While the rapid shift to a remote workforce model in the wake of the COVID-19 pandemic has driven many changes for businesses around the world, a few constants have grown in importance. To maintain operations as seamlessly as possible, organizations must secure their payment systems, technology access, and sensitive customer data no matter where it resides, and that is particularly true when it is being accessed or processed by employees from their homes.
Many organizations have undergone a rate of digital transformation in recent months that was previously unmatched over several years. Out of necessity, consumers have turned to and rely on online and mobile channels or have dialed into call centers to make purchases, schedule medical appointments, change their travel plans, pay bills and more. These shifts have placed increased workload and responsibility on customer support teams, salespeople, IT security personnel and the businesses that employ them. They must maintain operations and provide newly remote employees with access to business technologies, while still ensuring that sensitive customer data is appropriately secured in compliance with current and emerging privacy regulations.
Considering this situation, a few key questions immediately come to mind. For example, how can organizations ensure their employees who handle payments and other types of personally identifiable information (PII) maintain compliance with data security and privacy regulations like the Payment Card Data Security Standard (PCI DSS) when working from their homes? How can companies protect employees and their networks from increased COVID-19 cybersecurity risks? And how can businesses ensure they not only survive but actually keep sight of their business goals during an extended change to their operational model?
How to Protect Payments, Business Systems and Customer Data from Anywhere
Fortunately, despite all of these challenges, there are modern payment technologies and security best practices that organizations can employ to ensure that customer PII is handled in a PCI DSS compliant manner everywhere, while substantially reducing COVID-19 related cybersecurity risks and vulnerabilities.
Minimize Exposure to Sensitive Card Data
One of the most effective ways to protect payment card data and other PII is to ensure it is never held by customer service representatives (CSRs), sales professionals or other employees who do not need access to it, regardless of where they are working.
Consumers now expect to make payments across a full array of customer engagement channels. Modern cloud-based payment solutions enable CSRs and sales professionals to facilitate transactions on any medium customers prefer. These mediums include the phone, web chats, social media, email, SMS, e-commerce and m-commerce, even through the use of QR codes and more. Meanwhile, by using technologies like dual-tone multi-frequency (DTMF) masking, secure payment hyperlinks and encryption, the sensitive payment data bypasses the employee and organization’s network completely and is routed directly to the payment service provider (PSP) for processing.
Because the sensitive data is never handled or stored by the employee, the business is able to maintain PCI DSS compliance and minimize security risks such as data breaches or fraud.
Strengthen Remote Cybersecurity Procedures
With a dispersed workforce, having strong cybersecurity protocols is more important than ever before. Since the COVID-19 pandemic began, cyberthreats targeting remote workers and vulnerable businesses have increased on a massive scale. For example, it has been reported that phishing attempts and business email compromise (BEC) attacks have soared more than 600 percent since the end of February.
To protect against these threats, organizations must secure the owned laptops, mobile phones and other Wi-Fi enabled devices that connect to their networks, while also protecting against potential vulnerabilities introduced by employees’ devices. Organizations can mitigate these challenges and continue to comply with regulations like PCI DSS by using encryption methods such as WPA2 and installing a corporate VPN.
Conduct Privacy Compliance and Security Training
To ensure PII remains secure and protocols are followed, it is also important that remote employees are trained on the risks and steps needed to maintain security across workflows and devices when working at home.
Organizations should conduct a mandatory refresher training on PCI DSS security awareness for all employees, as well as to help them recognize common COVID-19 cybersecurity threats. These training sessions should instruct workers on a variety of topics including: best practices for password security; how to ensure devices are patched, malware protected and using a firewall; always using encrypted communications channels, such as a VPN, to access a company network; ensuring that housemates or family members don’t have access to business systems or overhear CSRs discussing customers’ sensitive information over the phone; among others.
Harness Real-Time Analytics for Decision-Making
Finally, businesses should also consider using real-time analytics to improve their decision making when operating with a remote workforce. By leveraging real-time analytics, organizations can gain a reliable view of how their payment and customer support systems are operating from anywhere. Gaining robust analytics on all customer touchpoints or potential areas of concern – including failed payments, system resets or increased wait times – can also help to improve customer and employee satisfaction, or to adjust their operations as needed.
As businesses become accustomed to navigating a remote workforce with modern technologies, they will move into a more secure operational state. By following these best practices, organizations can maintain secure payments and compliance with customer data and privacy regulations, while preparing their workforce and systems for the future.