Can you protect your customers’ data from ransomware?
In the first quarter of 2015, ransomware was found to re-emerge, stronger than before. McAfee Labs saw a 165% rise in “data kidnapping” threats last year, and hackers were using a different technique to make it harder for their victims to regain access to their servers.
How it happens
In this data stealing technique, attackers barricade users from accessing their data. They can seep through your IT infrastructure using the links, files, or emails that you clicked on as their gateway.
Malware would then be planted on your computer, preventing you from accessing your device. Worse, your documents may be encrypted so you can’t retrieve them. In other words, the criminals have kidnapped your data, and they’ll be threatening you to pay a “ransom” to get them back.
Ransomware puts everyone at risk, including individuals and enterprises of all sizes. The latter, however, may be at a bigger disadvantage, as several users can access their IT infrastructure. This means that it would only take one employee, who accidentally clicks on an infected link, to place your entire system in danger.
However, cybercriminals are looking for companies with a wide, diverse collection of valuable information. Unfortunately, therefore, call centers are one of their top targets. And because these firms need to protect their customers at all times, they’re under heavy pressure to build robust data protection measures.
What to do during an attack
So what should you do if your customers’ data have been held for ransom?
First, check your backup files. They may not be updated or complete, but you can, in the meantime, rely on them to keep your call center operations going. Even in the face of this massive data threat, remember that you can’t afford to leave your customers unattended. Otherwise, you may end up completely losing their trust, and the brands you represent would ultimately have no other choice but to end their contract with you.
The worst-case scenario however is this: you don’t have a backup server.
In this case, try to remain calm and assess the situation objectively. Although the ideal rule to follow is to never, ever, pay the ransom, you may be compelled to do so. But consider that only as your last resort. You still have another option, which is to contact the authorities and team up with data security specialists who can crack the encryption caging your data. If nothing else works, you don’t have other alternatives left but to pay the ransom and check whether your data is safe on your servers.
Recovering from the downtime
As call centers try to regain control over their IT infrastructure and the organization’s operations, you need to consider how the event impacts the customers.
If customers have experienced delays in services, brand owners and contact centers alike must apologize and assure them that their data have been retrieved. Re-orient your customers about the data protection features that you plan to upgrade after the ransomware. Your first priority should be to rebuild brand–client relationships that may have been weakened because of the data breach.
Within the call center, however, you must educate your staff on how to spot possibly malicious content, files, or applications. Also, they must be aware of the various IT threats that may happen. Intensify your data security measures by coordinating with your IT staff so that future attacks can be warded off. And finally, make it a practice to regularly update your backup files to prevent any information loss. This ensures business continuity, allowing you to demonstrate trustworthiness to your customers.