The At-Home Agent: Drive to Security, Arrive at Flexibility

By Trent Larson

Some companies – especially those that deal with sensitive customer data such as health information or financial data – have shied away from outsourcing their customer contact needs to providers that employ home-based agents. This is despite both the adaptability and cost benefits the model enables. That’s too bad since companies that use home-based agents can gain up to 100 percent more staffing flexibility, as well as reduce the average cost per call by 10 to 15 percent.

Hesitations about adopting this approach typically revolve around companies’ concerns that their data and internal applications may not be safe when home agents operate far from the watchful eyes of call center supervisors. This is a legitimate concern, but trying to run a home-based agent setup without the help of an experienced outsourcer should raise some security concerns as well. Companies have fine-honed their security for brick-and-mortar call centers, but that expertise doesn’t always translate into the virtual agent model. New tools and processes are required that go well beyond shipping out a scrubbed-clean PC to tenured call center staffers whose exemplary service rewards them with the opportunity to do their jobs from home.

Whether by accident – such as when a home-based agent’s unchallenged Web surfing unwittingly opens the door to a virus – or on purpose, PCs unfortunately have a way of not staying in the pure state they start out with. In addition, there have been cases in the past where seemingly trustworthy employees can’t resist the temptation to commit fraud by taking advantage of systems that haven’t been optimally secured.

Keeping It Secure: Making the home agent model work effectively and without risk is something that outsourcers of these services should be very familiar with. It starts with making sure candidates for working at home in customer service positions pass a strict screening process and meet specific home office requirements. The next step is locking down their systems during their working hours, and the final step is being able to immediately remove their access rights if they leave their jobs.

Background checks, of course, are required to ensure that remote agents are trustworthy prospects, but it’s equally important to regularly confirm that those hired actually are the ones who log into the system from the place where they say they’ll be working. To that end, a two-factor authentication is a requirement, and in some cases – especially the most sensitive ones – make that three. Voice biometrics, for example, is an emerging and unique way that those of us at West at Home are adding to our protection, which also include unique log-ins and passwords for home agents.

The heart of securing home agent installations, however, is at the level of the desktop itself. Significant technical applications are available to protect sensitive data, notes CB Richard Ellis in its spring 2009 report, Exploring the Virtual Workplace with Home Agents. Adding layers of security at the desktop is one of them, taking protection to a completely new level that is far beyond what is generally required in brick-and-mortar call center sites.

The PC Lockdown: In an intelligently crafted home-based agent solution, agents shouldn’t be allowed access to the tools required to do their job unless they are specifically scheduled to be on the job. Once their shift ends, home agents must be automatically logged off the system.

In a recent report on outsourced home agents, Datamonitor noted that security would remain a key differentiator for determining the success of a vendor’s home agent business. Some providers of work-at-home solutions feel that it’s enough to simply restrict access to specific sites or processes.

However, we think the smarter approach is to give access only to what agents require to do their jobs efficiently. That’s why we’ve developed a program that can be downloaded and executed to run at the start of each agent session. It checks first to ensure it is operating in an approved environment and then loads a new desktop image that removes agent access to everything from icons and right-click menus to the Windows task manager and various hotkeys that can start and stop nonauthorized programs. The start menu in Windows is replaced with our own proprietary menu, and we block all but the ports that the home agents require to connect to the applications they need to use. Any attempts to circumvent the firewalls are also blocked.

As a result of this software, home-based agents can access the programs and websites that are authorized for use on our customers’ programs. At the same time, the risk that they might accidentally or with intent go somewhere or do something they shouldn’t is removed for the duration of their work session. They have zero rights on the new desktop. For example, they are not allowed to save information, they are not allowed to copy and paste, print a screen, or plug an external device into a USB port. Rogue applications can’t attack while home agents are in call-taking mode either, as we’re constantly checking for the presence of these programs. Once agents come out of call-taking mode, the program self-deletes, leaving no footprint.

Additionally, we think it’s important that security processes be transparent to home agents. It’s a productivity bust if they have to spend their time working through a maze of log-ins or other procedures in order to be able to do their jobs.

It’s completely normal to have concerns about how to secure something (the PC) – and someone (the home-based agent) – you can’t see, but that shouldn’t keep you from exploring your options for sourcing a home-based agent workforce that has the ability to scale up or down to your needs and to do it in a cost-efficient way. The only thing you should fear is going with a provider that can’t satisfy your security concerns.

Trent Larson is vice president of product development for West at Home, a service from West Corporation, provider of outsourced communication solutions.

[From the October/November 2011 issue of AnswerStat magazine]