Hotels face hidden customer service security risk

The COVID-19 pandemic has disrupted the travel and event industry from the inside and out. Depending on the current Centers for Disease Control and Prevention guidelines and local municipality mandates, consumers have been advised to cancel plans and bookings for airlines, hotels, events like concerts and festivals, and family gatherings. The number of operated domestic flights last summer fell 65 percent compared to the same season in 2019. Meanwhile, year-over-year hotel bookings followed a similar trajectory, decreasing by about 60 percent across the U.S.

Despite the massive waves of booking cancellations throughout 2020, the hotel industry may be on the brink of a bigger financial risk. Unless contact center companies remain vigilant and implement solutions to curb this risk, it’s inevitable that a wave of legislation surrounding customer privacy and data will eventually come in 2021.

Hundreds of thousands of hotel industry contact center agents moved from heavily monitored and controlled office spaces to their homes, which are essentially the opposite of the contact center setting agents and their management teams had become accustomed to. At home, agents were subject to uncontrolled environments that were not secure and prone to bandwidth issues. Companies rushed to find and provide secure hardware, including laptops, headsets, display monitors, VPNs and other secure devices that enabled at-home agents to execute their duties without risking an external security threat or negative customer experiences. In the rush to provide this equipment companies may have overlooked the risks posed by agents themselves, which is potentially the biggest risk factor of a dispersed agent workforce.

Whether through unintentional accidents or deliberate malice, customer service agents can cause serious information security problems in the new world of work-from-home, where they are regularly presented with sensitive customer information. Agents could potentially copy or save information for later illegitimate use. While agents don’t always discuss personally identifiable information with their customers, they are often given access to certain PII involved in bookings or customer authentication. This information could include anything from credit card numbers to full names and birth dates, to any other personal information like owned vehicles or past home addresses that customers have submitted for two-factor authentication purposes.

While the risk of a deliberate internal threat is low, the risk of an accidental threat can be high. If an agent has a momentary lapse of judgement or becomes too busy, they may skip a software update that could provide critical security patches to the agent’s unified interactions platform that they use to execute all their customer-facing messaging and calls.

The adoption of bring your own device and use of personal devices in the workplace poses yet another security threat for at-home agents. Contact centers typically have strict rules and requirements surrounding the use of personal devices such as phones and tablets. Agents are usually required to check their personal devices at the door, or at the very least keep them off their desk and out of their hands while working. If at-home agents use personal devices, they may be unknowingly opening the door to security threats – especially if their work computer and personal device use the same Wi-Fi network. Further, if the agent’s Wi-Fi network does go out, they may have to find a public setting such as a coffee shop or library, which is even more susceptible to external security risks.

At this point, it’s apparent that the new world of work-from-home is here to stay for many industries, including customer service. Sooner or later a massive security breach—either due to agent neglect, malicious intent, or simple carelessness—will result in a wave of new litigation surrounding consumer privacy and remote contact center agents. Contact center leaders will be the primary force in preventing such a breach and must ensure that both contact center agent hardware and the agents themselves are reliable when it comes to the security of sensitive customer PII.

James Isaacs is president of Cyara, an automated customer experience assurance platform provider.