Endpoint Security Protections In an Expanded Distributed Work Environment
As large numbers of contact center agents have been shifted to a work-at-home model due to the pandemic, it’s more important than ever for BPOs to ensure endpoint security and data compliance measures are in place. In this post, we focus on endpoint security initiatives that are essential amid these widespread changes in global work environments. Endpoint security involves securing the corporate environment, infrastructure, and client data from the expanded distributed work environment. While enabling work-at-home agents to transition from highly controlled and secure iQor offices to unknown and insecure home networks, we are able to maintain productivity while meeting the challenge of protecting new endpoints—agents’ laptops, mobile devices, and desktops—from potential security threats that home networks can introduce.
iQor is in the business of providing outsourced customer service for top brands who entrust us to engage their customers securely. Without proper endpoint security for our work-at-home agents, threat actors can potentially compromise private information, monitor calls between customers and agents, and gain access to confidential information.
The global reach of the COVID-19 pandemic and the increased prevalence of remote work initiated the need for businesses to adapt to changing endpoints, and still necessitates that evolution today. iQor immediately recognized the need to provide a remote alternative to our world-class call centers around the globe. When stay-at-home restrictions were fully enforced in March 2020, iQor enabled nearly 20,000 agents to work at home before the end of March. While this was accomplished in an expeditious manner, network security and compliance requirements remained paramount and were at the core of all decisions.
In this article, we focus on one element of iQor’s comprehensive enterprise security approach: work-at-home endpoint security. The endpoint protection of iQor’s globally distributed access points is one of the multiple layers we employ to provide world-class security for our clients.
Before we dive into how to implement thorough endpoint security with a team of work-at-home agents, it’s important to clarify what differentiates endpoint security from viruses. Unlike legacy anti-malware, which relies on established malware signatures to work, endpoint security platforms internally monitor databases and devices and send alerts to the security team if anomalies are detected. In other words, endpoint security solutions conduct behavior analysis to locate threats already existing on devices, while anti-malware can block only incoming threats.
The Need for Work-at-Home Endpoint Security
Prior to the pandemic, work-at-home was reserved for a small percentage of the workforce, such as business continuity situations (hurricanes, typhoons, etc.) and for back-office employees. These work-at-home needs were addressed through traditional methods—VPN connectivity, two-factor authentication/multi-factor authentication (2FA/MFA) challenges, and corporate extensions of legacy anti-malware solutions. With the rapid expansion of work-at-home brought about by COVID-19, the threat landscape has increased exponentially due to the number of distributed networks and the ever-shrinking network perimeter. Securing the endpoints enables businesses to implement a zero-trust approach and identify and authenticate all agents and devices.
The Work-at-Home Environment for Customer Service Agents
Agents working from home extend the perimeter of iQor’s network to include home networks where the remote devices are being used. These networks are not protected, yet we need to ensure the safety of the endpoint devices and agents using them. Prior to the pandemic, the use of public Wi-Fi networks was highly discouraged due to the security implications and lack of native encryption. Today, the home network may be just as vulnerable as public Wi-Fi access points.
While agents work at home, they leverage secure devices for normal activities, but their other end-user personal devices—desktops, laptops, phones, and tablets—coexist on their networks and their communications impact our ability to secure the entire environment. The challenge is to protect the agents and the data from any external tampering by securing all agent sessions on their home network through to iQor and then to the client systems.
Work-at-Home Vulnerabilities for Agents
The extensive use of distributed devices to support the work-at-home agent model, coupled with the increased attack surface provided by home networks, requires iQor’s proactive approach to plan for and address an ever-increasing number of vulnerabilities. Although many of these vulnerabilities are low to medium risk, this is not always the case. The recently disclosed log4j cyber threat vulnerability has created exposure points seldom seen in the past.
To minimize exposure to these vulnerabilities through threat prevention strategies, iQor maintains the software distribution and patching of devices on and off our network. Secure endpoint devices in the agents’ home networks need to be patched as efficiently and effectively as devices within iQor’s network walls.
Endpoint security solutions known as endpoint detection and response (EDR) can also defend against new ransomware variants and zero-day attacks. Zero-day attacks happen when an attacker spots a software or hardware vulnerability and releases malware before the IT team can fix the vulnerability.
Cybercriminal Activity is On the Rise
The transition of a significant portion of the workforce from work-in-office to work-at-home means there are thousands more desktops, laptops, and thin clients sitting outside the secure walls of iQor’s corporate network. This exposes work-at-home agents and their devices to malicious threat actors. We have seen a significant increase in cybercriminal attacks since the start of the COVID-19 pandemic, and all indications point to this trajectory continuing with more and more threats to come.
With so many customer-facing employees working from home, ensuring the accountability of all endpoints using traditional security tools like legacy anti-malware can be very limiting. This is why a comprehensive endpoint security solution is needed to protect remote agents and iQor’s clients.
Managing Endpoint Security With a Work-at-Home Team of Contact Center Agents
iQor provides our agents three primary mechanisms to work from home securely: (1) thin clients, (2) Secure Remote Worker (SRW), or (3) full desktops. Thin clients are appliance-based computers that leverage a secure operating system based on Stratodesk’s NoTouch operating system. SRW software enables our agents to provide the hardware (BYOD) for iQor to deploy a secure profile based on ThinScale. Lastly, some clients require a full PC desktop for the agents supporting their customer experience program with us.
Regardless of the solution, a secure work-at-home environment maintains the following:
- Multi-Factor Authentication – All remote agents are required to provide multi-factor authentication to access resources within the environment.
- Patch Management – With solutions deployed, iQor ensures the devices are patched per the corporate-defined schedules.
- Secure Access – iQor provides secure access via Cisco VPN Gateways or VMware unified access gateways (UAG) to corporate resources.
- Virtual Desktop Infrastructure (VDI) – The remote workforce connects to VDI secured within the data centers. All data and communications are secured by the corporate networks.
- Workspace Compliance – iQor maintains a clean workspace environment and leverages software to monitor and alert on any violations.
- Endpoint Sensors – iQor deploys Crowdstrike to monitor and protect company devices in real time.
Through multiple layers of defense, iQor provides a unified security solution that enables agents to work securely from home. This secure posture ensures that all client data and communications are protected with the highest level of integrity.
Endpoint Security Measures for Remote Agents
While deploying comprehensive endpoint security measures is the foundation for a secure environment, this is not the entire solution. The agents and their behaviors are essential to furthering this security model. We must invest in the agents and agent controls to encourage continued adoption of the layered defense instead of relying solely on software. A layered defense uses various policies, tools, and resources to protect multiple endpoint vulnerabilities against threats. Even if the solution is managing the remote work environment at all times, it may not be enough to prevent all cyberattacks.
Strong security measures with a layered approach for defense include:
- Anti-Phishing Tools – Scan and block downloads and emails with suspicious content, safeguarding the work-at-home experience for employees.
- Good Cyber Hygiene – Ensure that the remote work environment has good overall cyber hygiene. Consistently educating agents on cyber-hygienic best practices is imperative.
- Password Policy – Use automated prompts to remind employees to change their passwords regularly.
- Sensitive Information Protection – Encrypt/obfuscate messages with sensitive personal information (PI) or company information.
- Website Filtering – Deploy a zero-trust model where all filters explicitly deny access unless the employee is whitelisted. This ensures that all filtering is active, thereby preventing employees from visiting sites that may install malicious code on their computers.
- Agent Education – Educate agents and employees on all implemented security measures and provide scorecard feedback regarding successful adoption.
Beyond Endpoint Security
How do we further advance protections after iQor has safeguarded the work-at-home agent environment through secure endpoints and corporate network connections? It’s essential that we incorporate cybersecurity procedures and expectations into our onboarding process to ensure all new employees maintain iQor’s security posture at scale. By having solutions in place and educating employees on how to use those solutions consistently we can take a multi-pronged approach to work-at-home endpoint security.
Indeed, any plan for securing work-at-home environments must extend beyond just the networks and devices involved. Best practices for work-at-home endpoint security in today’s evolving work environments should include four main principles.
- Secure the endpoints and agent sessions.
- Educate, protect, and empower agents in cybersecurity.
- Automate onboarding to ensure all employees maintain security protocols.
- Scale work-at-home solutions to go big.
Experience the iQor Difference
iQor deploys endpoint security and data compliance through Secure Remote Worker, a robust technology solution enabling us to securely onboard and manage customer-service agents working remotely. An employee’s onboarding starts with a validation link. The agent clicks a link to install the ThinScale Technology Secure Remote Worker, and they become immediately available to work securely. While the agent is performing their customer experience duties, they have access only to data permitted to them, enabling them to be functional and secure.
If you’re considering outsourcing customer support, explore partnering with iQor. We are an award-winning global BPO, purpose-built to deliver omnichannel customer service through our work-at-home and in-office agents spread across more than 50 locations worldwide.
We know work-at-home endpoint security like the back of our hand. In 2020, we successfully transitioned 20,000 agents from working in-office at call centers to working securely at home.
John O’Malley is senior vice president of platforms and desktops at iQor.