Cyber Attacks and Contact Centers: Are you Prepared?
You may have seen the news earlier this month: AT&T Inc. has agreed to pay a $25 million settlement following the discovery of a data breach at their call centers in Mexico, Colombia and the Philippines. It happened because employees at these call centers accepted illegal payments to share the private information of the company’s customers. About 280,000 people were affected.
This case raises awareness that contact centers play a central part in dealing with customers in case of a cyberattack. They are the first point of human contact. Everyone can remember the large scale attacks that hit Target stores in 2015 or the Sony PlayStation Network in 2011. Millions users were affected, millions of credit card numbers leaked. This is a stressful situation for the customers and it can affect the company’s reputation dramatically.
Just like any other businesses, call centers have to be prepared and proactive to deal with the aftermath of a cyberattack targeting the company.
It becomes essential that shrinkage is taken into account, in order to handle an unexpected spike of calls, agents are trained, available, and scripts with an emergency procedure are ready.
How should you prepare your contact center?
Most companies devote just 2-4% of their IT budget to security and disaster recovery planning. And yet, the actions taken before a cyber attack are as significant, if not more so, than actions taken after the worst has become reality.
Some companies specialize in disaster preparation. They can help implement a strategy to fit a contact center’s needs, likely threats and budget. Many of these companies may begin with a business impact analysis, to assess the potential loss (whether financial, technical or in human resources) from a cyber attack.
It’s also a good idea to put together an issue response team ahead of time, so you will have the right people in place if an attack should occur.
What to Do After?
A cyber attack is not the same as other unforeseen activities that could not be anticipated with forecasting and scheduling. This is a situation where customers are directly and negatively affected by what has occurred, and may even incur financial loss as a result. Some will be angry. Some will be frightened. And most of them will be calling you as soon as the news of the attack is made public.
Because data breaches are now, unfortunately, an ongoing threat in 21st century business, most customers will understand that these incidents are not always avoidable. That means it’s no longer an automatic deal-breaker for that business relationship – but a lot will depend on how the company responds. For the contact center, that means focusing on 4 words: Communicate, Respond, Explain, and Apologize.
Let customers know as soon as possible that an attack has occurred. Don’t wait for them to call you. This will be the first step in rebuilding any trust that has been lost. The faster they are aware of what has happened, the faster they can contact their bank or credit card company and take steps to protect themselves. The companies that lose the most customers from a cyber attack are those that wait weeks (or even months) before going public.
Customers will have questions. Have your best agents in place – those that have shown via quality reviews and coaching that they know how to remain calm when speaking with someone who is upset. Make sure these agents have the answers ready to the questions that are always asked following an attack (“What happened?” “How will this affect me?” “Do I need to call my bank?”).
Cyber attacks are highly technical in execution, but customers will not be interested in explanations that they cannot understand. Agents should be able to explain in plain English what has happened, why it happened, and what steps the company is taking to control the damage, and make sure the customer is inconvenienced as little as possible. Also, tell them what steps are now being taken to make sure their information will be safer in the future.
This is where agent training should begin when preparing for the aftermath of an attack. The apology should happen near the beginning of the call, and again at the end. It will go a long way toward maintaining a customer’s confidence.
Bonus Step: Stay in Touch
Customers will expect a company to be reluctant to talk about a cyber attack, so they will appreciate if the company takes the initiative in keeping customers apprised of what is happening. Whether it’s a phone call from the contact center updating them on the situation, or an apology email from the company CEO, or some other means of following up, it demonstrates ongoing concern for the customer’s welfare and interest in keeping their business.
With cyber attacks in the news almost every week, companies can no longer assume they will be the exception and never have to worry about the fallout from such a damaging incident. However, few companies have devoted sufficient time to advance preparation, and a recent Ponemon study found that companies were also not prepared to communicate with customers following a data breach; in fact, of more than 470 surveyed, just 21% had a trained communications team in place.
For contact centers, where communication is the first and most important skill considered for agent hires, that percentage will not do. This is the moment when agents should be called upon to use their skills to address customer concerns and restore confidence and loyalty.
Ponemon study referenced in article: https://www.corpcounsel.com/id=1202598001685?slreturn=20150320141052
Workforce Optimization Newsletter – October 2018
Wrapping Up Dreamforce 2018 Commitment to Customer Experience Tops Priority List We’re back from a very busy week in San
Workforce Management: Big Benefits for Small Contact Centers
Where is it written that only contact centers with 100 agents or more can benefit from a workforce management solution?