Contents:

  Home

  Vendors

  Articles

  Subscribe

  Advertise

  News

  Resources

  Search

  About Us

Services:

  Jobs Board

  News Feed and Info

  eNewsletter

  Medical News

Quick Links:

  Events Calendar

  Area Code Info

  Editorial Calendar

  Call Center Glossary

  White Papers

  Submit Content

  Our Sponsors

Call Centers:

  Answering Services

  Triage Call Centers

  Appointment Setting

  Physician Referral

  Other Services

  Signup to be listed

  

      

 

Developing an E-Security Policy

By Patricia S. Eyres, Attorney at Law

August/September 2006

Dangers lurk in cyberspace.  Every call center should have an easily understood, consistently enforceable policy to protect trade secrets, maintain the integrity and security of all networks and servers, protect sensitive client and caller information, protect the organization from lawsuits by third parties, protect the integrity and reputation of the organization and its business, and ensure achievement and productivity.  Security is everybody's business.

Spam and viruses are the most visible, but not the most significant security challenge.  Fearing loss of confidential records from intrusion by criminal hackers, call centers are installing firewalls to protect their networks.  These firewalls will stop many, but not all, of today's hacker attacks.  Hackers can take advantage of holes in a network's perimeter defenses created by employees who bypass protections by attaching modems to their PC's, setting up wireless access points without permission, or downloading risky software, such as chat or file-sharing programs, all of which offer entry points for the creative criminal.  That's why security is everybody's business and all managers and employees must understand the importance of following established security procedures.  This is especially important when using laptops or working from remote locations. 

Keeping your networks secure from hackers is just as critical to protect callers' information.  Hackers target electronic databases of call centers because they often have a mountain of information from which identities can be stolen: names, addresses, credit card information, and other personal data.  Theft of customer data gets the attention of the media, and one company was hit with a class action lawsuit charging that it failed to secure credit card information online.  The visibility of insecure networks has prompted tough laws in several states, most notably California, that require any business that collects data from California consumers to immediately notify every person if there is a breach of security - from any source. 

What about mischief and malice by employees and coworkers?  In many ways, email is ideally suited to smuggle trade secrets and valuable company data out of an organization.  Leaks of business plans can be embarrassing and costly; the intentional disclosure of secrets can cost a lot more.  A comprehensive e-security plan should address internal threats that are as dangerous as attacks from outside.  Identifying internal threats is the first step.  The combination of email overload and careless attachments is one risk; intentional stealing from internal electronic files by email attachment is quite another.  Whether accidental or deliberate, breaches of confidentiality can erode customer and employee confidence, cost jobs, and devastate your organization. 

Information security requires effective policies and consistent enforcement.  It is imperative that every employee know and understand their role in security, even when it seems like a hassle.

What is the Purpose of Information Security? Information security is designed to prevent unauthorized access or damage to hardware, software, and data.  This encompasses misuse, malicious or accidental damage, vandalism, intentional intrusion, fraud, theft, and sabotage to information resources.  The purpose of information security is to safeguard your call center's information resources, including all hardware, software, and data in both electronic and hardcopy formats. 

Define Responsibilities for Information Security: The job of protecting hardware, software, and data (hard-copy and soft-copy) from abuse is shared by all users - employees, contractors, management, administrative staff, and clients.  Make it the responsibility of every system and information user to read, understand, and comply with your security policy and all associated information security policies and procedures.  Post the essential provisions on your intranet as well as publishing it in hard copy in your Employee Handbook. 

Your call center should manage information security standards, procedures, and controls intended to minimize the risk of loss, damage, or misuse of your organization's data, by developing policies:

  • Establishing and maintaining policies, procedures, and standards for access.

  • Securing information and implementing access to authorized persons.

  • Assisting data custodians in identifying and evaluating information security risks.

  • Selecting, implementing, and administering controls and procedures to manage information security risks.

  • Distributing security report information in a timely manner to management, data custodians, and appropriate system administrators.

  • Reviewing data security issues that have company-wide impact.

  • Promoting security awareness to all managers, supervisors, and other end-users through timely information and training. 

Establish Accountability Standards and then Enforce Them Consistently: Security is everybody's business.  End-users, including clients and vendors, accessing your data should be personally responsible for proper use of the resulting available information.  Employees who access data must be responsible for:

  • Complying with all security policies and procedures in the use, storage, dissemination, and disposal of data.

  • Safeguarding passwords

  • Protecting data (softcopy and hardcopy) from unauthorized access.

  • Respect the privacy of other users' software and data. 

  • Reporting information security violations.

Specifically Address Data Confidentiality: Due to the value and sensitive nature of your call center's data and client information, employees must exercise caution and care in their jobs and adhere to all information security policies and procedures.  In order to effectively communicate this policy and emphasize the importance placed on the confidentiality of data and software, all employees should sign a data confidentiality statement on an annual basis; new employees should sign the statement prior to being hired.  Additionally, the call center should reserve the right to monitor and review all system activities performed by system users and notify users that they do not have a reasonable expectation of privacy in their computer files, including email.

Patricia S. Eyres is an attorney with 18 years defending businesses in the courtroom.  She can be reached at 800-548-6468.

Read more articles relevant to hospital and medical related call centers.
 

  [Home]     [Vendors]     [Articles]     [Subscribe]     [Advertise]     [News]     [Resources]     [Search]     [About Us]

616-284-1305, answers@AnswerStat.com; © 2003-2012 Peter DeHaan Publishing, Inc.