4 Data Security Measures Your CX Tech Vendors Should Have in Place

You’ve just found the ideal solution to your contact center’s challenges. It’s the answer you’ve been looking for, the automation tool that will increase productivity and decrease costs—and it’s within budget. The only thing standing between your CX program and this KPI-boosting wonder tech? Security compliance.

While an InfoSec team may seem like the final boss when it comes to investing in new tech resources, their purpose is vital to keeping brand and customer data safe and secure. Knowing a few security best practices to look for in a technology partner can help you make the best choice for your organization and get faster, easier buy-in from InfoSec stakeholders.

Security compliance requirements vary from company to company, as does a company’s approach to security—which encompasses everything from risk management and security architecture to access management, a secure software development lifecycle (SDLC), and more. To start, here are four major data security measures that indicate a tech vendor prioritizes information security.

All Security Events Generate Appropriate Responses

In today’s internet-driven world, security events happen every day. A security event simply means something occurred that had the potential to expose data or allow access to infrastructure or systems, such as receiving a phishing email or leaving an open computer screen unattended. A strong InfoSec team should be able to stop most of these events before they become security incidents — that is, an event that negatively impacts the organization, such as compromised systems, stolen data, or other harmful actions.

When researching automation solutions for your CX program, find out what happens if something bad happens. A trustworthy tech partner should have threat detection technologies, such as security incident and event management (SIEM), in place — in fact, this is required for PCI DSS compliance for organizations that store, process, or transmit credit card information. Technologies like these ensure all security threats across the network, from infrastructure to end-user, are compiled and analyzed, and alerts are sent. From here, an InfoSec team monitors alerts, takes any necessary action to mitigate threats, and learns from these events to strengthen security.

Vulnerability Scans and Penetration Testing Find and Eliminate Weak Spots

Reactive measures are a vital part of keeping data secure, but proactive vulnerability scanning is just as important. Many automation tools are designed to integrate with an existing tech stack but, in the same way some chemicals cause different reactions when mixed in different combinations, some technologies don’t play nice with others. Sometimes, these incompatibilities result in unforeseen gaps or glitches. By regularly monitoring and identifying weaknesses in their system, your technology vendor should be able to strengthen or otherwise address the issue before bad actors can pull off a security breach.  

Not all vulnerability scans perform the same function, and which one(s) a tech provider uses may vary. Typically, vulnerability scanning falls into four categories:

  • Compliance scanning looks for specific vulnerabilities, as designated by compliance requirements. For instance, organizations looking to become or maintain PCI certification would use compliance scanning to ensure they meet the specified criteria.
  • Discovery scanning is more of a fact-finding mission. Often used when developing an initial security plan, this type of scanning simply discovers devices on a network, notes areas with the potential for vulnerabilities, and helps create a big picture of the network. 
  • Internal vulnerability scanning audits the entire network or system from the inside, usually with high-level credentials, looking for any and all vulnerabilities. Because of the scope of this kind of scan, frequency will vary—though it should be performed on a regular schedule.  
  • External vulnerability scanning simulates a hacker looking for a way to break into the system. These scans are launched from the internet and performed either unauthenticated or with very basic credentials to see only what a hacker could see.

A reliable solutions provider will be able to tell you about their vulnerability scanning practices, at least in a general sense. Keep in mind that specifics about scans and schedules may be confidential to protect security strategy.

Data Scrubbers and Sanitizers Delete Sensitive Information

Your contact center likely handles a high volume of personally identifiable information (PII) over the course of any given day. Protecting that information is critical to maintaining customer trust. To that end, any potential technology vendor should have a clear explanation of how PII and other sensitive or confidential data is used, stored, transmitted, and deleted by their product.

Beyond securely encrypted transmission of sensitive data, look for tech providers that utilize data scrubbing and sanitizing to remove PII before text is ingested or reaches a point of rest. 

For example, Laivly’s attended automation application runs data scrubbing to remove all PII, credit card information, and other sensitive data before sending any text for internal analysis and recommendation. A secondary scrubber is built into the back-end server space to further ensure data with the potential to carry PII is not tracked or stored. Laivly’s agent assist tool relies on machine learning, so historical data is also thoroughly scrubbed of sensitive information prior to ingestion. 

A Security Culture Keeps Employees Accountable

One of the more underrated ways to gauge a technology vendor’s commitment to gaining your trust is to ask about their internal approach to security. How do they maintain a culture of security among their employees — not just the ones on the InfoSec team, but Sales professionals, the Marketing team, the C-suite? Actions that indicate a tech company has a strong security culture include things like InfoSec awareness and training programs, periodic simulated phishing tests, and auditing behavior by monitoring emails and internet browsing.

A business that prioritizes security throughout its own organization and holds its employees accountable stands a better chance of keeping your brand, your contact center agents, and your customers safe from data breaches and other security threats.

Learn more about how Laivly uses and protects your data. Schedule a product demo today.