Call Center Security: How to Protect Employees and Customers
For many companies, call centers are the heartbeat of the business. So they require CSOs to strike a balance of physical and digital security measures for employees and customers alike.
By Malcolm Wheatley
May 12, 2008 — CSO —
The need for call center security occasionally is driven home in a tragic way.
Pratibha Srikanth Murthy, 24, was raped and murdered on her way to work at a Bangalore call center in the early hours of December 13, 2005. But the court proceedings that gripped India in February this year weren't the trial of her alleged assailant, cab driver Shiv Kumar. Instead, the case focused on her ultimate superior at work, Som Mittal—the managing director of call center operator Hewlett-Packard GlobalSoft in 2005, when Srikanth Murthy was killed.
Now the president of India's National Association of Software and Services Companies (Nasscom), the main industry body for the country's vast outsourcing and call center industry, Mittal has been charged under Indian laws that require certain businesses to provide safe transport for female employees traveling to and from the office at night. Ironically, Nasscom itself helped to draw up guidelines for such transport, which include requirements for guards to accompany drivers in company taxis, and that female employees should not be the first to be picked up or the last dropped off.
And with India's Supreme Court rejecting in February a challenge to the case being brought, the stage is now set for Mittal—and by implication, Hewlett-Packard GlobalSoft—to face trial. If found guilty, he would face a fine of 1,000 rupees (around $25) and would get a criminal record.
Thankfully, fatal attacks such as that on Srikanth Murthy are relatively rare. But almost three years after the murder, the name of Hewlett-Packard GlobalSoft is still being associated with the case—and that association looks like it will continue for some years. With call centers already the focus of security concerns around keeping data safe, the Srikanth Murthy case is a salutatory reminder that it's also important to keep safe the people who work with that data.
The reputational risk is enormous," says Patrick Chagnon, manager of corporate intelligence and investigation at Shelton, Conn.-headquartered security consultancy SSC. "Having employees attacked or robbed at gunpoint isn't good: People worry that if you can't protect yourselves, how can you protect others—and their data?"
The trouble is, as regular news reports highlight, there's not only ample evidence that call center operators are indeed failing to keep safe the data that they should be protecting, but also that their employees run a higher-than-average risk of attack.
"Attacks do happen, and happen all too frequently," says David Brown, managing consultant for security advisory services at Skokie, Illinois-based consultancy Forsythe Solutions Group. "It's like ATMs late at night, or mall parking lots—call center employees are vulnerable because call centers are frequently 24-hour operations, and often located in industrial or sparsely populated office park areas."