BPO firms lack seriousness on cyber fraud threats: ASSOCHAM-Microsoft survey

BPO

Most cyber frauds in India’s business process outsourcing (BPO) sector take place due to lack of strict implementation of existing information security protocols together with poor employee awareness, a survey jointly conducted by industry body ASSOCHAM and Microsoft said. The Associated Chambers of Commerce and Industry of India (ASSOCHAM) along with Microsoft conducted the survey titled, ‘Understanding the perceptions and awareness around cyber security’ among employees working in BPOs, in Delhi-NCR and Kolkata to ascertain the level of awareness regarding cyber frauds among people employed in the sector.

The survey sample design comprised four focus group discussions (FGDs) and 20 in-depth interviews (IDIs) held across Delhi-NCR and Kolkata, an ASSOCHAM statement said. It was noted that awareness about cyber frauds was low among freshers and job applicants, but it was relatively higher in experienced employees.

“Both employees and customers are to be blamed for cyber frauds as employees lack ethics and customers for being careless about security and privacy,” admitted experienced BPO professionals while acknowledging that computer hacking, credit card/bank frauds, malware/virus, tech support scams are most prevalent.

While enough measures exist in the BPO sector to keep a check on cyber frauds, it is the lack of seriousness at the organizational level towards the issue which is the root cause to the problem as casual attitude is often passed down to employees. The survey said, “Basic protocols like frisking/checking before entry/exit, no mobile phones on floor, no pen and paper and others are frequently overlooked, thereby exposing gaps.”

It was also revealed that there is certain casualness, as the general feeling is that most cyber frauds take place on a larger scale, and the security staff is not aware of implications of not following proper protocols. “There is also little awareness on importance of protecting data of clients leading to casual attitude of employees towards data,” it added.

While seriousness of implications and fear of repercussions is not deeply instilled in the employees minds, they can also get trapped or perpetrate those frauds unknowingly. The survey also suggested immediate steps to drive home seriousness about cyber frauds include comprehensive session on cyber fraud in induction programme, implement stringent security measures, install strong antivirus systems, organize sessions on ethical practices, implement training and development programs.

ASSOCHAM in collaboration with Microsoft has launched Cybersuraksha Youth Awareness Campaign, wherein a series of workshops are being organized in various states with an aim to promoting awareness about cyber security threats among citizens and provide up-to-date security information through education and sharing of good practices, it was stated.