Nuisance Phone Calls – How Bad Can They Be?

SERIES (PART 2): Understanding and Applying the FAIR™ model as an Enterprise Cyber Risk Management Strategy

EXECUTIVE SUMMARY

At the start of this series, Understanding and Applying the FAIR™ model as an Enterprise Cyber Risk Management Strategy, we introduced Mutare’s take on the nature of risk and the role it plays in both personal and business decision-making. In this piece we draw the focus down to loss events carried every day into your organization through the voice channel. These pieces are built on our experience, data, technology, and depth of research presented in concert with the globally recognized information security risk methodology advanced by the  FAIR Institute.

In this piece we look specifically at the financial and operational impact of the ever-ubiquitous “nuisance” calls. We will move on in future posts to parse and analyze the less understood, but potentially more devastating, elements that exists in unwanted “nefarious” call traffic. In so doing, we hope to shed some light on what, until now, has been an invisible enemy.

The phone rings.

You stop what you are doing to check caller ID. It’s a number you don’t recognize.  

You let it go to voicemail. If it’s a legitimate caller, they will leave a message.

It makes me think of the commonly used phrase, “What have you got to lose?” It’s not really a question, but a form of encouragement, as in, “Maybe you should take up tango dancing  –  What have you got to lose?” or  “Go ahead, make that TikToc  –  What have you got to lose?” In both cases, the worst outcome could be some lost pride.

But is there a chance of any real harm?

Hardly.

However, when it comes to handling business phone traffic, the “What have you got to lose?” question gets a bit more complicated…

 

To Answer, or let it go to Voicemail; That is the question.

Because both choices – answer or not answer calls from “unknown” sources – carry risk.

Answer, and you invite the prospect of wasteful distraction from a robocall or, even worse, invite a malicious bad actor into your network.

Send to voicemail, and you risk irritating a potential prospect, customer or business partner who has an urgent matter to discuss – in other words, a missed business opportunity.

It is a dilemma, and when it comes to the business world, you are absolutely stuck.

 

But are Unwanted Calls really a problem to your organization?

Talk to any enterprise IT Administrator, Telephony Engineer or Unified Communications Architect and they will tell you the issue is real, and it’s getting worse, almost daily. But their evidence is mostly anecdotal, and business leaders do not like to make resource-impacting decisions based on perception. That’s where Mutare’s Voice Traffic Assessment capabilities, augmented by best practices advanced by the FAIR Institute, comes into play.

Before we go on, I’d like to level-set and clarify some definitions:

 

UNWANTED TRAFFIC

Unwanted Traffic is comprised of telephone calls that have no positive business purpose.  Some of these calls are initiated by humans and some are initiated by a machine.

Be aware that unwanted calls can be incoming (originating from outside the organization), or outgoing (originating from within the organization).

At Mutare, we break down unwanted traffic into two high-level segments:  Nefarious Traffic (Calls) and Nuisance Traffic (Calls).

 

NUISANCE TRAFFIC (CALLS)

According to Google, the word “Nuisance” is defined as:

a person, thing, or circumstance causing inconvenience or annoyance.

At Mutare, we use the terms, “Nuisance Traffic” and “Nuisance Calls” to communicate something that inhibits, or is a barrier to, optimal performance.

Examples include:  robocalls and calls from telemarketers.

 

NEFARIOUS TRAFFIC (CALLS)

According to Google, the word “Nefarious” is defined as:

(typically of an action or activity) wicked or criminal.

At Mutare, we use the terms, “Nefarious Traffic” and “Nefarious Calls” to communicate a significant and substantial threat.

Examples include:  scammers, vishers, call spoofing, social engineering, and TDoS attacks perpetrated by bad operatives intent on stealing data, threatening employee security, hampering operations or in other ways inflicting damage to the organization, its people and its networks.

(my next blog in this Series, #3, will focus on Nefarious Traffic)

 

Let’s Talk Nuisance

Nuisance calls are easier to recognize because we deal with them on a near-daily basis. And when it comes to estimating loss in terms of productivity alone, the calculation is fairly straight-forward: Determine how many incoming calls are spam or robocalls over a specified period of time (something our Voice Traffic Filter’s dynamic database does quite effectively), establish a reasonable estimation of minutes wasted through unneeded distraction per call, and then calculate that out into employee downtime/lost wages.

For the record, our ongoing analysis of millions of enterprise CDRs  (Call Detail Records) over the past several years reveals that between 6% to 15% of all incoming enterprise calls are unwanted, accounting for anywhere from $37 thousand to over $3.5 million in lost productivity annually depending on the nature of the organization and call volume.

What’s harder to measure is the impact nuisance calls are having on network reliability and customer experience should, for instance, excessive strain on the network delay timely response. In this scenario, applying FAIR™ methodology enables a more nuanced view. It does require some assumptions. However as stated in the FAIR Institute’s training guide, “Assumptions are an inherent and unavoidable part of performing risk analysis, but leaving them unidentified, unstated, and undebated is an unacceptable practice.”

The fact is, making accurate assumptions about the full impact of unwanted calls on your organization requires some homework.

Mutare is a good place to start. We can take 30 or more days of your CDR, run that through our proprietary Voice Traffic Analysis system, provide you with results that reveal how much of that traffic is clearly spam, and calculate the immediate recapture of time and resources that would result from the removal of that traffic.

And that’s just for starters. Because the level of threat in unwanted voice traffic goes much deeper – in fact, our industry research reveals that nearly 45% of those calls are actually scams intent on stealing far more than your time.

How do we know this? Hope you take the time to check out our future posts. As the saying goes, “What have you got to lose?”

Janet O'Brien

Senior Writer

About the Author

Janet O’Brien joined the Mutare family in 2007 following 25+ years as a career writer, editor, photographer, and marketing specialist for an array of public and private organizations throughout the Chicago area. She has a passion for helping organizations tell their stories and has found in Mutare’s brilliant technology, caring people, and devoted fans, a virtual anthology of inspiration. Read more at mutare.com, or feel free to share your own stories on LinkedIn.