GDPR. Dial F for fraudsters.
Most of the emphasis thus far in the GDPR debate has centred on
cyber security and data management. Yet there are also the everyday things that may trip you up that also fall within the remit of GDPR. One of these is the humble telephone call. The possibility of fraudsters spinning a story on the phone to bypass other elements of security is a very real possibility. This had tragic consequences a few years ago when Australian DJs on breakfast radio talked their way through to the maternity ward of Kate Middleton, an episode that resulted in the suicide of a nurse, who felt responsible.
I just called…to say…..
Most trained PAs are very good at fobbing off phone calls. (I have enough trouble talking to business owners I already have dealings with as the PA just won’t believe me) yet again it depends whom you get on the other end of the line. What GDPR insists on is a consistent approach across the organisation, which means training and a standard set of queries to ascertain whether a caller is genuine. This may include a set of questions that only the caller would know: membership numbers, birth dates, a proportion of a password for example. A number of CRM systems are TAPI-compliant allowing connection between telephone and computer systems so that the number stored can be checked against the incoming call to assist in identity verification and generally querying the nature of the call to ascertain whether the caller is fishing for sensitive information or details that could compromise the client if ever released into the wider domain. All of this sounds like common sense, but procedures do need to be documented and staff trained in what to do when they are faced with such situations.
Don’t leave me hanging on the telephone.
You also may have to think outside the box. What happens when staff are out and about, on mobiles or working from home (see previous article) when they won’t have access to systems or other methods of verification? This could be the loose link in the chain allowing people to be caught off guard. It’s often situations like these that cause problems, so when considering security, all scenarios need to be taken into account.
GDPR is supposed to restrict the number of nuisance calls that are received, but there will always be a criminal element and people with personal vendettas, who will seek out information that may compromise your clients and for all these reasons, organisations should remain vigilant.