The BPO’s sent everyone home, but how secure is your data now?

Business Process Outsourcing (BPO) faces a crisis. The Covid-19 coronavirus made it impossible, or extremely difficult, to work in contact centres over the past few months. Social distancing rules and stay-at-home orders have led to most BPO and customer service companies sending all their contact centre agents home with a laptop. Working from home is the new normal.

Even as many people gradually return to the contact centre, it’s likely that about a third will stay at home permanently. This will reinforce a new era of agility and resilience that is required across the industry – no company can afford to ignore the possibility of a new wave of Covid-19 or even a new virus in future. An agile delivery model is now expected.

Some of the bigger BPO companies sent tens of thousands of their employees home. They have all been talking about the heroes that made it happen and flooding LinkedIn with stories of success – we kept going, despite the virus, is the general message coming from all of them. They are to be congratulated – there are some great stories of how this pandemic changed everything overnight and yet they continued to deliver.

But the honeymoon is over. The business media is full of stories explaining just how difficult managing a remote workforce really is. You cannot just setup a Virtual Private Network (VPN) and send everyone home with a laptop. These agents are usually handling customer data, often highly personal information. The companies managed to keep the agents answering calls, but now we are starting to hear about how security is being compromised.

We are fast closing on the end of Q2. It’s time for all those Quarterly Business Review meetings to take place. Let’s imagine what that brands are going to say to their customer service providers:

  • “Well, it seems you are delivering everything securely without the need for a contact centre, so when are we going to receive some concessions? You no longer have all those capital costs so your customers should be rewarded.”
  • “What do you mean, you can no longer meet the security Service Level Agreements (SLAs) because your work from home environment doesn’t have the right data security protocols?”
  • “Why am I reading a story in the New York Times about my customer’s personal data being offered for sale online?”

There will be some difficult boardroom conversations over the next few months.

Some of the BPO companies are running their own security audits, or being forced to run audits by their clients. Will their work from home infrastructure pass the test or will they even publish any unfavourable results?

One of the biggest challenges is scalability. At the start of this year, nobody expected that entire companies would need to switch to a work from home model. When different national leaders started announcing quarantine measures these companies had to buy equipment and rapidly get everyone ready to work from home. Security standards were a long way down their to-do list when their ability to survive the crisis was being challenged. So now that they have everyone working from home, are the security protocols they rushed out overnight safe enough and can they be scaled as the team size changes?

Here’s an idea. If you run a company that is working with a BPO to manage your customer service then why not send some of these questions to your account manager:

  1. How can you guarantee that only your agents are logging in to your systems?
  2. Are all communications encrypted, so if someone hacks the wifi an agent is using there is no way to monitor or collect personal customer data?
  3. Are your agents trained in the signs that may indicate a potential cyber breach?
  4. Have you audited the wifi security agents are using at home?
  5. Are agents using personal apps, such as email, on the same device and potentially inviting a phishing attack?
  6. Are agents culturally trained to think of security first? In the office environment it’s usually assumed that an IT security team has it under control, so who is managing it across thousands of homes?

That’s just a start, but these are the most obvious questions you need to ask. All the BPO companies moved thousands of people into a work from home environment almost overnight. They had no time to plan for the security of a diverse network and although their heroic efforts meant that they kept on delivering services, it also meant that there will almost certainly be data breaches. The business press is already warning their readers to expect the worst. 93% of data breaches take less than a minute and are usually not discovered for weeks.

Stephen Loynd: “if you work with the big players from the BPO industry then your concerns are going to be reduced.”

As Stephen Loynd from TrendzOwl said on my CX Files podcast recently, if you work with the big players from the BPO industry then your concerns are going to be reduced. Companies like Teleperformance and SYKES had thousands of work from home employees before Covid-19. Naturally they had to scale up fast, but they were doing so with pre-existing security protocols. If you are working with mid-tier or smaller players then you need to start asking some of these questions in the near future because survival mode is over.

How secure is your customer data? It’s worth asking. Now.

To Top