We spoke to leaders to give you an insight into the future of Security, Regulations and Compliance
The trends of the communications and collaboration landscape are constantly evolving. New channels emerge to help companies better serve their clients. Innovative technology like AI and machine learning opens the door to more meaningful conversations.
However, throughout history, there is one thing that has never changed – the need for exceptional security and privacy. Consumers in all industries have a right to know that their data is secure – that’s something that’s only growing more evident in recent years. At the same time, businesses need to have the right security and privacy efforts in place to minimize disruption too.
Of course, just because the demand for great security remains the same, doesn’t mean that the strategies available to keep people secure aren’t evolving. The introduction of everything from GDPR to new call recording and compliance standards means that businesses are always altering the way they think about security.
The key to success in today’s privacy-focused world is staying ahead of the curve. We connected with leaders from CallCabinet, Content Guru, Fonative, Intrado, and Theta Lake to get their input on the marketplace.
What challenges are companies facing with Regulations, Security, and Compliance?
To start our discussion, we thought it was a good idea to explore some of the most common problems and challenges facing today’s businesses. Security, regulations, and compliance are all areas that often lead to a lot of confusion in the current landscape.
Over the years, new regulations like GDPR pushed business leaders to suddenly switch up their strategies. At the same time, we’re currently facing a brand-new environment, driven by the arrival of the COVID-19 pandemic. We reached out to our security, regulation, and compliance professionals to learn everything we could about the challenges that today’s businesses face and what companies might have to do to overcome them.
Ryan Kahan, the CEO of CallCabinet Group:
According to the CEO of CallCabinet, the biggest issue right now is lax security measures. Around 30% of businesses aren’t using the right security tools and software to protect devices and data. This issue is more significant in the era of Shadow IT, caused by mobile and flexible agents.
“Vulnerable data is also an issue. Communications between companies and customers are vulnerable to data theft, especially in regard to PCI compliance. On-premise storage has been especially vulnerable to attack due to its manual upkeep needs. The machines making up a storage network need management for end of life software and hardware concerns, and security updates are applied piece by piece leaving gaps in a network’s defenses.”
Kahan also mentioned the importance of agent training, as many employees aren’t adequately prepared to handle the issues that they face every day.
Martin Taylor, Deputy CEO of Content Guru:
The Deputy CEO of Content Guru, Martin Taylor, drew attention to the issue of COVID-19. What the pandemic means to the way that we work securely, According to Martin, “COVID-19 has made working from home the new normal for organisations across the globe, and the contact centre is no different. Compliance and security are highly prized when customer data and payments are being processed.”
Taylor told us that today’s companies are facing the challenge of trying to adhere to regulations, while agents operate outside of their secure environment. Another issue is that customer trust with sensitive information, and payment details is crucial to what makes people stay loyal to brands.
“Organisations need a way of monitoring employees to ensure they are adhering to regulations and have the support they need to deal with customer inquiries securely from home”
Steve Smith, the CEO of Fonative:
Fonative CEO, Steve Smith, noted that preventing security breaches is still the largest challenge that companies face today. This has been an issue for businesses throughout history. However, as regulations increase, it becomes more of a problem.
Privacy compliance and consumer rights are more significant now than ever. However, the biggest risk to most businesses is still a security breach. “Depending on what consumer or patient data a business holds or processes, the costs of a breach can be catastrophic, especially with healthcare or financial data. Ransomware attacks can cripple businesses, and reputational harm can be immense for digital companies.”
Smith said that virtually all companies are going digital these days, which means that every organization must defend against the growth of things like phishing, attack tools, human engineering, and other common problems.
Mary A Boyd, Vice President of Regulatory Policy and External Affairs at Intrado:
The VP of Regulatory Policy and External Affairs for Intrado, Mary Boyd said that US companies operating in the on-premise environment, or the hosted and hybrid space, have various compliance needs. These companies must fulfill federal regulatory obligations (E911). At the same time, they have various local state requirements to consider too.
The biggest issue with compliance right now is that businesses need to understand how various rules are applying and where they need to be met. It’s important to consider the enterprise budget and unique voice or network environments. The increasing number of employees working from home also adds to the complexity of the compliance space. “There are usually multiple options to reach compliance, and the advantages of each option need to be assessed.”
Anthony Cresci, VP of Business Development at Theta Lake:
According to Anthony Cresci of Theta Lake, regulatory bodies across all verticals are expanding the demand for the right protection. With remote work now more popular than ever, the focus of these requirements is shifting to collaboration with chat and video conferencing.
Unfortunately, legacy security and compliance tools can’t properly detect risks, manage data, and more in this new environment. “Unified communications enable information sharing through screenshare, virtual whiteboards, webcams, chat, and more. Increasing the need for full visibility into what is said, shown, shared, or typed to detect employee misconduct, data leakage, acceptable use, regulatory, and compliance risks.”
Many growing companies now use multiple UC platforms to stay connected too. Theta Lake notes that ensuring companies UC platforms have the right, most up-to-date security is crucial today.
What can be done to address the challenges?
After establishing some of the most significant challenges that today’s companies are facing around security, compliance, and regulations, we were keen to find out what comes next. Although there are many security concerns for businesses to consider today, it’s worth noting that technology is also evolving to solve these problems and eliminate issues. Countless new solutions are emerging both in cloud and on-premise environments, to enhance compliance and regulatory measures.
Today’s businesses can create customized strategies for compliance and security, using everything from the proper training of staff members, to military-grade encryption for conversations on all channels. We asked our security and compliance experts to weigh in on the strategies that businesses can use to get ahead of the challenges that teams face every day. Here’s what they had to say.
Ryan Kahan of the CallCabinet Group told us that the first step is encrypting customer data. Encryption makes data useless to malicious parties, while still ensuring that the right teams can access it. For compliance, encryption is essential in specific environments; it also mitigates the potential risks attached to the mobile workforce.
CallCabinet believes that the best path to encryption starts with the move to cloud storage, which opens the door to military-grade encryption for customer data and company tools. It also removes the maintenance demands, so that IT departments can concentrate on “company needs and leaving the Cloud provider to focus on keeping your data secure, portable, and redundantly backed up.”
Kahan also recommends properly training employees.
“Staff who understand their legal responsibilities will better protect the company’s bottom line than employees without the vital, necessary training”
“Using call recordings are immensely useful for training employees and dispute resolution.”
Content Guru’s Martin Taylor also recommends implementing a cloud solution for the new security landscape. According to Taylor, this system allows agents to work from home, while still supporting supervisors in monitoring interactions as closely as possible.
“A solution with screen recording and data analytics capabilities enables organisations to supervise and offer remote over-the-shoulder style support to employees, to ensure they are meeting security and compliance regulations.”
Taylor notes that companies must use recording for quality monitoring and make sure that conversations are available remotely for data subject access requires. “Industry-leading PCI-DSS compliant phone payments are essential to ensuring that all card transactions are safe and secure. For additional security, two-factor authentication login for agents ensures that, even if an unauthorised person accesses a company device, no data will be at risk.”
Steve Smith notes that there are a lot of steps that companies can and should take to improve their security standing and overcome common challenges. However, the most critical factor in Fonative’s opinion is senior attention and mindshare. There’s no silver bullet option for a healthy security posture today.
“Do you need technology (SIEM, IDS, IPS, FIM, etc.) – yes. Do you need process: change control, patch management, audits, pen tests – yes. Do you need good policies, security training, role differentiation, screening of personnel – yes. And you have to be considering security implications of product enhancements, acquisitions, integrations – not just for yourself, but for vendors and service providers your organization uses.”
As Smith noted, there’s a lot of work to do here, and it usually sits within the realm of the CIO’s duties. However, these experts also need the right support, budget, and attention from the CEO and board too.
“Good security can only happen when everyone recognizes and prioritizes its importance”
According to Mary Boyd, VP of Regulatory Policy and External Affairs for Intrado, enterprises need to address their challenges by working with the right provider. Notably, companies need to work with a reputable Enhanced 911 company that can offer a proven and reliable solution for managing the emergency calls that happen in any space.
“Intrado’s E911 solutions are reliable, flexible, and cost-effective. Intrado also has over 900 employees dedicated to 911 and public safety, which includes a Regulatory team who work with federal and state government officials and the public safety industry.”
According to Mary, these factors make Intrado a leader in the emergency calling environment for public safety. All of these elements contribute to Intrado’s clients being able to successfully overcome challenges with compliance and orchestrate the right E911 strategies.
Theta Lake VP of Business Development, Anthony Cresci said that the implementation of proper security and compliance controls across UC platforms is essential. This means using everything from waiting rooms to PII redaction.
“Add unified communications to core compliance and risk management programs, don’t ignore it. As the fastest growing channels, video conferencing and collaboration chat are most susceptible to risky/non-compliant behavior and oversharing of sensitive information.”
Theta Lake recommends that businesses should integrate compliance and risk management solutions that are purpose-built for UC. Companies need to be capable of handling all content available, with active integrations for UC platforms, and an ability to automate risk detection with large volumes of data. “Prioritize vendors integrating next-gen AI technologies with proven intellectual property that can detect risks in audio, visual, image, and text-based content and efficient supervision across large volumes of recordings and chats.”
Can AI positively Affect Security, Regulations, and Compliance, and if so, how?
Everywhere you look in the current communication and collaboration landscape, innovative new technology is disrupting companies. We’ve seen the rise of virtual assistants supporting employees by automating repetitive tasks and simplifying workflow. Elsewhere, the promise of things like IoT ensures that companies can control machines and tools from a distance.
With countless innovations to explore, from 5G to Augmented Reality, artificial intelligence still stands out as the solution making the most impact in this new environment. We were keen to find out whether our industry professionals believed that AI would have a positive impact on the security and compliance space. Here’s what they had to say.
According to Ryan Kahan, from CallCabinet, AI makes a significant and positive impact on the world of compliance and security. This is particularly true regarding data recognition and management. In phone conversations recorded by teams, AI is already a common feature for transcribing speech. The right tools can also recognise numerical sequences and use automatic redaction.
Artificial intelligence protects social security and credit card information automatically, which is excellent for reducing a company’s risk levels. At the same time, AI’s ability to recognise phrases and words can help compliance offers to examine things like employee compliance.
“Call volume can be scanned by AI to detect phrases agents are legally required to say over the phone to customers. This can help highlight which agents are performing and which need more training. If done manually, this process would normally cost a compliance officer a significant amount of time and effort while introducing compounded violations. AI makes spotting areas of concern nearly instantaneous and allows companies to be agile and proactive regarding their employee training rather than reactive.”
Content Guru’s Martin Taylor said that the abilities of artificial intelligence are still developing and growing. As this process of evolution continues, it’s sure to have a massive impact on how businesses keep interactions with customers as secure and compliant as possible.
“For example, switching to using AI chatbots through digital channels, or Natural Language Processing (NLP) over the phone, to take payments securely removes the need for a human agent to take sensitive card information from customers.”
As well as this, Taylor also noted that the whole call listening and speech-to-text transcription world has a lot to offer too. NLP enabled tools with automatic analysis ensures that agents are using the right phrases to ensure compliance. This will lead to a new era of automated call quality monitoring. The new landscape makes it easy to check sensitive information and ensure that these details aren’t being discussed in a way that harms compliance.
Fonative CEO Steve Smith said that he believes AI is sure to have a massive impact on the way that companies handle security and compliance. Already, Fonative sees the evidence of intelligence in this landscape, appearing in various forms. For instance, AI is already included within most intrusion detection and prevention efforts, intended to reduce the risk of thieves.
“Especially in the emerging category of Web Application Firewalls which are able to leverage massive scale and traffic patterns to correlate, analyze, and neutralize attacks. As an example, Cloudflare sits in front of 26 million websites (and 11.6% of the world’s largest websites and applications).”
Smith notes that the Cloudflare WAF has AI analytics and machine analytics searching through all traffic patterns for bad actors and botnets. When a solution spots an attack or botnet, it can automatically block the vector from reaching the website. “Another example is the use of AI in SIEM/SOC tools to complete the event correlation and pattern recognition of streams of logs files and events. This frees SOC analysts from the manual event monitoring, permitting them to focus on higher-level analysis.”
Vice President of Regulatory Policy and External Affairs for Intrado, Mary Boyd said that once again, the focus for many companies is on E911 calls and the laws and regulations surrounding these. The right compliance measures must be in place to protect the population, influence advancements, and promote change.
“AI could be leveraged to gather and process information related to an incident, and make recommendations to first responders”
Boyd says that artificial intelligence in the public safety environment will have a significant impact on E911 policies on a state, local, and national level. Public Safety Answering Points need to develop policies regarding the use of information taken from AI. At the same time, managing and archiving data correctly will be crucial too.
Mary believes it’s essential to evaluate whether regulations and federal/state laws need revision according to the way this information moves through the business. “The use of AI in public safety could bring issues regarding privacy and will require review, but the technology enhancements, in the end, help protect people and property by providing standardized and improved E911 technologies for businesses and PSAPs.”
Anthony Cresci from Theta Lake told us that building AI solutions into the workplace is a great idea. Tools that can infer meaning and detect risks in all kinds of voice, video, and written content is critical. This is particularly true when you add sophisticated machine learning and natural language processing into the mix.
“This allows organizations to use baseline capabilities including speech transcription, OCR (transcribe text appearing on-screen), and object detection to provide information that purpose-built, risk, and compliance-oriented AI uses to find actionable problems cost-effectively at scale.”
Cresci also told us that AI and deep learning enables the detection of regulatory conduct, security, and acceptable use. This will help companies of all sizes to manage things like risk and compliance. Additionally, legal teams will have more support to focus their review efforts on content with apparent risks. Solutions could even alert legal teams to moments when policy violations occurred within any kind of conversation.
“This enables firms to increase their scope of coverage while reducing effort all without increasing resource costs”
What are your thoughts on the changing landscape of security, compliance, and privacy in 2020? Are your teams facing any of the common challenges mentioned by our experts above, and what are you doing to manage these issues? How do you feel about the rise of AI in solutions for security and compliance? Let us know your thoughts in the comments below or join the conversation on social media!