Need more reasons from my post from yesterday about why call centers need targeted training and ongoing awareness?
If so, then here is the second part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime…
———————————–
Call Center Staff Have Access to Sensitive Information
When you stop to think about it, call center staff have access to huge amounts of sensitive information and PII. Having access to all this information can be a significantly massive risk when you consider the insider threat and all the possible types of actions that staff can perform to cause an information security incident or privacy breach with their authorized access. Massive breaches could easily occur as a result of mistakes, lack of knowledge about how to safeguard information, and malicious intent.
Call Center Staff Answer Breach Questions
Call center staff are commonly and increasingly used to answer questions from impacted individuals whose PII was involved in a privacy breach. It is critical for call center staff to know how to appropriately answer these questions so that they do not exacerbate the situation, elevate the breach to an even more damaging level, or give out information about the breach that would damage the associated investigation.
Call Center Staff Want to Make Customers Happy
Another important point to keep in mind is that call center staff have usually had a tremendous amount of customer service training, most of which emphasizes that the customer is always right, and that they must always make the customer happy. It is often counterintuitive for call center staff to be expected to provide safeguards for PII and not give out too much information when they have had it drummed into their heads that they must give the customer, whomever calls them, anything that they ask for!
Call Center Functions Are Often Outsourced
Be sure you do not forget about your outsourced call center personnel! They are just as, and in many ways more, important for providing information security and privacy training and awareness communications. Be sure you also include training and awareness requirements within your outsourcing contracts.
———————————–
Tags: awareness and training, call center training, Information Security, IT compliance, IT training, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training