The shift many organizations have taken over the past 12 months to remote and hybrid working models has brought with it many business opportunities. It has enabled them to open up and introduce more flexibility to both employees and established business models respectively. It has also potentially allowed them to reduce the costs of maintaining office space and incurring workplace overheads. But at the same time, it has also exposed businesses to a wide range of new risks including security threats core systems.
In many cases, security got neglected as businesses raced to get homeworking set up for their staff in the wake of the pandemic outbreak. As businesses rushed to the cloud or to virtualize their existing systems, many hastily chained different applications together, without necessarily focusing sufficiently on the army of hackers intent on exploiting system vulnerabilities for financial gains.
The best analogy here is a bike chain. You can have 20 links in that chain. But if one of them is weak, the fact the other 19 are strong is irrelevant, because through that one weak link hackers can find a gateway into the organization, its systems, and its data.
In line with that, incidents like the ransomware attack on a key US pipeline network, serve to highlight no organization is immune to this threat. And with the continuation of hybrid working that we see today, businesses will find themselves having to confront continuing challenges in this area.
- Check out the best antivirus solutions (opens in new tab) on the market today
Scoping out the impact
The impact of any kind of security breach can be severe for businesses of course, especially if that breach compromises data. The penalties for not ring-fencing people's personal data in the correct way are in themselves pretty stringent. And also on top of that it erodes a huge amount of confidence and trust in the brand.
Indeed, neglecting this issue can be especially costly for customer-facing organizations. Last year, research from PCI Pal® found that a third (33 percent) of UK consumers will avoid a business “for up to several years”, if personal data has been compromised due to a business’ poor data security practices during Covid-19, while a further 30 percent say they “would never return”.
What we see today therefore is a situation where many businesses are putting themselves and their reputations under threat by implementing point-and-click applications that are not properly integrated. Many organizations are still playing catch-up here because for them 2020 was all about business continuity, and the focus was keeping operations running, almost at all costs. In security terms, they are creating weak spots that could potentially be exploited by enterprising hackers. And with the pandemic accelerating the growth in cyber-crime that is a particularly urgent concern.
- These are the best Windows 10 antivirus (opens in new tab) software right now
Finding a way forward
So what’s the solution? It is clear that as organizations move to the cloud, they need to do due diligence not only on the systems they are looking to use but also on the interoperability from a security perspective between the different platforms and systems they are using. Just because a solution is great to use does not mean that it will integrate into the organization’s bike chain in a way that is completely secure.
Customer-facing organizations, of course, need to understand the journeys customers undertake and the systems and platforms they need to deliver these journeys. But they also need to understand how those systems can interconnect in a secure way in the cloud. Moreover, they must also think about how customer data moves from one place to another.
To take one example, an interaction might start with a chatbot and that might be using one platform or one technology. It then moves into the contact center, using another technology. The contact center might be pulling customer data from a CRM system, in other words, making use of a further system. Finally, the business might be looking at transaction and billable data through an ERP platform, simply put, making use of another platform or technology.
Added to all this, communicating back to the customer could involve everything from email to physical mail, text message to webchat. So there are a multitude of layers to consider just on the corporate side alone but businesses also need to think about the security implications of agents working from home, using their home networks and routers to communicate. They are new ingress points into the network in other words. Smart organizations have thought of this, of course and are using VPNs to create a secure tunnel from their user through to the core platform. That is of course an essential security measure that every contact center or customer-facing organization should be using.
In terms of the underlying cloud infrastructure, many businesses are playing it safe by opting for the solutions from the major providers and migrating to the Amazon Web Services, Google Cloud or Microsoft Azure platform. But even if the server and the infrastructure is secure, businesses still have to put in place a chain of applications to serve the customer and if these aren’t secure then, they will still have vulnerabilities.
So businesses ultimately need to be taking a holistic view of security, and make sure they fill in the gaps for any lapses that might have crept in during the rush to homeworking in 2020. They need to secure all their applications, not just their core infrastructure. They need to secure their data and they need to make sure staff have a secure set-up when they are working from home.
Critically too, they also need to think about their systems infrastructure. Historically, when businesses architected a set of applications to work together, they would have put a lot of planning and preparation behind it. But in the rush to migrate to the cloud back in early 2020, many organizations focused too much on point-and-play solutions that were effective at delivering their core functionality, but didn’t necessarily integrate effectively or securely into their existing architecture. They may have API integration gaps that don’t line up properly, therefore providing an ingress point for a hacker.
Now with the immediate rush to home working and the hybrid working model increasingly in place, that need to embed security into the whole process and ensure every new system is securely integrated has to be top-of-mind for every organization today. In seeking out a way to build a new working model that ensures business efficiency and business continuity, no customer-facing business can afford to leave themselves vulnerable to cyber-attacks and the negative consequences this will inevitably bring.
- Keep your organization safe with the best business antivirus (opens in new tab) solutions right now
Jeremy Payne, International VP, Enghouse Interactive (opens in new tab)