Category: Uncategorized

The world has embraced this regulation as being necessary in order to do business directly or indirectly with Europe or European companies. Call Design is increasingly requested to confirm compliance with this regulation by Australian and overseas companies, some are our customers, others are suppliers that need to ensure that we are an integral part of their supply chain. Call Design’s position in this is very clear, we manage and protect Personally Identifiable Information that we hold and use ensuring that it is being collected and handled in accordance with GDPR standards

– Providing users with appropriate mechanisms to safeguard their personal data
– Ensuring that our partners also ensure GDPR compliance during data exchanges
– Updating our Policies and employee handbooks to ensure that staff are aware of their responsibilities

And

– For our Hosted customer systems, we ensure that customers are in full control of personally identifiable information and we support their systems without processing customer data directly.
– Call Design employs secure system infrastructure and secure management and controls using MS active directory and secure data centre security and network infrastructure management.

Three quarters of the outside world don’t trust businesses to do the right thing with our emails, phone numbers, preferences and other details. Security of information and privacy is integral to the day to day operation of our company and it is in our greatest interest that our customers, suppliers, staff and the community at large to have confidence in how we handle business and personal information. This is only possible when our systems, processes and people work together and this is reflected in our processes and practices based on our Policy’s and beliefs. GDPR is not new, Call Design complies with the Australian Privacy Act and state and federal surveillance legislation and marketing Acts, we operate in Australia and overseas and adopt the principles of Australian Privacy Laws and state and federal surveillance legislation and marketing Acts. Some more obvious examples of us treating this regulation seriously day to day includes

– Sending an email to the correct recipient, untrusting Outlooks predictive address population;
– Treating all customer information as confidential
– Treating Call Design business and technical information as secure

Peter Salmon
Call Design Director

Aging software, low staff motivation and a lack of empathy can cause sudden absences. But with an action plan, contact centers can cope.

The world is changing rapidly, and businesses need to keep up. These are our predictions for the future tech trends facing the contact center space.

On the 3rd of January 2018, three new vulnerabilities were released that have been grouped together and called Spectre and Meltdown. These are not traditional software based vulnerabilities but are inherent in the very fabric of modern Intel and ARM processor chips.

Because these vulnerabilities are within the processors, operating systems and applications that run on top of these processors are vulnerable and the only real way to resolve hardware issues like these is to replace those processors or update their firmware which is not very practical. We recognize as do our partners that the only way to tackle these latest hardware based vulnerabilities is to make the physical-layer vulnerabilities inaccessible and this needs to be accomplished at an operating System and potentially application layer.

Call Design’s current position is first to ensure that our systems continue to be appropriately patched with updated anti-virus and malware protection from leading vendors. We note that some operating system patches have been released that have caused existing systems and applications to fail and we are therefore cautious in the application of any of these Spectre and Meltdown patches without comprehensive testing.

We will continue to monitor the situation closely seeking advice from various trusted vendors including Microsoft and Aspect as well as our firewall and network providers to ensure that all advice is followed and that recommended patches are tested to ensure that they do not introduce new problems before being applied.

Peter Salmon
Director
Call Design

In regards to recent reports of ‘one of the largest cyberattacks of its kind’ that impacted healthcare and communications systems in over 100 countries bringing many essential business to a halt, Call Design’s Executive Director and CIO, Mr Peter Salmon has provided some background about what Call Design do to protect our own and our customer’s information.

Call Design has invested significantly in technology and processes proactively to reduce the likelihood of these sorts of attacks impacting ourselves or our customers. We are not immune from these sorts of attacks but we are very vigilant and constantly review our measures to reduce the likelihood of an attack and to have tested measures in place to recover from an attack should it occur.

Call Design and our customers consider details of our network, systems, access and protective measures to be confidential on a need to know basis, they are not widely known to our staff, our partners or we hope the perpetrators of these crimes.

Perimeter Protection

Call Design uses best of breed firewalls at the perimeter of all of our systems to protect network entry and egress points. Individual Servers are similarly protected. Call Design email is filtered and tested for virus and malware before being presented to our Exchange Mail server(s).

Hosted systems are segmented from each other and from our backbone networks completely and treated with the respect that we treat maintenance access to customer systems.

Direct data connections are made through Secure FTP servers configured to lock out attempts to compromise access or via dedicated VPN circuits or FTP with defined end points only being allowed with lockout protection.

Systems, Servers, appliances

Call Design has processes in place to maintain system Software versions with regular patching to maintain system integrity and a focus on updates that address security and known vulnerabilities. We have measures in place to ensure that this is a continued priority.

Call Design systems are almost completely virtualized across multiple sites where possible as well as in data centers. Servers, appliances, databases etc. are backed up and stored off-site with regular scheduled and unscheduled restores performed to ensure the integrity of back-ups.

Laptop, Desktop Workstations

All of our devices are equipped with up to date validated version of appropriate antivirus software and as appropriate malware protection. Business files are automatically backed up to Call Design servers and all of these facilities are managed centrally with alerting in place to detect failures.

Customer System Access

Access to customer systems is to the requirements stipulated by individual customers, documented and managed and further supported by Call Design systems and practices. As with Call Design systems, staff assigned to account support and provided with access under customer management and access is removed in consultation with customers that own those systems.

Call Design System Access

Access to Call Design systems is centrally managed and based on Active Directory with controlled access to resources including systems and files requiring management approval. This access is in line with Board policies and employee job roles and responsibilities in all cases.

Where a customer system has been suspected of being compromised, no connection is made until we have assurances in writing that their systems have been made safe. Following this, we have a process to ensure that our connection with their system cannot impact Call design or other Customer systems. This is carefully facilitated under Call Design management and service center practices.

Processes and Practices

Employees receive initial and ongoing information about Call Design requirement for the use of Call Design and customer information and practices and we formally acknowledge board policies and practices and agree to adopt them in their roles at all times.

The Call Design Service Center has many process and practices in place that very specifically reflect the immense responsibility we have to keep our customer systems safe.

This includes some specific technology as well as practices that involve manual validation of laptop health on each use at the start of each shift including full anti-virus scans with the latest signatures before being allowed to perform Service or Helpdesk operations. Device with suspected issues are removed from networks until cleared for use by management.

Constant Vigilance

Call Design has not been directly impacted by last weekends or similar attacks and has not been responsible for impacting our customer’s systems.

That doesn’t mean that we are complacent, companies with much larger budgets and staff than ours have been compromised. However, we have adopted systems, practices and behaviors to minimize the risks and have things in place to recover from an attack should we be compromised.

This is not an exhaustive list of measures that we adopt to protect us and our customers from Cyber Attacks but should give you some confidence that we are serious in our desire to protect ours and our customer’s businesses at all times.

Peter Salmon
Executive Director/CIO
Call Design