By: Kevin Ruthen, Chief Technology Officer, Support.com
In 2021, companies looking to strengthen their security postures are sure to take a hard look at their third-party vendors and BPOs. The sudden shift to home-based and hybrid work in 2020 sent a grim reality check to many cybersecurity executives. Though security executives felt overall that they were prepared for the transition to remote work and that their employees knew their company’s security compliance best practices, nearly 20% of respondents to a recent Malwarebytes survey faced a security breach due to a remote worker last year. The security landscape for vendors was even darker: a report released by BlueVoyant in September 2020 revealed that 80% of respondents had faced multiple data security breaches originating from a vendor in the past year.
While rightfully disturbing to cybersecurity executives, these trends aren’t exactly surprising. Data outside the security perimeter is vulnerable, it doesn’t get much more “outside the perimeter” than an employee of a third-party vendor who’s working from home. It would be natural for CIOs to consider protecting themselves by pulling all their operations as close to the center as possible, bringing employees back to brick-and-mortar buildings and insourcing more of their operations. However, doing so would limit opportunities to improve operational efficiency and provide a greater level of customer service through business process outsourcing.
The Challenge for BPOs
Companies hire BPOs for a reason: we are specialists in providing customer support with greater efficiency and outcomes than customers can achieve in-house. The shift to WFH across the BPO market has challenged traditional BPO brick and mortar players to demonstrate that they can deliver these specialized services securely using home-based agents. The measures required to retain customers’ confidence go beyond terms of service or employee compliance training. The client’s security perimeter needs to extend to encompass outsourced agents at home.
It is possible for a BPO to maintain a strong security posture even with home-based employees. In fact, if the workforce is entirely home-based – a practice known as homesourcing – the required processes and practices are significantly easier to implement. Hybrid employees who swap between working remotely and in-person – or worse, employees who were hired to work in-person and forced to work remotely instead as the result of a pandemic – are more likely to use unsecure networks or personal devices than a fully homesourced employee. They may lack secure dedicated Internet access, or their home network may be difficult to protect from malware.
The Homesourcing Advantage
Homesourced employees are much better positioned to comply with security protocols. At Support.com, we custom-profile every potential hire to ensure they have the proper network access, space, and setup for home-based work. In addition to these necessary environmental conditions, we layer best practices and proprietary solutions to ensure security and compliance. Faced with the need to provide the high levels of security required by HIPAA for our healthcare customers, Support.com has innovated to ensure its homesourced workforce meets even the highest data security requirements.
In a work-from-home environment, how can a company guarantee that only the appropriate people, in the approved work environment, have secure access to company data? Our SecureHub platform uses Bio Facial identification to verify that an expert is who they claim to be, and that they are working from an approved environment. The technology also detects if other people are present in the room. Through AI monitoring, we can even detect if an employee is engaging in a number of prohibited activities like using a mobile phone or taking notes. Electronic data capture can be restricted as well, including taking screenshots, downloading confidential customer information, or connecting an external drive via USB. If a camera or an unauthorized person is detected in the background, the monitoring system can automatically blank an agent’s screen and notify their supervisor.
Support.com also implements the highest device-level security on all devices, which are the only means of accessing our customers’ data. Our proprietary software verifies that an expert’s anti-virus software is up to date. We can blacklist or whitelist the applications and websites accessible through an expert’s workspace. Support.com’s communications are secure at the network level as well: all employee connections are highly encrypted and conducted via VPN and/or through a virtual desktop interface (VDI).
The best security is not a matter of intentions – it’s a matter of design. Support.com’s homesourcing model is designed to deliver the same or better security as a brick-and-mortar facility, while also providing true business process continuity. Because we’ve been refining our approach to secure home-based work for 20+ years, we remain ready to offer our customers the highest possible security requirements across all industry sectors.