Lax implementation of security measures & poor employee awareness to blame for cyber frauds in BPOs: ASSOCHAM-Microsoft survey

Most cyber frauds in India’s booming business process outsourcing (BPO) sector occur due to lack of strict implementation of existing information security protocols together with poor employee awareness, noted a recent survey jointly conducted by apex industry body ASSOCHAM and global software giant Microsoft.

The Associated Chambers of Commerce and Industry of India (ASSOCHAM) along with Microsoft conducted a survey titled, ‘Understanding the perceptions and awareness around cyber security among employees working in BPOs,’ in Delhi-NCR and Kolkata to ascertain the level of awareness regarding cyber frauds among people employed in the sector.

The survey sample design comprised of four focus group discussions (FGDs) and 20 in-depth interviews (IDIs) held across Delhi-NCR and Kolkata.

It was noted that awareness about cyber frauds was low amid freshers and job applicants, but it was relatively higher in experienced employees.

“Both employees and customers are to be blamed for cyber frauds as employees lack ethics and customers for being careless about security and privacy,” admitted experienced BPO professionals while acknowledging that computer hacking, credit card/bank frauds, malware/virus, tech support scams are most prevalent.

Highlighting the poor levels of awareness among freshers and job applicants, the survey noted that perceptions about cyber frauds are mostly driven by word of mouth and media. Besides, the predominant perception for causes of cyber frauds is the growing shift of online transactions – from shopping to banking and consumers’ growing trust on internet and its safety nets.

While enough measures exist in the BPO sector to keep a check on cyber frauds, it is the lack of seriousness at the organisational level towards the issue which is the root cause to the problem as casual attitude is often passed down to employees, according to the ASSOCHAM-Microsoft survey.

“Basic protocols like frisking/checking before entry/exit, no mobile phones on floor, no pen and paper and others are frequently overlooked, thereby exposing gaps.”

It was also revealed that there is certain casualness, as the general feeling is that most cyber frauds occur on a larger scale, and the security staff is not aware of implications of not following proper protocols.

“There is also little awareness on importance of protecting data of clients leading to casual attitude of employees towards data.”

While seriousness of implications and fear of repercussions is not deeply instilled in the employees’ minds, they can also get trapped or perpetrate those frauds unknowingly.

The survey also suggested immediate steps to drive home seriousness about cyber frauds - include comprehensive session on cyber fraud in induction programme, implement stringent security measures, install strong antivirus systems, organise sessions on ethical practices, implement training and development programmes.

ASSOCHAM in collaboration with Microsoft has launched ‘Cybersuraksha Youth Awareness Campaign,’ wherein series of workshops are being organised in various states with an aim to promote awareness about cyber security threats among citizens and provide up-to-date security information through education and sharing of good practices.