The old adage “cybersecurity is everyone’s job” is more true than you might imagine. While not every department is tasked with threat hunting or reviewing detailed vulnerability disclosures, each has a role in protecting the organization from fraudsters and cyber criminals alike.

Customer service is uniquely positioned as the face of the company. These departments work with customers to resolve order and service disputes, answer questions, process product returns, modify account information and much more. They form a crucial link between a company and its customers. As such, it’s also important not to underestimate the role customer service plays in cybersecurity.

Customer Service Departments Make Attractive Targets

Depending on the business, a customer service agent may have access to a trove of customer information and company systems. They may even have access to change customer account information or take payments over the phone. Due to the combination of access and a job that requires helpfulness, customer service departments are a ready target for cyber criminals.

Customer service departments are often targeted with social engineering campaigns, tricking them into giving up information they wouldn’t otherwise share. According to the 2022 Data Breach Investigations Report, human actions are a direct factor in 82% of the breaches examined. In fact, social engineering facilitated 2,249 incidents where 1,063 of which resulted in data disclosure. Threat actors most often used phishing and pretexting to facilitate a breach.

The number of communication channels available to the modern customer far outnumber those available just over a decade ago. Depending on the technologies used, a company may interact with customers through live chat, social media, email, phone, SMS text messaging and other direct messaging channels. Some customer communications platforms can transfer conversations from one channel to another while keeping a log of the interaction from start to finish. In other instances, representatives can view detailed customer information in the course of addressing an issue.

Customer service agents must handle multiple competing priorities throughout the lifecycle of customer interaction. They must balance the responsibilities of providing accurate information quickly while verifying they are indeed working with the real customer. The customer service department is also responsible for preventing unintentional disclosures of company and customer data through its communications channels.

Building a Risk-Aware Workforce

Customer service departments often experience high turnover rates and may lack appropriate resources for regular data privacy and cybersecurity training. Despite those factors, these departments function as an essential part of doing business. It’s important for the CIO to consider what resources the department currently utilizes and how they can be improved to ensure every employee has the knowledge and risk awareness necessary to prevent cyber incidents.

Customers entrust their personal data to companies they do business with; they expect every department with access to handle the data properly. Customer identity access management can help, but the human element must also be examined. CIOs are in a position to build a culture that abides by data protection regulations. Policies and procedures outline the company’s standard approach. The CIO lays the foundations for an organizational culture that balances excellent customer service and cyber risk awareness.

Better Customer Support Through Collaboration

The CIO can work with the customer service department to improve security controls, policies and training.

A careful examination of the current support systems and how customer service agents interact with them can reveal important deficiencies in the software itself as well as the security controls in place. CIOs can open a feedback loop with the department to encourage comments about improvements in software and customer workflows.

Adjusting security controls and customer interaction workflows can help eliminate steps that are unnecessary or provide too much information to a support agent who does not need it to perform their duties. Platform tweaks can be very helpful in preventing unintentional access to personal information. However, they do not fully protect employees from potentially urgent and emotional appeals for private information they may encounter.

The CIO should work with the customer service department to tailor a cybersecurity awareness training program to meet their needs. An annual cybersecurity basics training course doesn’t happen often enough nor contain the right information for a busy customer service department which frequently interacts with strangers through multiple channels. Training should happen often, be engaging, be relevant to the employee’s functions and teach risk awareness (rather than focusing only on the multitude of attack types).

In this way, an organization’s customer service department can work hand-in-hand with its cybersecurity team to the benefit of both.

More from Risk Management

Container Drift: Where Age isn’t Just a Number

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? Determining the container’s lifetime and the context in which it runs is critical, especially when hosting an internet-facing service. What is Container Drift? When deploying…

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued. While this novel notes approach will eventually be phased out as phishing defenses catch up,…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…