Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing number of regulations such as PCI DSS and HIPAA which require security awareness training for all staff including full-time, part-time, temporary, and seasonal reps.
But security awareness training for the reps in a call center provides some challenges. In particular:
- Staff (rep) turnover rate can be high, and the average length of employment short.
- Staff often don’t have (company) email accounts.
Let’s look at each of these factors in turn.
High Staff Turnover
There’s really no such thing as a typical staff turnover rate for a call center – figures vary widely. For instance, a survey by Purdue University’s Center for Customer Driven Quality (CDQ), quoted in “Call Center Management: People Versus Technology” by Drew Robb, shows a very wide range.
And a survey conducted by International Customer Management Institute (ICMI) in 2000 reported on the ICMI website showed the following data for average full-time staff retention periods:
Although not presented, one would expect the average retention period for part-time staff (such as seasonal staff employed during holiday seasons) to be much shorter. Overall, it would be fair to say that the turnover rates are generally a lot higher than in many other types of organization.
So what does this mean for security awareness training?
- Continuous recruitment throughout the year means that it can be difficult to schedule classroom training sessions. So training should be “on demand” which, these days, typically means web-based training.
- Because of the relatively short retention periods – especially when recruiting reps for seasonal vacancies – the learning curve needs to be as short as possible. Therefore, extended training classes aren’t going to be practical, and a highly condensed and customized course/class is advisable.
- The administrative effort in setting up and managing student accounts and tracking training must be minimized. Therefore automation is critical which, once again, typically means web-based training.
Many web-based training systems rely on email for login identification, and for other communications with students. But not all call center reps have company email accounts, or access to email at work. So you may not be able to rely on this. If you’re looking at a web-based training system, make sure that it doesn’t depend on your students having email accounts.
Course Content and Presentation
As noted above, the time available to train your reps is going to be very limited, so you’re probably going to want to have a highly condensed and customized course/class that covers the specific business processes that your staff will be dealing with. For example, if you don’t have company email for reps (see above), you won’t need to deal with email security, and if you don’t deal with information on paper, you won’t need to cover document retention and destruction in the same way as you would if your reps deal with paper orders and invoices.
If you’re not going to develop the course/class yourself (and I’d recommend that you don’t), you can probably find a number of providers who will be able to work with you to develop the content you want. Look for a couple of things:
- A provider with a library of existing content that can be used as the basis for your training so that you’re not re-inventing the wheel.
- A provider who stresses simplicity in their approach to presenting the information so that the course is succinct and focused rather than presenting the students with numerous external links, games, exercises, pop-quizzes …
And a final note – since call centers, by their very nature, involve audio communications (telephone calls), it might be tempting to make heavy use of audio in your training courses. Don’t. As this blog post talks about, excessive use of audio can:
- Increase course development and maintenance costs.
- Use additional network bandwidth which might cause operational problems.
- Slow down the learning process.
Use audio sparingly – perhaps including some sample rep-client conversations. But don’t narrate every slide since it will slow the learners down considerably.
Here are some other things you should think about when looking for a security awareness training solution for your reps.
- Regulations such as PCI DSS and HIPAA don’t just require staff to receive training – they require staff to read and acknowledge security policies. Doing this on paper could quickly become overwhelming for your administrators – especially when auditors come in and start asking for reports – so look for a training system that will also handle policy signatures and reporting online.
- Security isn’t the only area which requires staff training and policy affirmation, so ask around your organization to see if there are other areas that could share the system (and cost!).
- Managers, supervisors and IT staff are probably going to need to receive additional training. This isn’t (generally) subject to the same constraints as the training you need to provide to reps, but they should take the same basic training regardless and then receive additional courses/classes as required.
Here are the key things that (I think) you should do when developing or purchasing a security awareness training solution for your call center reps:
- Use web-based training. The system that you need should:
- Automate student management processes as much as possible.
- Incorporate policy signature management within the same system as the training.
- Allow use by reps who don’t have company email accounts.
- Be extensible to other training and/or policy signature needs within your organization.
- Provide reps with a highly condensed course/class customized to your organization’s specific needs. Base this on existing materials wherever possible, and don’t get too fancy with the presentation – training time is of the essence.