cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II

COVID-19- WFH- Security Issues

 

Hi all,

 

Hope most of you WFH and are safe and secure.

 

Here is a question to get some opinions.

 

for COVID-19 emergency  there could be a situation where some changes requested for Agent Desktops to allow Member Service Agents to work from home.

 

The changes allows the identity to be confirmed without the caller speaking their SSN, DOB, etc... and without the agent being able to view the callers SSN, DOB, etc..

 

I think one of them is OTP. The way the change works involves new APIs that create a 10 digit 1 time password that the caller tells the agent over the phone to confirm the identity

 

any better way of doing it with 2F authentication

any suggestions /opinions

 

Thanks

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
1 Reply
denbesten
Community Champion

I think you first need to ask yourselves why the agent working from home is raising new PII concerns.  Identifying the underlying reason for concern will help you identify the appropriate mitigation. 

 

If you do not trust your agent to have PII access in the first place, you need to consider measures like you are suggesting even when they are in the office.

 

If you do not trust the house, you need to figure out how to enhance that trust (e.g. send corporate laptops home; use VDI solutions; enable MFA on your corporate mobile-VPN solution; provide corporate network assets; purchase home shredders, etc.).

 

If you can not trust agents to work with less supervision, it is time for staffing changes.

 

PII protection is also a concern of risk management, public relations and legal departments.  You might consult with them regarding the appropriate protective levels for your organization.