Last few years have witnessed overwhelming growth in BPO sector. However as the BPO sector continues to touch new heights, there has been a surge in security incidents as well. The security eventualities have resulted in heavy monetary losses for several customers. This has adversely affected the reputation of many high profile indigenous and MNC BPO companies.
Attackers constantly lookout for ways to identify and exploit weak links present in the system. This weak link could be anything from an ignorant customer to absence of monitoring system to freely usage of pen drives at call centers. Any of these events will pave the way for attackers to bypass the security controls and commit fraud.
Effective security protocols needs to be established and strictly followed to ensure adequate security measures are in place to monitor and regulate flow of data via people, process and technologies. An effective Data Security Policies in BPO Industry will help curb majority of data security threat. A detailed data security policy should outline the aspect in which the data should be handled in BPO companies
A report published by Ponemon Institute revealed that in majority of cases organization use live production data in testing applications. This is not surprising since it ensures covering most of the live production scenarios. However this inadvertently exposes data and so sufficient Data Security Policies needs to be there in place to address such situations. The report said 82 percent of the organizations have experienced at least one case of security breach in last 12 months.
Majority of data security initiatives are targeted towards online database security. Offline database is grossly neglected. Ironically 39 percent of the attacks have been attempted on offline data. 70 percent of the industry set pertains to financial services, healthcare services, government organizations, telecom companies and educational institutional.
Upholding the importance of Data Security in BPO Industry, Internationally there have been many laws and guidelines under HIPAA, SOX, Basel II, PCI DSS, etc. to strengthen data protection. In US alone there are over 700 surveillance and privacy laws covering data protection through encryption and masking of Personally Identifiable Information (PII).
In India, international and Indian banks are required to follow PCI Compliant Data Security Standards to safeguard customer data if they are providing international credit cards. Yet how many banks are actually following such guidelines is not clear. Information Technology Amendment Act, 2008 seems to be an honest effort in this direction, however it still has to go a long way.
Several cases of data theft have been reported in India majorly from BPO companies highlighting the issues of privacy and data protection. The BPO fraud of Pune made an International headline when five BPO employees siphoned nearly 2.5 crore rupees from New York based CitiBank account. In another eye opening case, 1000 Briton’s bank account details were sold by an employee of a Gurgaon-based BPO company.
All of these incidents much emphasize the Importance of Data Security Policies in BPO Industry. Present government and industrial initiatives are appreciable yet not sufficient to cater to the security requirement of the ever evolving BPO industry.