![\"CSR](\"https:\/\/www.customerservicemanager.com\/wp-content\/uploads\/2018\/11\/csrlaptop.jpg\")
\nThis trusted access for employees to cardholder data, personal details or medical records helps ensure the best customer experience. However, it also makes the call center a prime target for a security breach.<\/p>\n
The Insider Threat<\/strong><\/p>\n Whilst it\u2019s commonly understood that the greatest risk of a breach comes from the employee, blaming your agents is never the right route to take. Call center agents are human. They are careless, flawed and often exploited. In fact, attackers love exploiting the naivety of your employees because it\u2019s so easy.<\/p>\n All it takes is one successful phishing email to persuade just one user to hand over their organizations login details. Once that hacker gains entry to your systems, you\u2019re not going to find out until it\u2019s too late \u2014 your anti-virus and perimeter systems aren\u2019t programmed to pick up on access using legitimate login details, giving snoopers all the time in the world to, well, snoop.<\/p>\n And also keep in mind that almost every external attack eventually looks like an insider threat. The use of compromised internal credentials by an external attacker is the most common threat action in data breaches (Verizon, Data Breach Investigations Report 2018).<\/p>\n So, how are you supposed to spot inappropriate employee access when it\u2019s already been defined as appropriate?<\/p>\n Spotting the threat<\/strong><\/p>\n Security must be there to protect against both careless and malicious employee behavior and to protect against outsiders trying to gain access by pretending to be employees.<\/p>\n When you boil it down, the only way to really tell if someone is a malicious insider or an intent external threat actor is by allowing them to perform actions (such as launching applications, authenticating to systems, accessing data, etc.) and determine whether the actions are inappropriate.<\/p>\n But given the majority of your employees don\u2019t act the same way everyday \u2013 let alone the next week or month \u2013 it makes more sense to spot the threat actor by looking at leading indicators of threat activity, rather than waiting for the threat activity itself.<\/p>\n One of the most accurate leading indicators is one no malicious insider or external threat actor can get around \u2013 the logon (local, remote, via SMB, via RPC, etc.). Endpoints require logons for access, lateral movement of any type requires authentication to access a target endpoint, and access to data first requires an authenticated connection.<\/p>\n No patch for employees but you can enhance access security<\/strong><\/p>\n The leveraging of logon management solutions provides organizations with not only the ability to monitor logons and identify suspicious logon activity, but to also craft logon policies to limit the scope of account use and automatically shut down access based on inappropriate logon behavior. By using the contextual information around a user\u2019s logon (origin, time, session type, number of access points, etc.) genuine logins become useless to would-be attackers.<\/p>\n So, while there might not be a patch for the employee quite yet, keep in mind that you do have a foolproof way to make sure call center staff are who they say they are, identify any \u2018risky\u2019 user behavior and put a stop to it before it ends up costing you capital, customers and your company\u2019s reputation.<\/p>\n Learn more about how call centers can verify access to the network and the data within<\/a>.<\/p>\n
![\"Fran\u00e7ois](\"https:\/\/www.customerservicemanager.com\/wp-content\/uploads\/2018\/11\/Francois-Amigorena.jpg\")
Fran\u00e7ois Amigorena is the founder and CEO of