It has been a year since COVID-19 hit the Western world, bringing most of our in-person interactions to a grinding halt.
As face-to-face commerce became far less tenable at the old brick-and-mortars, more of our businesses moved to the virtual. With companies no longer able to greet their customers with a smile, the responsibility for maintaining relationships with customers shifted increasingly over to the contact centers.
Operating across multiple channels of voice, chats, emails, and basically every other form of communication available, the contact center agents have taken over the role of sales, service, and everything else in between for businesses as they have worked to stay afloat this year.
However, these agents have faced their own challenges during the pandemic. A report from August 2020 found that 77% of contact centers had at least 50% of their team working remotely. On the face of it, this move to go remote feels fairly standard by this point. Afterall, everyone else that could have already made their transition to remote work situations.
But as managers working in the contact center space quickly realized, they faced numerous security, regulatory, and productivity optimization related challenges to sending their workforce remote.
In hopes of understanding what sorts of challenges this increasingly crucial sector has faced with remote employee management and how they have gone about mitigating their risks, we dove into the contact center space and dug up some interesting issues that are reshaping the way that we think about and receive services.
From the Warehouse to Their House
Traditionally, contact centers have relied on large numbers of shift workers who show up to hear our complaints and take our orders. Packed into large warehouse-like offices, these agents don their headsets and do their best to answer customer questions and direct them to the appropriate resources.
Even as the contact centers offered a solution for mitigating some of the harm to the flow of business, acting as the conduit between the company and its customers, they too were not immune to the impact of the virus. It did not take long for many of these contact centers to start closing their doors to employees when it became untenable to have hundreds of workers sitting in the same closed space.
By March, many contact centers had sent their employees home to work remotely. Armed with a hastily pulled together tech stack — think a laptop, a headset, and a unified communications platform like Microsoft Teams — agents prepared to respond to customers. Especially in cases concerning public services or utilities, having agents on hand to handle the incoming flow of questions from the stressed out public was reassuring and downright essential.
Despite the initial scramble to get their people up and running, these measures appear to have generally been effective at keeping operations running. It might not have been smooth, but it was enough to keep their head above water.
With that hurdle having been cleared, these organizations quickly realized that they had a new set of challenges to contend with — namely remote employee management and security.
New Security Challenges to Data Loss Prevention
In order for service agents to be effective at their jobs, they need access to relatively sensitive information about us, their customers.
Agents have to be able to identify that we are who we say that we are in order to verify requests and transactions. They are also charged with taking payments and supplying us with potentially sensitive details. In this context, they are often privy to our credit card or banking information, health records, personally identifiable information (PII) like social security numbers, addresses, etc.
All these bits of sensitive information can be used for fraud and theft in the wrong hands. As such, the organizations managing these contact centers have developed over the years various practices for data loss prevention.
Many of these measures are aimed at compliance with regulatory regimes like the Health Insurance Portability and Accountability Act (HIPAA) or as is more often the case, the Payment Card Industry Data Security Standard (PCI-DSS).
The lists for compliance with these regulations are long. Many of the requirements focus on the need for not only storing the data securely, but also addressing the need for insider threat prevention as a part of their overall data loss prevention strategy.
In the office, these organizations are able to operate various employee monitoring practices to reduce the risk of the improper handling of data that can lead to theft and compromise. These can include basic steps like storing an agent’s mobile phone during their shift so that they cannot use it to take pictures of their screen. Shift managers are also rarely a stone’s throw away from agents. So while not exactly peering over their shoulders, they can act as a deterrent to the more brazen attempts to steal people’s data.
Stepping away from the security angle for a moment, the office setting also makes it far more straightforward to do activity monitoring. This can be for keeping tabs on the number and duration of breaks, as well as the start and end times of shifts to ensure that the employees were at least at their stations when they were slated to be.
Managing these security and productivity challenges become far more complicated once the employees go remote.
New Questions for Remote Employee Management
In the home environment, managers lose nearly all of the inherent controls that they had at their disposal in the office setting.
They are now tasked with assessing the remote work environment and coming up with solutions that will allow them to remain compliant and productive. Even once they are no longer quite so hands on.
This process starts from the most basic questions:
– Is the employee really the person at their computer taking the calls? Is it really them or did they ask their cousin to cover them for a half hour while they grab a nap?
– Is the employee or their cousin snapping pictures of credit card information for nefarious use?
– What steps are being taken to keep customer data secure?
– Is there a way to know who has accessed which resources? Are those logs usable for an investigation later if malfeasance is discovered?
– Will these security measures be acceptable to regulators now? What about in six months when remote work is no longer novel but a standard?
– How is the company monitoring productivity levels? Are managers able to identify where they are falling short of their goals and how to optimize with better BI?
– Are employees using their time well? Are there ways that we can help them to improve how they work by monitoring unobtrusively and suggesting changes?
The answers to some of these questions will take time to produce as organizations adjust to new norms. But thankfully many of them have sufficient if imperfect solutions that can be implemented now to help mitigate risk and aid in productivity management.
Solutions for Effective Employee Monitoring
The primary components of a successful remote employee management strategy cover the ability to monitor employee actions and reduce unnecessary exposure where possible.
Utilize Monitoring Tools for Insider Threat Prevention
Having managers present in the office helps to deter would be ne’er do wells by reminding them that watchful eyes are around.
Many organizations have already implemented solutions for employee monitoring at the office that tracks everything from keystrokes to email/message monitoring to logging all the websites or files that an employee accesses from their terminal for reasons ranging from compliance to measuring productivity.
These same solutions are available for use in cloud deployments to make it easier for monitoring employees while they are working remotely.
By letting employees know that these solutions are integrated into their work environment, they will be aware that any actions that could compromise customer data can be easily tracked back to them.
Removing Sensitive Data from Scope
Alerting employees that they are being monitored will likely deter most bad actors who are fearful of being caught. But taking some additional steps to deny malicious insiders the opportunity to compromise data is also a good idea.
One method that is growing in popularity is simply taking much of the sensitive data out of view. In practice this means finding ways to either confirm a caller’s identity or handle transactions without the agent viewing any of this information at any point.
In a normal transaction now, the agent can view your sensitive information on their screen. Or maybe you give them your credit card number in order to transact.
What if instead, the agent could simply send a push notification to your phone that you can approve to confirm your identity? Similar “out of scope” options apply for handling payments. Options include the agent sending you a link to enter your credit card info or transferring you to a digital service that lets you enter your card number over the phone but blocks the sound of the key tones to the agent. Oven one time use of “tokens” can offer solutions that are worth exploring further.
These are just some of the creative ways that agents can manage the calls with a human touch while keeping risky material off the table.
Activity Monitoring Backed by BI Analysis
Similar to how we can collect user data for security purposes, employee monitoring solutions also allow us to derive insights that we can use to improve output and processes.
Once integrated into the employee’s environment, we can aggregate data on idle time, which sorts of tasks are more time consuming, identify problem areas that might benefit from some rejiggering or general optimization, as well as other sets of KPIs that managers are looking to measure.
By utilizing BI dashboards, managers can not only collect all of this valuable information about their distributed workforce, but draw from it for better decision making. It also becomes far easier to share with other managers or leadership, depending on the need.
Embracing the Hybrid Future
As the vaccine continues to roll out across the globe, there is finally a sense that we may be seeing brighter days ahead. For businesses, they have shifted from the mindset of simply surviving to one that is determined to thrive.
That said, this sunnier outlook does not mean that organizations will simply turn back to where they were before the pandemic. The world of work has changed dramatically and we are still figuring out what that means.
For most organizations that have tasted the benefits of remote work, they are more likely to embrace a hybrid work model. This would see employees coming to the office on a reduced staffing basis. Maybe in for two days and out for three for example.
The contact center sector stands to benefit from not having to hold onto large capacity office buildings where everyone shows up every day. By embracing a hybrid model that utilizes the right technologies to improve security and productivity, they can cut costs without impacting the quality of their service.
At the core of this hybrid future is the need to create a sense of stability and continuity for staff. By adopting technologies and policies that remain consistent from the office to the remote work set up, organizations can set a clear line of expectations for employees.
Hopefully by creating a standard experience, it will make it easier for employees to navigate the upcoming transition period that is yet to come.
This article was originally published on IT Security Central and reprinted with permission.