Category: Information Security
DAM Or Web CMS? Part 2: Find Out Which DX Technology You Need For Workflow And Delivery
In the second part of our series, we take a look at workflow and delivery and where digital asset management and web content management systems excel. If you haven’t seen the first part of our analysis, make sure you check it out.
Do you need more help? Forrester clients can set up an inquiry with us.
Emphasize Emotion In Your Holiday Customer Service
This blog post is part of Forrester’s Holiday 2018 retail series.
As the holidays approach and the post-holiday return rush quickly follows, a few things will occur simultaneously: Hundreds of millions of customers will make purchases, total holiday retail sales will push the $720 billion mark, and millions more will send odd, ill-fitting, or unwanted gifts back from whence they came.
It’s in this frenzy of purchasing where empathy is often lost — and it’s all the more important when customers can actually find it. When your partner or spouse’s gift is a month late for the third holiday in a row or Grandma’s gift was never processed by the fulfillment center and you call customer service for a solution, there’s an emotional need to make sure that the agent on the other end gets it. This need, multiplied by the millions of customers who will undoubtedly face a myriad of retail issues this holiday season, presents an opportunity for customer service organizations to inject emotion and empathy into each conversation.
Ease, effectiveness, and emotion all contribute to a positive customer experience, but often brands will focus too narrowly on effectiveness. Customer service interactions are emotional for the customer — brands must consider those emotional needs when building their service strategy, and there’s no better time to start than during the predictable spike in emotional interactions during the holiday season. The good news? You’re already prepping for the volume. Now is the time to step up and meet those emotional needs with:
- Technology to guide both agent and customer. Speech analytics solutions can give you real-time insights into the emotional needs of the customer, and predictive routing technology can match a customer with the agent best equipped to handle their communication style or personality type. While those solutions may not be feasible until the next holiday season, in the meantime, revisit your approach to right-channeling customers. The best channel for them to resolve their issue may depend on their emotional needs.
- Hiring and onboarding practices to help agents empathize and understand. Brands are planning for an influx of seasonal agents to handle increased interaction volume during the holidays. It’s the perfect opportunity to explore new ways to inject emotion into customer interactions — and may even help with the seasonal churn. Prioritize emotion in the first daily stand-up: Give your agents room in their scripts to relate to customers’ experiences, prepare to offer more concessions to frustrated customers, and look at how well agents empathize with customers. Take advantage of the fact that your agent is, in fact, also human.
Ease and effectiveness are critical components of a customer service and customer experience strategy, but incorporating customer emotions into your holiday service planning — whether through optimized analytics, predictive routing, or updated hiring and onboarding processes — is the key factor that will set your organization up for success in 2019.
For more information on how to approach customer service interactions through the lens of customer emotions, set up an inquiry with me, and look out for our upcoming research on how to inject emotion in customer service, publishing in January 2019.
In the meantime, for more insights on how we think customer service will change next year, check out our recently published report, “Predictions 2019: Customer Service And Sales.”
(Sarah Dawson contributed to this blog.)
Half a billion Marriott guests affected by a large-scale data breach
On Friday Marriot International Inc. announced that over the last few years their Starwood properties have been exposing sensitive information of hundreds of millions of their customers. It is believed that the details of nearly 500 million Marriott customers have been accessed by cyber criminals. The leaked data include hotel visitor’s information such as name, passport number, mailing address, gender, phone number, email address, date of birth, and reservation dates. Marriot highlighted that some of the leaked information also includes payment card numbers and payment card expiration dates. The incident will remain in history as one of the largest data braches ever.
Starwood, the largest hotel chain in the world, has more than 1,200 locations across the globe and includes brands such as Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W Hotels, St. Regis, Le Méridien, Aloft. Element, Tribute Portfolio, and Design Hotels.
Marriott said that on Nov 19th, the company received a confirmation that there has been unauthorized access to Starwood’s guest reservation database. The loophole in the database might have been active since 2014 before it was discovered in September 2018. It is currently unknown who is behind the attack and if the stolen data has ever been publicly up for sale on the Dark Web. There is no evidence showing if the attack was state-driven or has been led by money-hungry hackers.
Marriott is currently sending emails on a rolling basis to all emails found in the leaked database. They offer free one-year identity-theft protection to everyone who might have been affected by the breach. The hotel-chain is cooperating with the authorities and opened a hotline for concerned customers.
What to do if you’ve been affected?
First and foremost, you may want to consider taking advantage of the free identity-theft protection service offered by Marriott. The next thing you should do is to go through your bank statements and look for suspicious activity. If you notice something out of the ordinary, call your card issuer and discuss your concerns with them. They might be able to help you. Most banks would be happy to overnight you a card replacement.
Then you might want to keep an eye on your credit score and even consider freezing your accounts with all major credit bureaus – Equifax, Experian, and TransUnion. If you are not planning on using your credit score for purchase anytime soon, freezing your accounts is strongly suggested. This is a great way to try to prevent hackers from taking advantage of the stolen data.
If you do not have anti-virus software on all your connected devices, you must consider it. Data breaches often do not give away everything needed by fraudsters wanting to steal your identity or hard-earned cash, so they target you and look for other ways to paint the full picture. Having quality antivirus software on all your smart devices would prevent hackers from finding the missing pieces they need to gain complete control of your identity. Don’t make it easy for them and install anti-virus software on all your smart devices.
Last but not least, you may consider joining one of the multiple class-action lawsuits that started popping after the news broke on Friday. Two people from Oregon filed a lawsuit against the hotel chain hours after Marriott announced the news. Their lawsuit was followed by another one coming from a law firm based in Maryland. Expect more class-action suits to be filed in the next months.
The data breach suffered by Marriott will remain in history as one of the most significant hacks to date. While the Yahoo data breach from 2013-2014 is still topping the list – roughly 3 billion people were affected – Marriott’s breach certainly makes the top five list of largest data breaches in the world. And it may end up being the costliest breach ever as Marriott’s incident was announced months after GDPR came into play which may lead to a hefty fine for the hospitality chain.
The post Half a billion Marriott guests affected by a large-scale data breach appeared first on Panda Security Mediacenter.
What Exactly Is Google Apps & How Safe Is It?
Google Apps is a service offered by Google that involves providing independent and customised versions of a number of products with a custom domain name. It includes many Web applications with functions similar to conventional office suites, such as Gmail, Google calendar, G-Talk, Google Groups, Google Sites and Google Docs.
Google Apps can be accessed for free and provides the same storage capacity as any other regular Gmail account. Any enterprise requiring additional storage for e-mail can purchase Google Apps for Business for an annual fee per user account.
Continue reading “What Exactly Is Google Apps & How Safe Is It?”
Winning at Corporate Security
Here, I’m not talking about a security guard post where you wear some faux cop uniform and a tin badge. You don’t need pounds of skill to work that kind of beat. I’m talking about the upscale security work, where you get to wear a suit and your biggest concern won’t be handing out parking passes. Corporate business parks, hotels and casinos, entertainment establishments, private estate security, and the like.
Based on my experience in the field and some good and bad examples I’ve observed, a few pointers:
Be in reasonable physical shape
You’re playing a hard enough game already by being a private security figure, which some scoffers already discredit as being a “rent-a-cop” or “hired goon”. The last thing you want to do is make yourself appear even more ineffective by being rotund, flabby, or looking like the high school geek.
In a situation where you’re trying to get a better look at somebody across a lot or trying to gain a couple of paces on a car so you can see the license number, nothing’s worse than running out of breath. So it should go without saying that you should not smoke, should cut back on the diet, and try to show up at a gym at least once a week. It can only help.
Look professional
Whatever your uniform requirements, you above all have to present the appearance of authority. A spotless, conservative appearance will be like a magic spell, instantly adding to your command presence. We’re talking crew cut hair, ditch the beard and sideburns, and have polished shoes. It can make the difference between “Yes, sir.” and “Why should I listen to you?”
Any job where you have contact with the general public, your presence is high-profile. If you like to have freedom to wear a ponytail and earrings to work, corporate security is just not for you. Private security already works at a disadvantage – you have to function as private citizen-level law enforcement to maintain control of every situation with little more to back it up than your word. Chances are you’re working unarmed or with limited backup. So psychology is one of your most important assets.
Be well-read and well-spoken
The well-read part is the reports which you’ll be writing. As is always emphasized in training, the incident reports that you take may become court evidence. For hand-written reports, again, if your printing is sloppy or your writing is not up to par, you are simply in the wrong line of work. Spelling, grammar, and a good vocabulary will lend credibility to the incidents you’ve witnessed. Should your report become evidence in a court case, don’t think that your writing quality won’t be under scrutiny; it will be. A carelessly written report indicates that you could be careless about other things, and that’s all that’s needed to create reasonable doubt in the minds of a jury. Lawyers just on stuff like this.
The well-spoken part is of course applied to dealing with the public. Private security relies heavily on public contact, and every good security professional is just a little bit good at being an actor. Assume an attitude of confidence, but not arrogance. Speak plainly and clearly, but directly. If you have to raise your voice, bluff, or escalate a confrontation, you’ve already lost.
Be prepared to hear a lie
This is not to say that you should be unreasonably paranoid. But if you work with public contact, you might as well take it for granted that you’re going to have people trying to bluff their way past you or around you with every fairy tale they can think of. Interview your subject, and get good at reading body language. Be suspicious of motive.
Be unpredictable
Nothing is worse, if you’re on a patrol, than to do the same things in the same order every day. Anybody who wanted to penetrate your property would of course be looking for you, and it would be simple to track and time your movements. For this reason, be careful to vary your routine on a daily basis. Even changing your methods is necessary sometimes.
Hopefully your business understands this. The worst case is where you are required to hit some kind of key system at regular intervals; this does nothing but make management think that you look busy, and you should make some kind of effort to let it be known that you are unable to do your job effectively under this condition. Security work is a variable. Infiltrators already have an advantage in that they know what they are going to do. You don’t; all you can do is be ready.
Be extra paranoid about computers
Hopefully you have your own IT technician on site who deals with security from the computer end, or you have other specialist assigned to this. Even then, computers make your job about a hundred times more complicated. No matter how careful you are, information security at the average corporation is a losing game, simply because of the people factor. People download viruses, write down their passwords and stick them on monitors, carry laptops home and lose them, drop their ID badges, answer the phone and supply everybody who asks with their personal identity data, respond to phishing scams, and a hundred other things besides.
It is a complete myth that computer security crackers gain access by mere technical know-how. A solid 90% of a cracker’s work involves either ‘social engineering’ (exploiting the people factor like the methods described above) or dumpster diving or gaining access to the property.
Sadly, there is no way to fix this, as educating users has been shown to be ineffective. Everybody who is willing to learn has already learned, and the remainder may certainly try to convince you that they don’t know any better, but in reality they are harboring a backlash effect where they resent technology because they feel intimidated by it. So yes, a percentage of employees really are giving their user name and password to the person on the phone claiming to be the repair person on purpose! And some users really do know that they’re downloading viruses but they don’t care, because they know the sysadmin will just wipe their drive and re-install their system for them.
Maintaining a program of computer security education will of course be necessary and will address part of the problem, but just take it for a fact that your network is vulnerable at all times, from all kinds of passive-aggressive sloppiness. No matter how many times the MSCE assures you that there is no wireless access into the company network, that kid in the parking lot at two AM playing with the laptop has found a hot spot. Count on it.
Data Loss Prevention (DLP) demand is growing
Read Why Data Loss Prevention (DLP) Demand Is Growing
With the importance in data security escalating, there has been an increased demand for the earliest approaches to securing data, namely data loss prevention, say experts.
Data loss prevention (DLP) is a term used to describe software products and strategies that help a network administrator control what data end users can transfer.
According to Trevor Coetzee, regional director, SA and Sub-Saharan Africa at Intel Security, there has been a revival of the DLP market locally and growth globally – in both data loss and data leakage prevention requirements – due to new privacy laws being implemented by countries across the world.
Many SA organisations are investigating solutions in preparation for the privacy laws like POPI within the country, says Coetzee.
Moreover, the demand is also being driven by the growing adoption of cloud services, data going across public cloud services, and increased focus on the insider threat that many organisations face on a daily basis, says Coetzee.
“We are also encountering, unlike what we have seen in the past with emerging technologies and capabilities, that SA companies are adopting cloud strategies and technologies at a surprisingly fast rate.
“As a result, they are now looking for numerous security solutions which align to their strategy – including DLP solutions.”
Research firm Markets and Markets agrees, saying one of the major factors that have helped the DLP market to grow is the increasing focus of organisations towards meeting regulatory and compliance requirements and data saved on public and private cloud.
Apart from this, factors such as increasing data breaches and cyber attacks are boosting the demand for DLP solutions, it adds.
Darryn O’Brien, country manager at Trend Micro Southern Africa, says organisations are realising that their data is no longer just information, but an asset which should be protected from the outside world.
It is this awareness that is driving the need for technologies and processes like DLP to address the situation, he adds.
Perry Hutton, Africa regional vice president at Fortinet, says the flow of data transactions into and out of the data centre, between data centres, or that is used and stored on a wide variety of devices is increasing at a dramatic pace.
During this process, the nature of the data changes, and comprehensive data loss prevention strategy is needed to address these different states, adds Hutton.
DLP strategies need to include not only business sensitive information but personal client and employee information too, as the loss of this data can be just as damaging to a business, says O’Brien. “In short it needs to be holistic and embrace all aspects of the business.”
Are you considering the protection that your data demands?
ITSecurity.Org can help you with your DLP requirements
By Regina Pazvakavambwa