Customer service organizations are no longer just brick-and-mortar operations; they have become digital enterprises with global reach that routinely handle sensitive payment information. With the great migration to the cloud in full swing, a focus on data security is paramount.
Cloud migration is a major trend that can’t be ignored, but not all cloud security is created equal and some lack rigorous data protection. In fact, misconfiguration for cloud services accounts for 19% of malicious data breaches and increases the average cost of a data breach to $4.41 million. Further, even if all the cloud solutions are properly configured, there’s always the risk of insider fraud — which is on the rise — and cybercriminals taking advantage of payment data traversing networks and systems.
It’s no secret that data breaches lead to huge losses in revenue, lawsuits and customer trust. In order to protect your business from data breaches and keep your customers happy, you must be proactive about securing your customer’s payment details.
For customer service organizations, they need the best possible payment security providers to ensure their agents can take sensitive customer data via the voice, chat, web and social media channels without compromising great customer service. The cost of a single data breach could be devastating for contact center operations so identifying vendors that provide robust data security with no discernible impact on agent performance or call quality is a top challenge for these organizations.
Here are five key questions to ask when considering a cloud provider or security partner:
- What does “compliance” really mean? Many cloud services adhere to the Payment Card Industry Data Security Standard (PCI DSS). Ask deeper questions to understand what that really means for your organization. Obtain their PCI DSS Attestation of Compliance certificate, Cyber Essentials certificates and ISO certificates to ensure that they cover the full scope of payment data protection that you expect.
- What security responsibilities still lie with your organization? Create a comprehensive responsibilities matrix for your cloud services. Assess what each potential vendor offers and understand which security duties your team will be responsible for. Understand how their solutions change your footprint and risk profile.
- What do their availability and redundancy look like? Any downtime or business continuity event for your service provider is likely to impact your availability, revenues and service levels that you have with your customers. Their availability is an extension of the customer service you’re able to provide.
- How good is their own security strategy? Obtain and understand their responsibility matrix, review their security operations and talk to them about how they take a holistic approach to data security within their own organization. Their “PCI compliant” status does not always indicate a scope reduction for you. It’s also useful to know what their service design strategy is as well as their data classification approach, storage and retention.
- How good is their reputation? It’s no surprise that reputation counts for a lot when it comes to choosing a data security vendor. A high level of rigor should be applied when considering any cloud services provider. Assess the vendor’s financial state, request client testimonials and have an understanding of successful projects they have completed that meet the same level of complexity as your environment.
After evaluating all potential vendors and choosing the one that is right for your organization’s unique needs, it’s important to finally understand that a vendor’s risk now becomes your risk as well. A third-party data security provider can reduce your risk and compliance burden and can provide additional guidance and expertise as emerging threats are identified. But remember that ultimately, the responsibility for protecting and storing customer data lies 100% with you.
Data breaches happen. When they do, the consequences can be devastating for both businesses and consumers. Advance a holistic approach to cloud security with confidence by understanding exactly what’s at risk today.
