Monday, February 29, 2016

Data Security

Data security should be a priority in your organization.

For hackers, large-scale data breaches such as Home Depot, Neiman Marcus, and Staples are gold mines. For businesses, keeping valuable customer data out of the hands of cyber-thieves is a constant battle. Companies need to safeguard against every possible vulnerability across their entire infrastructure.

In 2014, the total number of reported data breaches in the United States hit a record high of 783, averaging about 15 per week, based on information compiled by the Identity Theft Resource Center (ITRC).

Companies, on average, can expect to encounter 17 malicious codes, 12 sustained probes, and 10 unauthorized access incidents each month, according to research from the Ponemon Institute, a provider of independent research on privacy, data protection, and information security policy.

Despite the growing number of attacks, many companies are still not doing nearly enough to secure their customers' personal and financial information. For many companies, the wake-up call only comes after they have fallen victim to a large-scale, high-profile breach.

Forrester Research noted that outside of banking and national defense, many industries are "woefully immature" when it comes to making the necessary investments in data breach protection, detection, and response.

This prompted Forrester to conclude that most enterprises will not be able to respond to a data breach without undermining their customers' trust or dragging their own corporate reputations through the mud.

Companies need to prevent data breaches from happening. They need to have an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breaches significantly and goes a long way toward reassuring customers who might have been thrown into a panic.

The first step toward that goal is having a high-level company executive who is responsible for data security. The key to addressing information security is first understanding what customer information is stored in company databases. Create a data inventory and determine what data is sensitive. Then segment out the sensitive and nonsensitive data.

Systematically purge the data that your organization no longer needs.

Take an inventory of all of their IT assets and business processes and analyze them for vulnerabilities that could expose sensitive data, for example, cardholder data. The next step, would be to fix those vulnerabilities. This assessment should be performed at least once a year. Make sure that the company's data security program meets industry best practices, government regulations, and the company's business objectives.

Make sure your web site uses encryption for processing customer's data. Once your company no longer needs customer data, such as payment cards or any other personal information, it should be securely deleted.

It is crucial for companies to segment data so that a breach in one file does not open other data repositories.

Companies should use Internet firewalls at all times, keep their operating systems and other business software up to date, and install and maintain antivirus and anti-spyware programs. Because many companies allow employees to use their own mobile devices, including smartphones, tablets, and laptops for business, these devices should be protected in the same way. Limit some company applications and data so that employees can't access them from unsecured mobile devices.

It is extremely important that companies limit data access to those employees who need it setting up appropriate security permissions in your data systems. You can put data logging in place, with alarms for when something happens out of the ordinary. This way you will know when someone is doing something with the data that does not coincide with their job description.

Contact centers are vulnerable to hackers. They use interactive voice response (IVR) systems for surveillance and data-gathering as a precursor to phishing schemes with agents, who are unwittingly coaxed into giving out sensitive information to unauthorized callers. In most cases, the call center agents are tricked by skilled fraudsters who use a variety of social engineering techniques to get them to break normal security procedures. The only real defense is proper training and protocols.

As many as 35% of data breaches have started with basic human error, such as sending an email with personal information to the wrong person or storing company files on laptops or tablets that were lost or stolen.

Even worse than careless employees or outside hackers, though, are the contact center agents who knowingly engage in illegal activities, using their jobs to gain access to information that they can sell or use on their own.

To help contact centers deal with this threat, call center technology can completely prevent skimming by agents. At the point in the transaction where the agent needs to collect the credit card information, systems can automatically pause recordings. With other solutions, the call can be transferred to an IVR system. Agent-assisted solutions can allow agents to collect credit card information without ever seeing or hearing it. The agent remains on the phone and customers enter their credit card information directly into the system using their phones' keypads. The standard dual-tone multi-frequency tones are converted to monotones so the agent cannot recognize them and they cannot be recorded.

In this environment, contact center managers and other employees need to be trained to spot at-risk employee behaviors. Training alone, though, is not enough. Employees need to know that there will be serious repercussions for violations of company practices and security protocols. Companies need to have a clearly defined formal policy so that employees know if they violate it, there are consequences that they will have to face.

Data security, therefore, has to be a business-wide endeavor. IT professionals, company executives, and employees at every level must work together to protect critical data assets from internal and external threats. Companies need to foster a security-aware culture in which protecting data is a normal and natural part of everyone's job.

Data security is also a constant game of what-ifs. The only certainty is that cyber-criminals will never stop learning and sharing information that will help them to get into high-profile targets. They will never stop trying to break into corporate databases. The information is just too valuable on the black market. The key is to make sure that you are not leaving the front door open for hackers to get in.

Galaxy Consulting has 16 years experience protecting organizations' data. We have done it for many companies. We can do the same for you! Contact us today for a free consultation!

Saturday, February 13, 2016

Successful Self-Service Strategy

When it comes to customer service, simplicity is critical. Companies can improve customer experiences primarily by limiting the amount of effort it takes for customers to find answers to their questions and accomplish their tasks. Here lies the appeal of Web self-service, which for many consumers has become the preferred communication channel.

Instantly available, 24/7 online customer self-service portals are gaining ground over conventional agent-assisted support, marking a significant shift in consumer attitudes toward the technology. And, contrary to popular belief, interest in Web self-service technologies is not just coming from younger consumers. The technology is changing the behavior of consumers of all generations. In fact, a recent study by Forrester Research found that 72% of consumers, regardless of age, prefer self-service to picking up the phone or sending an email when it comes to resolving support issues. This certainly is welcome news for organizations looking to cut customer service costs and maximize revenue.

There are several elements to consider for successful self-service strategy.

The success of Web self-service depends on the quality and quantity of the information available and the ease with which it can be accessed. Online customers are extremely impatient and information-hungry, so the material available to customers through self-service needs to be succinct and direct, even in response to queries that are not.

The self-service option has to be easy to find on the Web site. To call more attention to the portal, organizations can prominently place a link to the self-service portal on the homepage and other common support pages that feature company, product, and services information. And, since a self-service portal is an extension of a company's Web site, it should have the same look and feel as the rest of the site.

Once on the portal, 80/20 rule applies which means that you assume that 80% of site visitors are looking for about 20% of the content, so that 20% should be easy to find.

As for the content itself, it should be clear, to the point, and easy to understand. This can be achieved by including graphic elements, such as diagrams, charts, and bullet points. When doing so, make sure the graphics are optimized for the Web. If they're not, the Web site could take too long to load, which might cause some customers to abandon it for a more costly agent-assisted channel. Consider keeping content to an eighth-grade reading level, so the average 13- or 14-year-old can make sense of it.

Ensuring accessibility also means that the site should support a variety of Internet browsers, operating systems, assistive technologies for the blind, and, of course, mobile platforms. The latter is becoming more important, especially when one considers that almost a third of all Web traffic today comes from mobile devices.

To make a self-service section even more effective, it can be combined with an automated guidance system that enables site visitors to enter questions and then takes them to specific responses without forcing them to scan an entire database for the answer they need.

One such system is marketed by WalkMe, a San Francisco start-up that enables Web site owners to enhance their online self-service options with interactive on-screen step-by-step instructions displayed as pop-up balloons. The balloons can be programmed to appear automatically when the site visitor rolls his cursor over certain items or when he clicks on a help button.

Customers who can't find answers on their own in a self-help knowledge base might be inclined to call a customer service line, but they are more likely to type their question into a Google search bar, and companies have no control over the results that the Google search returns. This presents a number of problems for a company. Not only has the visitor left your site, but he can find information that you may not want him to see.

Virtual agents are another option companies can use to help customers find what they're looking for. IntelliResponse's Virtual Agent technology simplifies its Web self-service options. The software helps site visitors to find the single right answer to their questions. To keep information current and relevant, it strips outdated FAQ entries, learns over time how to group and respond to questions, and captures data about customer service queries to find precisely what customers need so your organization can fine-tune how it presents information on its Web site.

Companies can also use Web chat to help customers through the self-service maze. It's a tool that's already widely accepted by consumers and businesses alike. LiveWebAssist chat enables agents to push prepared content such as photos, graphics, or Web link, to customers on the site with a single click.

Along with chat and virtual agents, companies can use assisted browsing, or cobrowsing, to move self-service interactions along. This functionality lets the agent—or possibly the virtual agent—temporarily take control of a customer's computer screen. Not only does this improve the self-service experience, but, when interactions move to the contact center through either phone or chat, co-browsing can reduce the average handling time.

It is important to measure response time. Perhaps the most effective measure is the number of customer questions that are submitted and get a response. This can apply to those questions where the customer finds the answer on her own as well as those that are answered through a social community or by a representative of the company. Consider these elements:
  • the number of issues resolved per month through social communities. This includes the number of new questions posed to and answered by the community, the percentage of issues resolved by members of the community rather than company employees, and the number of "this article helped me" votes received.
  • the number of issues resolved every month through FAQs and company knowledge bases. This includes the number of page views that both receive per month.
  • the average cost to resolve issues through channels that involve a company employee. These include phone, email, and chat.
And then, as with any customer service channel, it's important to collect user feedback about the self-help experience. As with any other customer service channel, this can be done through customer surveys, Web analytics and search logs, customer interviews and focus groups, usability testing, and collaborative design processes.

For self-service to be done right, it should be in the interest of the customer. You do not want customers to use self-service because they are forced to. You want them to use it because it serves their needs.

Galaxy Consulting has 16 years experience in optimizing self-service on companies web sites. We can do the same for you. Contact us today for a free consultation!