How to keep your technology compliant and secure.
3/12/2020 11:00
Remote access to consumer information by call center employees may create greater compliance risks.
As the coronavirus disease (COVID-19) pandemic continues, companies will have to make risk management decisions to balance the safety and health of their employees, writes Todd Langusch, founder of CIGL Consulting Inc in an article titled “Teleworking During the Coronavirus Outbreak – PCI DSS, NIST & Risk.”
“The obvious first question is the asset being used for teleworking. Is it a company provided laptop/device or is it teleworker owned? Some companies are leveraging the employee’s home equipment which although may be a necessity due to cost or timing of getting purchase and setup done is HIGHLY NOT recommended and poses the highest risk,” Langusch writes.
He provides an overview of how a call center setup could transfer to a work-from-home environment and various security requirements that match compliance in the industry.
“Depending on the configuration of the work-from-home setup, it may bring into scope the home network of the remote call center agent… something that companies generally do NOT want to do,” according to Langusch. “So, for teleworking call center agents, you would want to ensure some sort of network segmentation. For example providing them with some sort of firewall or other network device that ensures that their work computer only can talk to the firewall/corporate network and nothing else on their home network, and that nothing else on their home network can talk to their work computer, firewall, or the corporate network.”
Read more compliance tips from ACA International here: Working from Home? Cybersecurity and Compliance Tips to Consider.