue that goes far beyond the ICT team. According to the Finnish National Center for Cybersecurity, the following phenomena have the greatest impact on cyber threats:

­čö╣ International economic and political instability

­čö╣ Lack of exchange of information within and between organizations

­čö╣ Unpatched vulnerabilities in devices and services connected to the Internet

­čö╣ Lack of diversified expertise in cybersecurity

­čö╣ Stolen access rights and credentials.

The list above shows that cyber security is a complex topic. With the multitude of cybersecurity risks and potential security breaches today, no organization is 100% secure from all threats. However, with the right systems, training, and certified processes, you can minimize the impact of attacks and breaches on your operations.

Was bedeutet Cybersicherheit im Zusammenhang mit dem Betrieb eines Contact Centers?

Minimieren Sie Cybersicherheitsrisiken

Mit einer zertifizierten und sicheren Contact-Center-Software ist Ihr Unternehmen vor Cyberangriffen und Datenverlusten gesch├╝tzt.

Erf├╝llen Sie alle Sicherheitsanforderungen

Sie m├╝ssen sich nicht selbst um EU-, DSGVO- und andere rechtliche Anforderungen k├╝mmern: Ihr Contact-Center-Anbieter erledigt alle rechtlichen Dinge.

Vermeiden Sie Systemausf├Ąlle

Ein zuverl├Ąssiger Contact-Center-Anbieter sollte immer eine Systemverf├╝gbarkeit von >99,95┬á% gew├Ąhrleisten.

The importance of cybersecurity in contact centers

Both outbound contact centers and customer service teams work with personal data. These organizations are therefore potential targets for a variety of cybersecurity attacks.

In addition, most such attacks today are no longer aimed at individual companies. More often than not, hacker groups and individual hackers cast their net as far as possible, testing the security measures of thousands of companies simultaneously.

Strict regulations apply to companies and organizations operating in the European Economic Area regarding the handling of personal data. The General Data Protection Regulation (GDPR) provides for heavy fines for companies that do not keep their customers‘ personal data secure or fail to adequately correct breaches.

For these three reasons alone, cybersecurity should be at the top of your agenda. To mitigate cybersecurity risks, all tools ÔÇô e.g. B. the contact center software – and all processes of customer service teams and outbound sales teams are evaluated from the point of view of cyber security.

The contact center software you choose is critical to secure operations. Therefore, this guide will help you and your team (e.g. the ICT team) to assess the cyber security properties of cloud contact center systems.

Sicherheitsakkreditierungen und -zertifikate

The best way to ensure a vendor takes cybersecurity seriously? A look at their security certificates.

SOC 2 accreditation and ISO 27001 certification are two of the most reliable indicators that an organization systematically and comprehensively controls its cybersecurity.

Government agencies and large companies in particular usually require either SOC 2 accreditation or ISO 27001 certification as a minimum requirement in their tenders.

If you are concerned about the security of your customer data, you should only choose providers with at least one of these certifications.

Mehr dazu in unserem Leitfaden

Cyber ÔÇőÔÇősecurity is an ongoing issue.

Therefore, dealing with it should also be a continuous process. This process should be clearly documented and include: Include regular risk assessments and information security testing.

SOC 2 certification

A look back

The beginnings of SOC 2 date back to the exam standards published in the 1970s. Developed by the American Institute of Certified Public Accountants, the certification defines the criteria for an organization’s data management. SOC 1 establishes the controls for financial statements. SOC 2 does the same for customer data. The SOC 2 standard is now regulated as part of the International Standard on Assurance Engagement (ISAE).

The importance of SOC 2

System and Organizational Controls (SOC) are reports prepared by independent auditors that evaluate how a company handles sensitive data. SOC 2 certifies that an organization has minimized the likelihood of customer data leakage and security breaches.
The SOC 2 report is based on the five Trust Services criteria for handling customer data: Security, Confidentiality, Processing Integrity, Privacy and Availability. It was developed for all companies that store, process or transmit customer data – e.g. B. SaaS companies or data hosting companies.

Internal Control Principles and Trust Services Criteria

Die SOC 2-Zertifizierung basiert auf 17 obligatorischen Grunds├Ątzen der internen Kontrolle und f├╝nf optionalen Trust Service-Kriterien.

Die Grunds├Ątze der internen Kontrolle stellen sicher, dass das Unternehmen ├╝ber geeignete Prozesse verf├╝gt, um Informationen zu sch├╝tzen. Der Zugang zu vertraulichen Informationen ist auf die entsprechenden Mitarbeiter beschr├Ąnkt, Risiken werden durch kontinuierliche Schulungen minimiert, Systeme kontinuierlich ├╝berwacht und Gesch├Ąftspartner konsequent bewertet.

Zusammengefasst muss ein Unternehmen folgende Kriterien erf├╝llen, um die SOC 2-Zertifizierung zu erhalten:

­čö╣ Schulungen zum Thema Informationssicherheit f├╝r alle Mitarbeiter

­čö╣ Gew├Ąhrleistung, dass alle Unternehmen, von denen Dienstleistungen eingekauft werden, ├╝ber ├Ąhnliche Informationssicherheitsprotokolle verf├╝gen

­čö╣ Gew├Ąhrleistung, dass alle Kundendaten sicher sind und Sicherheitskopien erstellt werden

­čö╣ Beschr├Ąnkung des physischen und digitalen Zugriffs auf diese Daten und L├Âschung der Daten, wenn eine Kundenbeziehung beendet wird

­čö╣ Etablierte Verfahren, die eine schnelle Reaktion auf Zwischenf├Ąlle erm├Âglichen

­čö╣ Regelm├Ą├čige interne und externe Pr├╝fung der Verfahren zur Informationssicherheit.

Der Zertifizierungsprozess

The SOC 2 report is audited by a certified external auditor. This auditor assesses the extent to which a provider meets the Trust Services criteria. SOC 2 includes two types of reports: Type I and Type II. Type I describes the organization’s systems. The auditor confirms that the design of these systems meets the relevant Trust Services criteria. Type II reports go further: they examine the operational effectiveness of these systems, i. H. they run tests to make sure they work as advertised.

Die optionalen Trust-Services-Kriterien sind die Eckpfeiler der Cybersicherheit

Sicherheit

Wie ist das System gegen Angriffe gesch├╝tzt?

Verf├╝gbarkeit

Wie kann sichergestellt werden, dass das System rund um die Uhr funktioniert?

Verarbeitungsintegrit├Ąt

Funktioniert das System wie geplant?

Vertraulichkeit

Wie k├Ânnen der Zugang zu, die Speicherung und die Verwendung von vertraulichen Informationen eingeschr├Ąnkt werden?

Datenschutz

Wie k├Ânnen sensible pers├Ânliche Daten vor unbefugtem Zugriff gesch├╝tzt werden?

The ISO 27001 certification

A look back

ISO 27001 was first published in 2005. Revisions have been made over the years. The latest version is from 2018. The standard was developed and published by the International Organization for Standardization.

The importance of SOC 2

ISO 27001 is an information security management standard that specifies the requirements for an information security management system (ISMS). The requirements specify how organizations can manage the security of their information assets, such as intellectual property, customer data, or third-party information.

Absolute protection against all cyber security threats is not possible. However, ISO 27001 is an internationally recognized mark of an organization that meets the highest security standards.

How security controls are set up

Eine Sicherheitskontrolle ist jede Ma├čnahme, die darauf abzielt, die Cybersicherheit einer Organisation zu erh├Âhen. Die meisten Unternehmen verwenden mehrere Sicherheitskontrollen: Firewalls, automatische Updates, Passw├Ârter, Protokolle f├╝r das Incident Management usw.

Der Zweck des ISMS ist es, sicherzustellen, dass die Sicherheitskontrollen einer Organisation effektiv verwaltet werden und gleichzeitig das gesamte Spektrum m├Âglicher Cybersicherheitsbedrohungen abdecken.

Das ISMS muss die Sicherheitsrisiken der Organisation systematisch untersuchen, bei Bedarf zus├Ątzliche Sicherheitskontrollen einrichten und sicherstellen, dass die Kontrollen den Anforderungen der Organisation fortlaufend gerecht werden.

Der Zertifizierungsprozess

Der erste Schritt zum Erhalt des ISO 27001-Zertifikats besteht darin, die Norm zu erwerben und die darin enthaltenen Anforderungen an die Informationssicherheit zu verstehen. Beim ersten Mal ist es in der Regel erforderlich, Sicherheitskontrollen hinzuzuf├╝gen und zu ├Ąndern, um die Anforderungen des Standards zu erf├╝llen. Nat├╝rlich muss jede Sicherheitskontrolle dokumentiert werden.

Sobald das ISMS die Anforderungen des Standards erf├╝llt, wird der akkreditierte Registrator eingeladen, die Pr├╝fung durchzuf├╝hren. Es kann eine vorl├Ąufige Pr├╝fung der Stufe 1 durchgef├╝hrt werden, um festzustellen, ob die richtigen Prozesse und Systeme vorhanden sind. Eine Pr├╝fung der Stufe 2 ist eine formelle, vollst├Ąndige Pr├╝fung.

Der Pr├╝fer ├╝berpr├╝ft die Dokumentation, um sicherzustellen, dass sie den Anforderungen des Standards entspricht. Erst dann kann ein Zertifikat ausgestellt werden.

Um den Standard zu erf├╝llen, sind fortlaufende Nachpr├╝fungen erforderlich. Die ISO 27001-Pr├╝fung wird regelm├Ą├čig vorgenommen, kann aber auch intern durchgef├╝hrt werden. Ein interner Pr├╝fer kann zum Beispiel eine j├Ąhrliche Pr├╝fung durchf├╝hren, w├Ąhrend die externe Pr├╝fung nur alle drei Jahre stattfindet.

Externer Pr├╝fer

ISO 27001 is based on standards – that is, long lists of cybersecurity guidelines to follow. Certification is not mandatory. As a result, some organizations choose to follow the standard’s guidelines and best practices without becoming certified. There is nothing wrong with that. However, only an external audit and the resulting certification are a real guarantee for customers and partners that the measures described in the standard are actually observed in the organization.

Numerous security-conscious companies rely on LeadDesk – including organizations from the healthcare and financial sectors.

LeadDesk holds both SOC 2 and ISO 27001 certification. In addition, our solution was also assessed against three key Trust Service criteria: Security, Availability and Confidentiality.

Learn more at LeadDesk
sales@leaddesk.com
+44 203 8080 414

Summary

Contact centers are potential targets for cybersecurity attacks. They process and store customer data ÔÇô data that is extremely lucrative for cybercriminals. However, targeted attacks are not the only risk. Blind attacks that simultaneously exploit vulnerabilities in thousands of organizations have also become common.

Companies should therefore ensure that their software providers are SOC 2 and/or ISO 27001 certified. Both certifications are widely recognized and externally audited signs that an organization has cyber security in mind.

If you are creating a request or RFP for a contact center tool, or evaluating the systems of different vendors, you should include these certifications in your evaluation criteria. For example, ask the vendor to:

­čö╣ An overview of its security controls

­čö╣ A list of relevant certifications for these controls

­čö╣ A listing of other external audits or reports.

Leitfaden zur Cybersicherheit f├╝r Contact Center herunterladen: