Contact Center Economics 101: Balancing Information Security and Customer Needs


Share on LinkedIn

By Bruce Belfiore and Tony Grimshaw

BenchmarkPortal, The Source For Call CentersSecurity breaches in the contact center environment can be enormously expensive and damaging, so it is worth real money to approach these matters the right way. It is important to foster a strong security culture that is supported by well-designed processes – – rather than to rely on a patchwork of technologies that simply give a warm, fuzzy feeling of security. Security is a journey – – not a destination. Corporate culture and business process must mesh with the technologies that support them, not the other way around.

Call Center EconomicsAs a contact center manager, you should be concerned about these issues because there is a natural tension between the needs of security and the needs of the business and customer interaction. Customer-centric managers want to facilitate easy, effortless customer access to information, while security experts seek to keep information safe. It takes an “eyes-open” culture to balance the objectives of both sides. Unfortunately, many companies today do not have the culture or processes that support the appropriate use of defensive technologies, while at the same time facilitating the conduct of business with customers.

You have an opportunity to be a catalyst of change for your contact center’s information security culture. However, you may need to open your mind a bit. Start by considering your own experiences:

  • Have you ever felt that your security colleagues have placed unnecessary obstacles in your way?
  • Have you felt misunderstood by the very people who say they are trying to protect you?

If so, you are not alone. These are signs of an organization that needs to evaluate how information security is approached – with an eye towards changing attitudes, instituting best practices with collaboration and mutual understanding, and giving more thought to the timing of critical conversations.

While a secure-but-business-friendly culture has many components, we offer a few key items for consideration here:

  1. Security starts at the top. Senior-level leadership is needed to raise awareness, articulate the right values, and initiate programs that support a healthy security culture.
    • The corner office folks should share their concerns and needs with security specialists, making it clear that they can and must communicate with other parts of the organization about security in an open and collaborative way.
    • Operations managers (including call center managers) should include security experts in their planning and execution of new technology initiatives – moving the critical conversations upstream before important decisions are made, especially before contracts are signed.
  2. Seats at the decision tables (project level). This follows from number 1 above. When it comes to technology and software, the corporate world is often a compartmentalized place where specialist don’t talk to each other, much less (heaven forbid!) communicate with the actual users. This needs to change; contact center managers need to be part of the solution by demanding a seat at the enterprise table and by offering a seat at the contact center table whenever needed. Your business runs on IT. IT systems and data are the lifeblood of a business, so they must be secure. Employees throughout the enterprise (including the contact center) should see and embrace the opportunity to help maintain the IT security from the get-go.
  3. Avoid surprises. Do not spring things on your security colleagues. “We have this software that is going live on Tuesday, are you o.k. with that?” is not music to anyone’s ears.
  4. Context is king. As contact center managers, you need to articulate your business requirements in a clear and documentable way. Describing your needs will also force you to clarify ideas and make the case for what you want. In the absence of compelling context, your security colleagues will generally react in a black and white, conservative way, (e.g., they may overcompensate on the controls they require), which can derail your projects. In the end, a mutually agreed upon approach may be found, but the conversations and the project will be longer than needed. To avoid churn in people, as well as requirements creep, document key decisions, including alternatives considered and the rationale/justification for the final outcome.
  5. Stay close during implementation. Even after decisions are made, the same stakeholders should be kept in the loop. There should be regular checkpoints with your stakeholders baked into your processes. Control & Governance processes can be lightweight (in terms of bureaucracy), but they should include key stakeholders and interested parties. Schedule regular meetings with clear agendas that are circulated with the meeting invitation. Use emails that require a reply of “have read and understood” within a reasonable period of time.
  6. Caveat emptor (buyer beware!) Vendors are essential parts of our ecosystems and, to your security colleagues, a potential source of threats as well. More than one customer has been railroaded into higher risk situations by pushy sales people. Vendors can introduce weak links, which creates another set of tensions. Bring your IT security experts in to help drive the vendor discussions, and include security as a topic on the agenda, or you will probably regret it later. Be ready to push your vendor to offer the necessary security to go with the wiz-bang functionality you are salivating over. If needed, get a time-limited risk exception (part of a culture /control and governance process) that satisfies your security colleagues, and then work with the vendor to fix the problem.
  7. People power. The right people, well chosen and properly trained, who live the values articulated by senior leaders, are essential to an organization’s culture. Both initial training and ongoing training should give proper weight to IT security. Invite your security colleagues to address your project people on a periodic basis and at the right level of detail. As the business owner, be candid and ask IT security to help you remove obstacles to moving forward, through better tools, patterns, and standards.

Think about a company in which all of the above best practices are implemented and working well. This is a company that can build corporate value in a more healthy and secure way.

The customer contact function presents special sensitivity for security, especially in regulated industries. Points of vulnerability include CRM (customer relationship management) software, which draws upon databases that may include patient health records, credit card or bank account information, and social security numbers. It is incumbent on customer contact managers to be part of the security culture, and not part of the problem.

Experience shows that a well-oiled security culture will save money and improve your economics. Having superior security capabilities, with critical conversations occurring well upstream of the delivery date, and getting the processes (control & governance) right will avoid a lot of very expensive and time-consuming problems. If you have weaknesses, address them early in your project to avoid impacting downstream operations, which might require them to create compensatory compliance processes at additional (“run-the-engine”) cost. Audit and added oversight may then be needed to ensure that the work-around processes are properly functioning. Raise your hand if you can vouch for this from your own experience!

Be honest. If your organization does not fit a “best practices” profile for a security culture, then please consider this article an urgent call to action. Assess your strengths and weaknesses and reach out to your colleagues in IT. Be ready to collaborate to plug holes, lower risks and, ultimately, improve your financial performance. To move forward and evolve the culture and improve the business, be persistent, rinse and repeat, a.k.a. “Test and Learn.” Security is a journey, not a destination or a single product.

“Contact Center Economics 101” articles are written to spotlight practical opportunities for financial improvement of contact center operations. Tony Grimshaw is a security architect and risk management consultant with over 20 years of experience on three continents. Bruce Belfiore (Harvard MBA) is Senior Research Executive and CEO of BenchmarkPortal ( Readers who would like to discuss security architecture or implementing best practices for their organization may contact the authors via [email protected]

Bruce Belfiore
Bruce Belfiore is Senior Research Executive and CEO of BenchmarkPortal, custodian of the world's largest database of contact center metrics. He hosts the monthly online radio show "CallTalk" and is chancellor of The College of Call Center Excellence. He has consulted for many Fortune 1000 companies, helping them to improve efficiency and effectiveness of their customer contact operations.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here