Are Insider Threats in Your Call Center? Say Good-Bye to Costly Data Breaches with Prevention-First Approach


Share on LinkedIn

Sage: An odious breach

On August 15, 2016, an unauthorized user logged into the internal database of Sage, a successful UK based accounting software firm, valued at £1.3bn. The technological breach compromised the personal banking details of employees in over 300 accounting firms across the UK, causing immeasurable damage to Sage and the affected parties.

The immediate result? The data breach was plastered on the front headlines of all the leading UK financial news sources. Sage’s company’s stock dropped close to 4% at opening hour, that Monday morning. The long term result? Countless hours wasted and millions of dollars lost on remediation and recovery measures.

The thing is – it doesn’t just affect traditional large businesses. We’re seeing major trends in call and customer service centers to protect data because of the masses of representatives that have access to personal customer information. Even with the extensive Q&A security protocols in place, there is a great vulnerability factor every time someone accesses a file. For example, AT&T was fined $25 million after two employees at its call center in Mexico confessed to accessing customers’ information and reselling it to strangers.

Cyber threats: A ubiquitous occurrence

Security breaches such as these are far from uncommon these days. In fact, according to Privacy Rights Clearinghouse, an organization that tracks and reports data breaches impacting consumers, there have been a whopping 900,862,897 security breaches from 2005 until the present. That’s an average of 81,896,627 annual security threats! Organizations and companies affected include popular household names, such as:, Sony, T Mobile, JP Morgan, Evernote, and more.

The cost: A crippling 10-digit figure

As cyber threats continue to rise, so do the crippling costs of the effects. A recent report published by Ponemon Institute estimates that the cost of the average record lost is valued at $154 USD, while the cost of the average company security breach is valued at $3.79 million dollars! This astronomical figure is a compilation of both the direct and indirect consequences of the leak. Factors accounted for include: time and resources wasted identifying the source, business lost as a result of key company employees being tied up with the matter, customers lost due to incurring issues of trust, and stocks that drop as a result of investor sentiment wavering.

Taking the necessary safety precautions in call and customer service centers

Cyber hacks and advanced security threats have become an ever-present reality. As such, businesses and organizations have been seeking out increasingly sophisticated measures to prevent them. Common preventative measures now include: the use of data loss prevention (DLP) technology, firewalls, and intrusion detection and prevention systems.

These common methods help effectively protect against external security threats. But what about internal threats?

The solution for tackling the problem is two-pronged. The first half involves raising employee awareness. This includes stressing the importance of maintaining common security practices such as: creating unique passwords, not sharing user information, and exiting all accounts before shutting down devices. It also involves reminding employees about the severity of accessing data which they have not been cleared for, or sharing internal files with external parties.

One of the best ways to control internal threats in this type of environment is to control access on a file and document level and to be able to fully track all the activity when a company representative accesses someone’s file (even when she has permission) using security monitoring software to actively track and monitor employee activity. Internal security programs allow companies to monitor employee security compliance by tracking: applications used, emails sent, files transferred and documents printed. Some program also send an alert when a user violation has been triggered, enabling company officials to take immediate action, before the occurring damage spirals out of control. By knowing exactly what information they had access to, IT forensics becomes much easier if anything goes wrong.

Employees gone rogue

The angry employee, seeking to exact his revenge for grievances caused, the curious worker wondering what his fellow teammate is earning, and the money-hungry technologically savvy cohort looking to sell valuable customer files for a pretty penny all present viable security threats.

These instances may sound exaggerated and contrived, but they are not. According to Intel’s 2015 report Grand Theft Data, 42% of all company security breaches are caused by an inside source. That means that while the majority of prevention measures being taken are aimed at external security threats, almost 50% of the damage being caused is the result of an insider job.

The fact is, that today’s employees have a wealth of data available to them, and the majority of companies are not taking the proper security measures to ensure that data remains internal. Sage, AOL, Texas Lottery and GS Caltex all experienced internal security breaches, not external ones. To prevent such further occurrences, companies need to first acknowledge the prevalent risk of an internal data breach, and then implement the necessary security measures to prevent it from occurring.

Proactive education and having systems in place cost a fraction of the cost incurred, should an actual security breach take place, and they are quite easy to integrate and maintain. Make no mistake, the probability of a data breach is quite real, as are the incurring costs. If a hack can happen to Facebook or the US military, it can happen to your company as well.

Isaac Kohen
Isaac Kohen is VP of R&D at Teramind, a leading, global provider of employee monitoring, insider threat detection, and data loss prevention solutions.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here