Chapter 04
Seeing is believing
Any comprehensive evaluation of a potential outsourcing partner needs to include a visit to a contact center and an opportunity to talk with agents and other customer-facing CX professionals. This will provide a better sense of how well the organization has implemented a security culture and, by extension, a positive employee experience, and is a valuable opportunity to understand the organization’s physical security measures.
Even in a world that’s rapidly becoming digital by default, physical security is integral to keeping systems and information safe. Therefore, on visits to facilities, ensure access is not simply restricted via locks, keypads or biometric scanners, but is actively controlled. Irrespective of the individual’s role or responsibilities at the contact center, there should be systems in place to stop ‘tailgating’ and ensure people can only pass through areas of the building where data is stored or accessed or where agents are engaging with customers, one at a time.
The only exception to this rule would be for visitors, who, once approved for entry, should only be allowed on the premises if accompanied by a staff escort. Make certain that everyone working in the building is wearing photo identification that makes it clear not only who they are, but their role and, by extension, their permissions and rights of access to different spaces within the contact center. The layout of the building should enable employees to access staff facilities without entering or passing through either technical and data storage areas or the main contact center floor where agents engage directly with customers.
What is a contact center clean desk policy?
Traditionally, a clean desk policy is focused on the physical protection and preservation of sensitive or confidential information.
So, for instance, a policy would demand that files and documents in use are never left unattended and are locked away at the end of the working day. It would also require that employees are present at a scanner, copier or printer when it is in use and that any file or document that is no longer needed is shredded or placed in the correct disposal bin to maintain its integrity...
Even in a world that’s rapidly becoming digital by default, physical security is integral to keeping systems and information safe.
And, once on the contact center floor, there should be an absolute clean desk policy in place that extends to prohibiting the use of smartphones and all other digital devices, including wearable technology.
Focus on fraud
Physical security measures, aligned with a careful and consistent approach to new-hire vetting, can help keep criminals outside and mitigate the risk of potential insider fraud. However, these measures need to be supported with technological approaches to monitoring and data protection.
For instance, potential partner organizations should be able to provide the option of tools such as real-time speech and text analytics for automating compliance with protocols during customer interactions, or for detecting suspicious behavior and highlighting areas where additional security training is necessary.
As well as for monitoring agents, similar tools should also be available for analyzing incoming contacts and highlighting attempts at fraud or social engineering.
Interior design
Alongside regular training and support delivered via digital tools, there are other less obvious but equally important physical indicators that an outsourcing partner is focused on protecting you and your customers from fraud, social engineering or account takeovers. The design of the workspace, while often overlooked, plays a crucial role in fraud prevention. Secure yet welcoming environments that balance comfort with productivity and offer communal spaces for relaxation and engagement or facilities for non-work activities contribute to a supportive atmosphere and significantly influence employee focus and reduce error-prone behavior.
Outside factors
When assessing potential partners, it’s crucial to remember that physical security and environmental risk mitigation should extend beyond offices and contact centers and encompass communities and even countries. This might not be immediately apparent, especially if your organization has never required an offshore component as part of its wider CX delivery solution.
For example, without access to a sufficiently wide and varied talent pool, not only will any cost benefits traditionally associated with offshoring fail to fully materialize, but the resulting strain on existing human resources could significantly increase the risk of error contributing to a security incident. As previously mentioned, when employees are under undue pressure or operating in an unsupportive working environment, they are more likely to make mistakes. And if they’re working in a contact center, those mistakes could be falling for an attempt at social engineering, failing to follow every aspect of an authentication process or becoming the victim of a phishing attack.
But as well as available talent, available infrastructure is a growing issue especially in instances of business continuity. Any number of factors — not simply a global health emergency — can lead to operations being moved off-site and employees needing to work remotely in order to maintain service levels. Clearly, leading organizations within the BPO space carefully select locations against a long list of criteria that includes political stability, infrastructure, meteorological risks and the size of any potential workforce.
Nevertheless, things can and do change. Increased competition can make it more challenging to attract new recruits, while changes in government policies can negatively impact anything from the quality of education to the allocation of resources for maintaining or improving the quality of life in areas beyond major cities or business hubs.
Therefore, as part of any due diligence, you should examine the levels of commitment a potential partner has made to regions where it operates. This can be evidenced by, for example, investment in local communities, the provision of education, or other initiatives aimed at improving or developing skills and building a positive relationship with the working population.
This can and should extend to support of nonprofits in the region; partnerships with schools, colleges and universities; and evidence of a positive, long-term relationship with local or national government agencies.
Action list
Ensure access to contact centers is tightly controlled.
Confirm the use of photo ID and clean desk policies.
Assess available approaches for monitoring agents for script adherence, customer authentication and legal disclaimer provision.
Confirm the availability of digital solutions for protecting against fraud, social engineering or account takeovers.
Investigate the organization’s community engagement and investment.
Explore the organization's involvement in initiatives benefiting the local talent pool and area.