By: Tim Prugar
The transnational WannaCry Ransomware Attack exploded across the internet early Friday Morning on May 12th, and it’s aftershocks are still being felt early this week as some machines in Asian Markets are being booted up for the first time after the weekend. For the curious, Nicole Perlroth over at the New York times provides an outstanding overview of the background events leading up to this cyber attack, but the basic facts are relatively simple. A hacker or team of hackers identified a vulnerability in the Server Message Block (SMB) Protcol in Microsoft Software, and put together a ransomware attack that spreads through a system’s file-sharing capabilities. The attack would immediately encrypt all of the system’s files, demanding a Bitcoin payment for the de-encryption and safe release of the pertinent documents. The attack, like many, was unleashed via a simple phishing ploy – an unsuspecting victim downloaded and opened a file they shouldn’t have that contained the malicious software. The rest was a nightmare for the cybersecurity community.
While the WannaCry threat can reasonably be classified as “cyber terrorism”, and patches to protect machines from being infected have already been issued, Information Security Officers should use this incident as an opportunity to pull lessons about protecting all channels from attacks from bad actors. What can fraud experts, CISOs, and Call Center Leaders learn from the WannaCry attacks?
1. The Human is the Weakest Link In the Fraud Chain
The methods through which WannaCry spread and replicated may have been automated, but the door for access was opened by a human being. Basic social engineering is at the heart of many of these phishing, SMSishing, and vishing scams, and the phone is one of the most lucrative channels for manipulating a human being to a desired end. CISOs and Call Center Leaders should be investing heavily in training agents to identify and recognize common social engineering methods and tricks, and should consider exploring technologies that are able to identify calls real-time that have been spoofed or otherwise manipulated. There is a high correlation between ANI Spoofing and phone fraud attempts, so more information allows agents to “trust but verify” with more complete data.
2. The Cost of Attacks Go Beyond Money
The big story of the WannaCry attacks isn’t the absolute value of the money extorted (some reports have it at less than $60,000), but the “collateral damage” losses of disruption to services, man hours lost, and even potential health implications. The WannaCry ransomware didn’t just infect computers in a vacuum – it infected computers at Universities, the British National Health System, train stations in Germany, and multi-national corporations based out of France and China. Similarly, when fraud teams do cold “dollars and cents” cost benefit analyses of fraud solutions for the Contact Center, they often look only at their absolute number of fraud losses, and compare that to the cost of the solution. CISOs and Contact Center Leaders should look at the problem holistically: How much time are we losing due to caller authentication? Can we quantify the damage being done to our brand due to fraud and data breaches? Are fraudsters leveraging information stolen at the contact center level to make larger, more costly fraud attacks elsewhere?
3. Hackers and Fraudsters Are Very, Very Good At Exploiting Vulnerabilities
Some hackers and fraudsters are organized criminal enterprises; others are impish troublemakers. Either way, these people are experts at identifying weaknesses in security systems and exploiting them for their own gain. Just as the architects of the WannaCry attack masked their malicious software to get a foot in the door, so too do those looking to commit account takeover or identity theft through the Contact Center mask their phone number to minimize the likelihood of detection. By using ANI Spoofing, fraudsters look to mimic the phone number of an existing customer to bypass ANI-matching authentication procedures, or look to mimic a completely random phone number to hide their own identity. Either way, these fraudsters are leveraging spoof as the main method for their attacks, and any technologies that can detect these spoofing attempts real-time provide an added layer of much-needed security at the Contact Center level.
So what can CISOs and Contact Center Leaders do in the wake of the WannaCry attack to ensure that all channels are adequately defended from bad actors?
Security Leaders would be wise to conduct a thorough audit of Contact Center authentication and security protocols to ensure that vulnerabilities and weaknesses in the call flow are identified, isolated, and addressed in a timely fashion. Tools such as blacklists, voice biometrics, and anti-spoof technology are all strong safeguards to keep bad actors out, but they are used best in tandem as a layered solution to provide the highest possible level of Contact Center security.
Tim Prugar is Next Caller's Director of Customer Success. He can be reached at firstname.lastname@example.org.
You have 30 quick seconds to make a million fast decisions.
First impressions about a company via customer service channels make lasting impressions to the customer and whoever the customer decides to share them with (friends, family, social media). When Sir Patrick Stewart waited 36 hours for his Time Warner Cable appointment he took his thoughts to Twitter on their initial customer support. It resulted in a media backlash that had the TW social media team on their toes.
In most cases, the single point of contact with a company is when they reach out to customer service.
How will you, mighty customer service representative, measure up to the clock?
1. Be Prepared
If you’re a customer service agent that is provided with a technology to pull customer data, such as a name, phone or account number, address, etc. on your computer screen before every call, consider your job made 10% easier. If you don’t, you still have the ability to do one simple thing: ASK. By referring to the customer by name throughout the entire call, as well as opening their account to read through any previous service notes, you are a step ahead of the game to kindling the fire on a great call.
2. Be Kind
You’re on the customer’s side. Your job is to have their back. When you answer the phone, are you answering in a tone that you’d use with your best friend? Setting and keeping a genuine and friendly tone during the conversation welcomes your customer to your company, starts to build trust and showcases your brand voice in a positive manner. Not only that, it will benefit the bottom line. According to JitBit, businesses lose upwards of $84 billion per year due to poor, untrustworthy customer service.
3. Be Purposeful
The customer called for a reason. They may voice their frustrations immediately, not caring about your kind voice or that you know their name. What actions do you take then? By listening to the customer speak and release their dissatisfaction, you can zoom in on what the larger issue is at stake. You can then hold the reigns to define the purpose of the call to keep things on track and help your customer get to their desired resolution.
Here’s a Customer Service MadLib Style Script for you to act as a baseline on how to keep the empathy in your word choices when you may be challenged by a difficult customer:
[After listening quietly to customer on phone]
______________ thank you for sharing your experience with me. I completely understand why you feel
I am disappointed that _____________ has happened. Our company takes ownership of this and apologize. (Sum up customer story)
My goal is to resolve this. I will _____________________ and I look forward to working with you!
(Realistic Customer Expectations)
In a nutshell:
Write that down on a Post-It and stick it to your computer monitor, friends!
All of this happens within the first 30 seconds of the call. And the power is all in your hands.
Authored by: Sheldon Smith is a Senior Product Manager at XO Communications (XO.com). XO is a telecommunication services provider that specializes in nationwide unified communications and cloud services. Sheldon has an extensive background in UC and he has over 15 years of experience in the technology industry. His position involves overall product ownership of Hosted PBX, SIP, VoIP and Conferencing.
Research and Markets, a market research store, states the global contact center market is on track for a compound annual growth rate of 9.26 percent over the next four years, as companies look to outsource communication services and improve the customer experience. However, growth isn’t just happening over the long term. With 2015 almost over, it’s worth taking a look at what next year may bring for the call center and telecoms market: Here are five top trends for 2016:
Most telecom providers have built-in support for mobile devices and in some cases, wearable technology — but according to research firm Gartner, 2016 will usher in a new type of mobility powered by the “device mesh.” Put simply, this mesh extends beyond “traditional” consumer devices to also include home electronics, automotive digital systems and environmental tools. For telecom companies, this means increasing demand from users to support any device, anywhere, anytime.
The Ambient Experience
Gartner also predicts the rise of “ambient user experience” over the next year. Enabled by the device mesh, the idea here is to create a customer experience that “seamlessly flows across a shifting set of devices and interaction channels blending physical, virtual and electronic environment.” This is a sea change: Consumers are trending away from devices as discrete channels but instead view them as part of a unified whole. For call centers, the means a rise in the number of callers who expect agents with full access to historical records along with any online, mobile or previous phone conversations.
Breaches are now an expected outcome for many companies regardless of size or industry. The same applies to telecom providers: Personal data stored by your organization is a hot-ticket item for determined hackers. In 2016, expect to see a rise in the number of security startups and VoIP providers that offer native encryption for all communication data — in transit and at rest. Improved controls for local admins are also on-tap: C-suites and security pros alike want to know what is happening on their network, why and how they can put a stop to it, as needed.
Power to the People
According to global online community Customer Think, one big change coming to call centers of the future is the ability for customers to help themselves with minimal assistance from an agent. While CT takes the long view and says 2020 is the year to watch for this kind of transition, the tech market of 2016 should lay critical groundwork. For example, improved interactive voice response (IVR) systems will make it possible for customers to “self-serve” most of their issues, in turn putting more pressure on front-line call center staff to become subject matter experts. Over the next year, expect the view of agents to shift from one of “first contact” to “final option” — knowledge and skills must improve to match demand.
Bandwidth for Big Data
If telecom providers want to stay competitive through 2016, they’ll need to do better with big data. It’s no longer enough to simply store this steady stream of information — consumers expect their provider to offer real insight when it comes to buying habits and predicted needs. Handling the big data deluge means providers need to shore up available bandwidth and make sure they’re ready to manage the transition from steady flow to rushing river as data demands. According to business news publication Trade Arabia, companies in the Middle East — the world’s second-largest mobile phone market — faces the challenge of dealing with a tech-savvy consumer base that effectively jumped over landline adoption to embrace Internet-connected devices. The result? Massive amounts of data to analyze and insights to glean, and the chance to get a leg up on North American providers that don’t dive headlong into big data.
Ready for 2016? The future holds better mobility, improved user experience and security backed by a tech-savvy populace with big data focus.