Switching to Microsoft teams was easy, and the host of features it offers had an immediate positive impact on your company workflow. But all too often, adopting a new technology reveals blind spots in your organization.
No matter how many data breaches occur, no matter how many new stories about identity theft come out, many organizations simply don’t equip themselves with proper security measures. This is detrimental to the customer and the company’s bottom line.
This is not a complicated answer, but it’s also not a yes or no answer. Are your Microsoft Teams conversations secure? Yes, because they take place in the Azure space, you are secure for the duration of the live call. But where the security blind-spot occurs is in your Microsoft Teams call recordings.
Regulated industries like healthcare, banking, finance, eCommerce, and insurance must record their calls. It’s not an option; it’s an enforced legal requirement that requires a call recording platform. And when these calls are recorded, vulnerable data that criminals commonly target gets spoken over the call.
Examples include private medical data, debit and credit card numbers, social security and national insurance numbers, and so forth. According to “The Payment Card Industry Data Security Standard” (PCI DSS), this data must be protected.
When you record these calls with Microsoft Teams’ built-in recording features, the recordings are not secure; hence they are at risk and non-compliant. You might ask, “if Teams is hosted in Microsoft’s Azure fabric, why isn’t it considered secure”?
It has to do with how your Team’s recordings are archived. Your organization requires a compliant archival method because criminals frequently capture data while it’s in transit, exploiting a host of security flaws often found right in a company’s server farm.
During dispute resolution, your Team’s calls will probably need to be reviewed by external departments or even outside legal firms. It’s a violation of numerous compliance laws to transmit unencrypted data beyond the company network. This is where a compliance recording platform, like Atmos by CallCabinet, comes into play.
A cloud-based compliance platform like Atmos captures your Microsoft Teams calls directly from inside your Azure space regardless of the remote or on-site origin of the agent’s location. This mitigates multiple risk factors because the call is encrypted and stays in the Azure cloud automatically.
This recording is also entirely transparent to the agent, reducing potential interference. If a recording needs to be shared, the compliance platform can send a link to an encrypted file that grants temporary, protected access to the file from within the Azure space. The file itself never needs to leave its storage location, maintaining security compliance.
Each business that connects to its clients over Microsoft Teams leaves a trail of data that can be exploited by data criminals. All of the debit, credit card, social security, and national insurance numbers shared in the recordings of these Team’s meetings need to be identified and scrubbed from the recordings. As the owner of the recorded data, your company is responsible for that scrubbing, known as PCI masking or PCI redaction.
So whether you’ve deployed Teams to provide insurance, banking services, eCommerce, or medical services, you bear full responsibility for the care of the data you’ve collected. Taking care of this data sounds easy, right? Just hold the Teams meeting, secure the recording, redact the data. However, many hidden challenges arise when attempting PCI compliance.
When your customer shares PCI data over a call, that data can be and likely is cloned multiple times. First, the data appears in the call recording itself. But many companies make use of automatic transcription services, and in some instances, robust compliance platforms (like Atmos) provide integrated transcription for each call.
The transcript must also be redacted. And, unfortunately, sometimes employees store PCI data to save themselves time. This step may save an agent time when handling an ongoing customer issue, but it’s a clear violation of PCI DSS and a critical security gap that threatens the company.
Stolen credit card numbers and identities that lead back to your company can hurt and even stall a company, depending on the size and scope of a data breach. Governments make a habit of dropping lawsuits and heavy fines on companies that fail to protect customer data, but that’s not the end of the line.
Your customers and the credit card companies involved can also get in line to take you to court. Credit card company fines land between $5K and $10K per month. PCI redaction for your Teams recordings is not optional; it’s critical.
To get your Microsoft Teams recordings PCI compliant, the first place to look is your compliance platform. Does it provide automatic redaction features? Cloud-based compliance solutions like Atmos employ an intelligent AI-driven PCI redaction feature.
The cloud provides the application bandwidth, and the platform provides the recognition engine that can identify number strings and scrub them from every media that platform processes.
AI is the redaction method of choice because it heads off human error and can work swiftly across enormous volumes of data. Imagine redacting calls, one at a time, with human beings. It would cost a fortune and yield a less-than-spectacular result.
Your compliance platform should be able to redact both the recording and the transcript to leave no crumbs behind for malicious parties.
You’re using Microsoft Teams, so you’re off to a great start, and your organization is already benefiting from its fast and easy connectivity. To protect your customers and your company, you need to invest in a cloud-based compliance recording platform. It can greatly increase your data security, help you improve customer service, and even provide cost and time-saving benefits.