The old adage “cybersecurity is everyone’s job” is more true than you might imagine. While not every department is tasked with threat hunting or reviewing detailed vulnerability disclosures, each has a role in protecting the organization from fraudsters and cyber criminals alike.

Customer service is uniquely positioned as the face of the company. These departments work with customers to resolve order and service disputes, answer questions, process product returns, modify account information and much more. They form a crucial link between a company and its customers. As such, it’s also important not to underestimate the role customer service plays in cybersecurity.

Customer service departments make attractive targets

Depending on the business, a customer service agent may have access to a trove of customer information and company systems. They may even have access to change customer account information or take payments over the phone. Due to the combination of access and a job that requires helpfulness, customer service departments are a ready target for cyber criminals.

Customer service departments are often targeted with social engineering campaigns, tricking them into giving up information they wouldn’t otherwise share. According to the 2022 Data Breach Investigations Report, human actions are a direct factor in 82% of the breaches examined. In fact, social engineering facilitated 2,249 incidents where 1,063 of which resulted in data disclosure. Threat actors most often used phishing and pretexting to facilitate a breach.

The number of communication channels available to the modern customer far outnumber those available just over a decade ago. Depending on the technologies used, a company may interact with customers through live chat, social media, email, phone, SMS text messaging and other direct messaging channels. Some customer communications platforms can transfer conversations from one channel to another while keeping a log of the interaction from start to finish. In other instances, representatives can view detailed customer information in the course of addressing an issue.

Customer service agents must handle multiple competing priorities throughout the lifecycle of customer interaction. They must balance the responsibilities of providing accurate information quickly while verifying they are indeed working with the real customer. The customer service department is also responsible for preventing unintentional disclosures of company and customer data through its communications channels.

Building a risk-aware workforce

Customer service departments often experience high turnover rates and may lack appropriate resources for regular data privacy and cybersecurity training. Despite those factors, these departments function as an essential part of doing business. It’s important for the CIO to consider what resources the department currently utilizes and how they can be improved to ensure every employee has the knowledge and risk awareness necessary to prevent cyber incidents.

Customers entrust their personal data to companies they do business with; they expect every department with access to handle the data properly. Customer identity access management can help, but the human element must also be examined. CIOs are in a position to build a culture that abides by data protection regulations. Policies and procedures outline the company’s standard approach. The CIO lays the foundations for an organizational culture that balances excellent customer service and cyber risk awareness.

Better customer support through collaboration

The CIO can work with the customer service department to improve security controls, policies and training.

A careful examination of the current support systems and how customer service agents interact with them can reveal important deficiencies in the software itself as well as the security controls in place. CIOs can open a feedback loop with the department to encourage comments about improvements in software and customer workflows.

Adjusting security controls and customer interaction workflows can help eliminate steps that are unnecessary or provide too much information to a support agent who does not need it to perform their duties. Platform tweaks can be very helpful in preventing unintentional access to personal information. However, they do not fully protect employees from potentially urgent and emotional appeals for private information they may encounter.

The CIO should work with the customer service department to tailor a cybersecurity awareness training program to meet their needs. An annual cybersecurity basics training course doesn’t happen often enough nor contain the right information for a busy customer service department which frequently interacts with strangers through multiple channels. Training should happen often, be engaging, be relevant to the employee’s functions and teach risk awareness (rather than focusing only on the multitude of attack types).

In this way, an organization’s customer service department can work hand-in-hand with its cybersecurity team to the benefit of both.

More from Risk Management

The Growing Risks of Shadow IT and SaaS Sprawl

4 min read - In today's fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its challenges: namely, shadow IT and SaaS sprawl. According to a recent study by Entrust, 77% of IT professionals are concerned about shadow IT becoming a…

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…