CYBERSECURITY PROBLEMS OFFSHORE
By Lauren Irwin-Szostak / April 30, 2020
The COVID-19 pandemic has affected businesses in all industries, but perhaps none more than the global outsourcing industry. Recent media reports have predicted that companies may begin to repatriate call center and other customer service operations which they had previously offshored to India, the Philippines, and other foreign countries due to cybersecurity and other problems caused by virus-triggered lockdowns in those faraway lands.
For instance, an International Business Times (IBT) article posted on April 20, 2020 begins by stating that “coronavirus is permanently shaking up the global outsourcing industry as lockdowns from Bangalore to Manila prompt firms to ‘reshore’ jobs” due to “restrictions on normal activity in these countries and others,” which “have created a logistical nightmare for the managers of call centres and other back-office operations for foreign corporations.” The IBT article explains that “having their staff work from home is difficult” for two primary reasons. First, “many workers in places like India and the Philippines live in crowded housing with poor-quality broadband, while some firms do not have enough equipment like laptops to provide to employees.” Second, even for companies that are technologically capable of providing work-at-home services, such services would violate “rules governing the handling of sensitive material such as financial transactions for bank customers from Scotland to San Francisco.”
As a result of such cybersecurity problems, many such overseas call centers “have resorted to having staff live at their place of work,” which in turn has “sparked the ire of trade unions.” The IBT article cites several examples, including photographs published in the Financial Times in early April that “appeared to show workers sleeping on the floor of a call centre in the Philippines, living in what they described as ‘subhuman’ conditions.”
Such problems have compelled some businesses to effectively discontinue their customer service operations. The IBT article reports that “companies like telecom firm Spark New Zealand and Taiwanese computer maker Azer, which uses a Philippine facility to serve Australian and Kiwi customers, have simply told people not to call.”
According to the IBT article, the “big impact on countries that for years have benefitted from taking on the back-office operations of multinationals” – most notably, India and the Philippines – cannot be overstated. In India, the customer service industry “employed nearly four million Indians and raked in revenues of more than $150 billion” as of 2017. And “in the Philippines, the industry started from scratch in the early 1990s, but by 2019 its revenues were equal to 7.3 percent of the country’s gross domestic product, employing 1.3 million people.”
The IBT article quotes the author of “Outsourcing 3.0,” Vivek Sood, as to the enormity of the problem plaguing customer service operations in such countries. “The outsourcing industry doesn’t lend itself to working from home,” Sood said. “We are talking about companies which used to ask employees to leave even their pens and pencils outside the office because of security concerns.”
The result, Sood predicted, will transform the global outsourcing industry. “We will have to rethink the whole outsourcing model,” Sood told the IBT. “The assumption that you can offshore everything to Bangalore and Manila and relax has gone out of the window.”
Other recent articles hint at a similar transformation. For example, a National Public Radio News (NPR News) story dated April 24, 2020 and entitled “India’s Lockdown Puts Strain on Call Centers” notes that “India handles more than half of the world’s IT outsourcing,” which has “earned it the nickname ‘the world’s back office,” and that “more than 60% of those operations support clients in the U.S. – everything from credit card companies and airlines to essential emergency services such as hospitals, police and fire departments.”
But according to the NPR News article, after India locked down on March 24, 2020 due to the COVID-19 pandemic, the “vast majority” of the country’s “more than 4 million IT workers, including call center employees,” either “lost their jobs” or “couldn’t get to work.” As a result, “callers to customer service numbers for airlines, banks and retailers worldwide were left on hold for hours or heard recordings saying help was currently unavailable.”
The NPR News article also reports that according to an Indian trade group, “70% to 80% of call center employees are now working from home” in India. But such work-at-home arrangements present serious cybersecurity concerns, since “sensitive personal information – medical records, credit card numbers and other financial data – is suddenly being routed through millions of Indian IT workers’ home computers rather than secure call centers.”
Indeed, the NPR News article quotes a cybersecurity expert at a Mumbai-based think tank, Sagnik Chakraborty, as saying that “there are four essential requirements for employees to work securely from home,” specifically, “having a ‘virtual private network [VPN], encrypted disks, virtual remote desk tops and disabling USB ports.’” “‘But,’” Chakraborty asks, “‘how many [Indian] employees actually have these tools at home?’” The NPR News article answers his question: “Not many.”
Such cybersecurity concerns should alarm every American business that previously chose to offshore – or is now considering offshoring – its customer service operations to such faraway lands. The grave risks of security violations – and the resulting risks of compliance consequences – outweigh and override any cost savings flowing from offshoring.
In today’s trying times, with over 30 million Americans having filed unemployment claims during the last six weeks, economic patriotism alone should be enough to compel our corporate citizens to locate or repatriate their customer service operations at home. But as these recent articles reveal, companies’ own self-interests should also dictate that result. It is well past time for businesses to stop cutting corners by offshoring their call center operations to unstable, noncompliant environments overseas when companies like BPR offer networks of U.S.-based call centers that are fully operational, secure and compliant.
Lauren Irwin-Szostak is the President of Business Processes Redefined, LLC, a call center solutions management firm headquartered in Fairfield, New Jersey which is certified as a woman-owned business enterprise by both the New Jersey Woman-Owned Business Enterprise (NJWBE) and the Woman’s Business Enterprise National Council (WBENC).