Home Alone – A Christmas tale without the compliance

This holiday season, many contact centre agents, like Kevin, are hunkered down at home, bearing the storms of remote working alone. These agents are the first line of defence against security threats this holiday season. Let’s unwrap what they are up against and how both organisations and agents alike can proactively thwart the holiday villains.


The first offender on the list, compensating controls. Much like an icy stairwell leading up to the door, these can be a slippery slope. Compensating controls are often band-aid or temporary solutions that were once put in place to solve a compliance problem. However, those band-aid solutions such as pause-and-resume or clean room environments come with their own set of complications, or trip hazards! When up against increasingly complex security threats, partial compliance won’t do the trick. Clean room environments still allow the agent to hear spoken sensitive data, while the ‘pause and resume’ of call and screen recordings do the same and rely, in the main, on a manual action to start/stop. Data must then be scrubbed retroactively. With solutions like this, you can easily find yourself quickly slipping down a hypothetical flight of stairs, scrambling to make sure different entry points and storage locations are secure. These compensating controls can begin to hold off threats but are not entirely effective.

Holiday tip: consider a fool proof DTMF masking solution so that you can toss these compensating controls out the window and allow your technology to work as it was designed to.


Often the most overlooked are insider threats. Malicious or accidental, insider threats are often unsuspected. Like a can of paint waiting to fall, insider threats often come as a complete surprise. Whether this is sharing a password with a colleague, leaving a computer unlocked or sensitive information on a desk, insider threats aren’t limited to the contact centre. As more agents and employees work remotely, the risk gets taken home and is increased.  Contact centre managers don’t have the same visibility of their staff, and many organizations’ IT departments don’t have the same security measures in place that they would within a contact centre. This leads to opportunity, whether intentional or not, for vulnerabilities.

Holiday tip: compliance is not simply an IT responsibility. When an organization follows up to date company practices, the organization becomes stronger as a whole.


There are more points of vulnerability than ever before as contact centres continue to grow, become more efficient, and more metrics driven. It’s easy to miss a strategic phishing attack. It can sneak up on you like a shovel to the face, and the damage is done before you realize you were even vulnerable to begin with. Without proper training, phishing attacks really can seem to come out of nowhere. As remote agents are facing new and additional distractions away from the contact centre, proper training is more imperative than ever to keep your teams alert.

Holiday tip: take the time to train your team what to look for in a phishing attack and do so regularly. Your agents are often your organization’s first line of defence.


The final, and increased, threat this holiday season: hackers. When we think of a hack in the news, some of our first thoughts are of brand reputation loss, stolen sensitive data, and damage control. We see everywhere that it’s not an if, but when an organization will be hacked. This holiday season is no exception as many organizations are processing more data through phone and digital channels than in person. With the right technology in place, you can ensure that in case of breach, there is no sensitive data to be compromised. What better surprise to leave a hacker than blindsiding them with no financial data to steal!

Holiday tip: regular testing is key in reducing the risk of being hacked. This is a great opportunity to take the next step and de-scope your contact centre for PCI DSS compliance.


With threats around every corner this holiday season and Kevin stuck home alone, make sure your organization is taking the next steps to keep these threats at bay. Have you had enough or are you thirsty for more?

Our team is happy to help along your journey and is proud to offer cloud compliance solutions that protect and grow with your business and the ever-evolving regulations.

We wish you and your remote agents a safe and happy holiday!

The post Home Alone – A Christmas tale without the compliance appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: