Considering the deluge of articles on data protection, breach and ownership that are drowning our inboxes and news pages, it is understandable to be a little numb to postulations on what this could mean for our future online activities and identities. But have you taken time to thoroughly evaluate the status of the business that you work in, of how secure your systems are when it comes to the malevolent risk of hacks and data breaches? A survey of 4000 consumers in the UK, Germany and France by the Institute of Commercial Management revealed that only 12% of consumers believe organisations do enough to protect their data and 76% would “likely” leave a business or service provider if it committed a breach of their personal data. Sobering stats indeed. The Data Breaches Investigation Report (DBIR) 2012 revealed that out of 855 recorded incidents, 174 million records were lost; the second-largest data loss total since the inaugural report in 2004.
Predictably, organised criminals took the lion’s share of the blame being responsible for 98% of data breaches. Casting a mirror on tensions in contemporary society and protest movements, 58% of all data theft was attributed to activists groups (this contributing heavily towards the previous stat). Breaches involving internal employees at 4% were down 13% over 2010. Incidents involving hacking and malware were both up considerably last year – 81% of incidents involved hacking, while malware was involved in 69% of incidents. Physical attacks such as ATM card “skimming” were down 19% at 10%, no doubt due to increased public awareness and of banks stepping up their security and surveillance procedures.
Perhaps most disquieting were the commonality stats; 96% of the aforementioned attacks were not considered significantly difficult or skilled, and 85% of breaches took weeks or more to discover and were almost always (92%) discovered by a third party. The new EU data privacy directive (which is due after two years of implementation) proposes that organisations will have just 24 hours to report a data breach to authorities and affected parties after it has been committed. This proposal has been met with some ridicule from the IT industry, citing the impossibility of implementation, and they have a good point. But this disparity in reality and expectations should be sending alarm bells off in the heads of IT managers; not merely inciting scepticism at ‘yet another misguided EU directive’. That only a tenth of UK firms feel ready for the new EU directive, should be a carrion call to end denial that such breaches will only happen to others, never us. It is vital that companies of all sizes work harder to mitigate data breaches or, quite simply, they will just keep on happening.
Data breaches aren’t the exclusive preserve of customer data (credit card details, address etc). Medical records, intellectual property, trade secrets and corporate data are also very much on hackers’ menus.
The DBIR report states that 97% of data breaches are avoidable using simple to intermediate controls. Modern businesses must manage ever-burgeoning data stores and the proposed directive should prove handy to aggregate privacy standards, assign internal responsibilities and the like.
The hacker’s preferred means of entry are default password violations, system vulnerabilities (bugs, weak passwords, default configurations) and SQL injections (malicious code attacks). Compliance controls, web and messaging security systems and core systems protection measures should be used interdependently to effectively prevent attacks. ‘Though be aware, if an attack comes from an internal source, security infrastructures such as Microsoft’s UAC (User Account Control) will be significantly weakened. It is all about protecting your data at source and strengthening access controls and authentication systems.
Below are some guidelines for helping to prevent data breaches *
The Information Commissioners Office (ICO) offers free advice to businesses on how to deal with data breaches, though some areas of both the public and private sector are being slow on the uptake. Sadly, this inertia is at the expense of many. Between 22 March 2011 and 17 February 2012, 467 data breaches were reported by government and other public sector bodies, the majority of which were documents emailed to incorrect recipients. Such mistakes are costly, and I don’t need to tell you who foots that bill. Midlothian Council was fined £140,000 after repeatedly disclosing the personal data of children and their carers to the wrong parties. The ICO fears that due to lax breach prevention measures in place, there could be many breaches as yet undiscovered.
Under the proposed EU data directive, companies that commit transgressions can be stung for 10% of their turnover and the ICO, while recognising that the public sector handles more sensitive data than the private and thus is more prone to societally problematic data breaches, states they will impose fines on whoever commits the breach. Judging by recent cases such as Lush Cosmetics, such robust deterrents could prove a worthy motivator. The horse has already bolted in regards to the exposure of high-profile data breaches, gaping systemic holes and the unfortunate effect on the public; but we seem to be resting in some state of torpor where we are reluctant to even get that stable door fixed for the future.
Read more from Expolink about the politics of data ownership.
As recently highlighted in Chanel 4’s Dispatches: Richard Wilson on Hold, if there’s one sure way to alienate your customers it’s by installing a fully automated telephone system where a person could clearly do a much better job. We’re not talking about “on hold messages” here but a system where you are actually expected to have achieved something by the end of the call without actually having spoken to a living breathing person.
Once hailed as the answer to spiralling contact centre costs, automated telephone systems are now widely blamed for a large proportion of revenue loss. So, if it’s the telephone you use to sell your product or service, make sure it’s manned by a real person – one who will answer your customers’ questions and not drive them to the brink of taking a hammer to the telephone handset. The backlash against automated phone systems has begun!
Arm your Customer Service Agents with all the goodies they need to do a great job
Whilst it true that you may occasionally receive a call from someone who‘s just phoned for a chat, on the whole your customers want their query answered quickly and accurately with the minimum amount of fuss and time spent on the phone.
In order to provide such a service, it is essential that customer service agents have better tools to do their jobs. Systems should put all the relevant information about a customer right in front of their eyes. Irrelevant and unnecessary information should be kept to a minimum to cut back on the amount of reading (and erring) involved, and all this information should be displayed in an intuitive, efficient and organised way for at- a-glance reference.
Check your priorities – your customers’ needs must come before your own
Companies are slowly learning that, while customers appreciate self-serve options that provide a genuine benefit to them (e.g. ATMs, on-line shopping, etc.), they’re not so impressed when a company is just trying to dump the work back on the customer (e.g. Self-serve checkouts). Mums with kids in tow for example, probably aren’t going to have their hands free to operate the self-service checkout whilst trying to restrain a couple of wilful toddlers… So why on earth would a large well known chemist (and notorious haunt of the busy mum) do away with the majority of their manned service tills in favour of the somewhat less dextrous self-service checkouts? Lunacy! Thankfully though, a number of large grocery store chains have seen the light and are in the process of removing their self-service checkouts.
Keeping mums happy isn’t the only very strong argument for doing away with self-serve checkouts though. In reality, how much money do they actually save the retailer? Surely the money saved needs to be weighed against the amount of shrinkage caused by certain celebrity chefs taking advantage of the lack of personnel by pinching “low value goods”. Ready Steady RUN Anthony Worrall-Thompson! In all seriousness though, it’s well documented that the very solution designed to save the retailer oodles in salaries is now costing them an arm and a leg in retail fraud and theft.
Quality control
This should arguably be at the top of this list- surely, the first defence against customers complaints is to minimise what they have to complain about in the first place i.e. make sure that the quality of your product or service meets (or preferably exceeds) the expectations of your customers.
Customer service training is back
More and more companies are re-investing in employee training when it comes to the treatment of their customers – mainly due to the fact that customer service has become the most utilised form of brand differentiation (see added value below). Expolink Europe Ltd, providers of contact centre services to over 130 household names, currently offers NVQ qualifications to its entire contact centre staff and David Crook, CEO believes it has “paid dividends in terms of client retention.”
Added Value
Marketing professionals have long advised clients to provide their customers with a “value added proposition”. It’s nothing new but in an environment where price no longer differentiates competitors (because everyone is charging the same minimum rate just to get a sale) it really is giving that little bit extra that gets you noticed.
So what is it? Well, in a marketing nutshell “added value” is simply something you can give to your customers that is of high value to them, but of low cost to you.
It can be as simple as offering advice on how to make the most of the product or service they have bought from you, complimentary accessories they cannot do without, or discounts for return custom or referral to another customer. It can even take the form of quality assurance or a guarantee.
The idea is that the customer perceives the increased worth of what you are offering them, in the guise of excellent customer service or quality of your product’s features, all of which goes towards gaining customer loyalty and repeated business. Of course this all depends greatly on undertaking relevant and effective marketing research to find out what your customers really want – which is a time consuming process, but the rewards could be well worth the effort.
The Gripevine
it’s amazing how much bolder people feel about complaining when they do it online. More and more people are using social media to shout out when they have customer service beef. The advent of social media has been likened to a tidal wave – and you can see why, it’s a force of nature and if you don’t master it, it has the potential to destroy you.
Australian clothing giant Gasp fell right off the crest when one of their sales people was quoted on Facebook and Twitter as saying “I knew you girls were a joke the minute you walked in” after bride-to-be Keira O’Neill declined to buy the (considerably more expensive) pink wedding dress the sales person “recommended” she buy. As if this tale weren’t damning enough, Gasp then proceeded to complete their social suicide mission by publicly defending their salesperson, saying he was “good at what he does… and doesn’t like his time being wasted”; you can imagine the ensuing social uproar.
As a result of stories like this, and the tools that people now have at their disposal to make a public complaint, we are starting to see a re-awakening of consumers. People are far less inclined to accept second best in the way they once were, taking direct, and sometimes devastating, action.
On the up side
It’s not all doom and gloom, owing to its power, there’s an awful lot social media can do for your business if you play it right. Companies that are prepared to put their customers first now have the opportunity to reap the rewards. So make sure your customers have plenty of good things to tweet about.
But even if you do get a bit of bad press… lap it up! It’s the way you deal with this (ideally well and publicly) that can completely turn around the public perception of your company.
Social media sites are also an infinite source of management information. Actively encourage your customers’ natural urge to vent their spleen and use it to make them feel listened to! Where practical, you could even make the suggested changes and advertise the fact that, thanks to Mrs Jones from Dorchester, everyone can now benefit from better customer service. Power to the people!
The new cookie compliance legislation is due in May this year and the ICO has expressed concern that businesses are not as prepared as they should be – what do these new laws mean for the average UK business and how can they ensure they are prepared?
The cookie compliance law – more accurately known as the Privacy and Electronic Communications (EC Directive) Regulations 2003 – is designed to ensure that visitors to websites can decide whether or not a website collects information about them. Most websites use cookies: this is a small file that is downloaded onto a PC or laptop when a user accesses a website which then sends information back to that site on subsequent visits. Probably the most commonly used cookie for the average UK business is Google Analytics, which simply counts visitors to websites and provides the website owner with stats about its use. Cookies are all over the web – from an ecommerce site that stores address and delivery details to speed up the checkout process to far less scrupulous uses. Google makes great use of cookies to personalise its search results and adverts based on, amongst other things, what you have searched for in the past and your location.
Under the new cookie compliance legislation businesses must tell users about the cookies on their website, what the cookie is doing, and – this is the new bit – gain consent to use that cookie. There are some exemptions, but the general rule is that businesses must actively seek consent. This has significant implications for both website owners and users of those sites which is why implementation has been controversial. Businesses (and indeed government) websites have been slow in facing up to changes as they have been hoping for a less clumsy solution to the very real privacy issue.
In short, we should all be making changes to our website before May to ensure compliance with the regulation. The ICO guidance is very helpful on what preparations are required.
The DMA has expressed concern about the EU’s new Data Protection Regulations in terms of the negative impact to the direct marketing industry. Do you have any similar concerns for digital marketing and communications?
If fully implemented, the change in legislation will make a significant difference. Few of us realise the extent to which our experience of the web is shaped by our search history, particularly adverts and search results. The traditional marketing industry uses market intelligence to sell us more stuff; the digital marketing industry uses online data and cookies in the same way. Without this data, then the user experience is bound to be affected.
Google is the single largest online supplier of search results and adverts – in 2011 Google made $37.9 billion in revenue of which 96% came from advertising. They have a vested interest in ensuring European legislation does not harm their revenue stream and have recently asked everyone with a Gmail or Google+ account to consent to revised terms of use. If Google has its way – and it has the influence to do so – then the impact may well be less than expected.
What are the main points to consider for effective website management?
Website management is important if you want your website to rank highly in search engines like Google. The way search engines work is to ‘crawl’ your website on a regular basis to see if the site is suitable to be shown in its search results. Part of the management task is to ensure the site is error free, loads quickly and efficiently and has suitable links between it and other websites – there are a number of tools you can use to check this.
Decent web hosting makes a significant difference to a site’s performance. It’s surprising how many businesses scrimp on hosting when their website is business critical, this is a false economy. We would recommend ‘optimising’ the site for search engines, so that search engines have sufficient information to understand your website and when it should show in search results. More generally Google wants users to find websites that are useful and provide a good user experience, which means a key management task is to ensure the site is accessible, easy to use and contains fresh relevant information.
What are your social media recommendations for 2012; B2B and B2C?
The single biggest recommendation for social media – for both B2B and B2C – is to be authentic. Partly this means being clear about your brand values and how they translate as a ‘tone of voice’ to an online audience. Being authentic as a business can be very different to being authentic as an individual so make sure that everyone using social media in your business is on-message, and then relax and let them get creative! Social media is designed to be an interactive medium (that’s the ‘social’ bit), but too many companies use it as just another channel to broadcast sales information. The point of it is to create a community that is receptive to you and you do that through conversation and interaction. This takes time and commitment – it’s not for every business.
Facebook and Twitter are probably the most popular social media used by businesses, but depending on your sector and type of work there are other options which may have a greater business benefit. For example we have started using Pinterest (pinterest.com) to create visual snapshots of our clients and their business sector as a way to inspire creative approaches to their digital marketing.
PPC, SEO? What’s the craic?
So many acronyms, so little time! Every industry has its jargon and digital marketing is no exception. There is so much of it that it’s easy to get blinded or indeed hoodwinked into parting with cash you don’t need to.
There are some great reference materials out there. We would always recommend SEOMoz for their beginners guide to SEO. Matt Cutts, the Head of Google’s Web Spam Team, does brilliant video questions and answers that are available on YouTube or Google Webmaster Help for more techie issues. For PPC (pay per click for those not in the know) you can’t beat Google’s own help materials. If you want the jargon decoded in a more human way, we’d love to help!
What digital trends would you identify for the coming year?
The digital trend of the moment is Google Search plus Your World. If you have yet to join Google+ you will notice there is a +You option at the top of the menu in Google search results which invites you to register. Google+ works on the idea of Circles – a more sophisticated version of Facebook friends – and the delivers search result based on what your circle of friends and acquaintances are searching for. It’s the next level of personalisation of search.
If you combine personalised search with the increased use of smart phones then you can see we will all be carrying around a ‘community’ of people, brands and interests that we can interact with from almost anywhere at any time. Eventually when you walk into your favourite store, you will receive notification of their deals of the day and what your friends bought. When you search for a restaurant or café you’ll see recommendations from people you know. Arguably we will be ever more connected. However, to go back to the changes to the cookie laws, it’s reassuring to know that Government is considering the long term privacy implications of this.
How far do you reckon the ‘Olympic effect’ will extend across the UK in terms of business?
Hopefully the wave of national joy brought about by an unprecedented number of gold medals won by Team GB will boost our national morale so the Olympics will affect all businesses in a very positive way!
Corporate conferences – cliquey, shameless excuses for days of work or important part of PR/sales/marketing strategy?
It depends on the corporate conference and the corporate culture of course. A day away from the routine, focusing on the future, setting out company and brand values, injecting some creativity and zest into the mundane and reflecting on the customer experience has to be important to any company that is serious about continuous improvement, customer service and their bottom line.
A cliquey, day off work? What kind of corporate conferences have you been to?! - Note from Editor; only the latter option of the question! 
Tell us a joke…..
Why was six against seven? Because seven eight nine.
Noisy Little Monkey is a digital marketing collective specialising in the full gamut of online solutions for any kind of business. Contact them here.
Our physical journey through the world is increasingly mapped by our activity on digital applications – from store cards and CCTV to Smartphones and data tracking. Our feelings of living in a panoptical society have evolved from those of dystopian Big Brother-ness to a fairly benign acceptance that personal data and its exploitation is a necessary component in the fabric of modern society, destined to endure until we drop off this mortal coil. But as digital communications evolve and data becomes an ever more valuable commodity, what are the implications for our right to privacy?
Services such as Facebook and Google offer their services for free – but the costs of their resources and expertise are immense. They make their money by aligning advertising with your recent searches and personal information; which depending on your inclination can be ignored or otherwise. We are increasingly unused to paying for online services – after being enthusiastically encouraged to sign up for free when the whole social media boom took off – the question is would we rather pay for these services or received targeted advertising? Facebook admits to mapping its 800m users’ website activity for the previous 90 days before a visit; a practice that advertising agencies and online businesses defend, saying it affords them invaluable information about users’ interests and behaviours – which of course it does. But who decides what information is fair game? And if the goal posts move at any stage, will we be consulted? CEO Mark Zuckerberg insists the data is used solely to enhance the users’ experience of Facebook functionalities – but, tellingly, is yet to respond to recent claims that he applied for a patent for technology that correlates tracking data with advertisements.
We know that insurance and recruitment companies refer to online profiles to support or dismiss applications; Add to that personal information gleaned from Smartphones, apps, e-commerce and search activity, and you are looking at a pretty comprehensive portrait of a citizen. Though it is not yet believed to be the case, at least not on a significant level, privacy advocates worry that corporations, government agencies and political parties could routinely purchase tracking data from data aggregators. Certainly, it would do no harm for there to be ground rules in place if or rather when this does happen.
The UK Government is thought to be the largest data publisher in the world, with data.gov.uk several times greater than the US equivalent. They are currently at loggerheads over usage of data collated for the necessary running of the country. On one side there are the altruists who would like to see the data shared freely, on the other those who would like to profit. The data, comprised of post codes, procurement, land ownership information and much more, is derived from the Electoral Register. Access to the Electoral Register is free at local council offices and libraries but, due to its sheer volume and format, only really useful for simple reference. While the Full Electoral Register is subject to strict usage permissions, the Edited Register (which we can opt out of) can be bought for considerable cost and utilised for any purpose by any agency.
But public data, captured at source, at its most granular level and made freely available could benefit all businesses not just those with the reddies. Imagine the value of having such data as a fledgling business or service provider in the UK? Without considerable funds to invest, this precious data is out of reach. And it’s not just private companies that are losing out through this debilitating system. Trading Funds, introduced by the Conservative Government, force organisations such as the Post Office, OS, HM Land Registry and the Patent Office to sell data to other public and private agencies in order to meet Treasury targets. For example, in 2008 Swindon had to pay OS £38,000 to use its addresses and geographical data.
As a notoriously private nation what do we think of such proliferation of our personal details? In 2009, a Politics Home survey found that 63% of Britons feel the government already collects too much information about them, and only one in four favours data collection and retention by the authorities. Considering the loss of 25m personal records by HM Revenue and Customs in 2007 it is hardly surprising!
In 2010 Google was accused of illegally harvesting data including millions of emails, passwords, website addresses and even some health records for creation of its UK Street View maps from encrypted wireless networks. Only an individual with a black belt in naivety would claim that Google’s relentless quest for data was anything less than share-focussed megalomania but never-the-less, if such activities go unchallenged and unregulated, how are we ever to know such data harvests even take place? Google claimed the collection was made in error and that they had not used the information to benefit any of its products and services. Deletion of the data was subsequently ordered and Google’s staff re-educated on data protection standards. The lack of action taken by the Information Commissioner’s Office was a source of great bewilderment and outrage from civil liberties groups who expressed doubts about the ability of the Office to successfully audit such activity.
The popularity of social media has spawned its own raft of debates on data ownership and harvest. In November 2011, researchers at the University of British Columbia revealed that their team of 120 ‘Socialbots’ had infiltrated the Facebook network and mined 250GB of personal information in just eight weeks. The Socialbots (specially developed software that mimics human behaviour) had their own full profile including the ability to make friends and update those friends on their activities. Ensuring they remained within Facebook’s limit of 25 friend requests a day the ‘bots sent out 5053 requests to random users eliciting a 19% positive response rate. A further 3,517 requests were then sent to the friends of people who had accepted first time ‘round. As these were more trusted recommendations this garnered an impressive 59% acceptance rate. Only 20% of these were blocked by Facebook’s ‘Immune System’ which is used to identify and remove fake profiles – most of those were a result of spam alerts from users. So far so anodyne – but consider the treasure trove of information contained within a targeted social network and the malevolent way this could be used for on-line profiling and phishing activities. Facebook’s advice for users to only accept requests from known parties is unrealistic – it is the issue of user data security at source which must be addressed.
The World Wide Web Consortium (W3C), the main standards setting body for web technologies, is currently creating guidelines for software called “Do Not Track” (DNT), a browser-based mechanism that allows users to communicate data preferences to their chosen browser. This affords users protection from tracking by advertising networks across their digital journey. Unsurprisingly there are myriad considerations the W3C must make before its guidance is complete; significantly the way that browsers will communicate the opt-in functionality and demonstrate that the request is being honoured. While this is not a panacea to contentions of data ownership and distribution, it is certainly a step in the right direction and will help webmasters ensure they remain compliant with the new cookie laws that come into play in May 2012.
Governmental and other data will continue to be collated regardless of where it ends up. Providing we exercise control over our preferences and make it accessible in a coherent and intuitive manner this has the potential to open doors to the society that it is composed from in the first place. Sharing and combining large databases can provide hitherto unimaginable resources – facts are born of figures, innovation comes to the fore. If we can find a way to map and coordinate information in a meaningful and progressive way, while maintaining strict security controls to protect personal privacy, we could help develop more efficient use of services, foster sharing of knowledge and increase transparency and trust in Government. But who should be responsible for this daunting task? Is the civil service, with its somewhat inflexible attitudes to change, really the best agency to be in control of such large databases? Wouldn’t those with an aptitude for progression and more commercial nous be preferable? And can they be trusted?
Our lives are increasingly spent online, creating discrepancies about the nature of ownership. Digital commodities can be owned by multiple agencies as we exchange and share assets daily without concern. With so many ‘masters’ involved, the psychological value of these assets is diminished. Yet we cannot put boundaries on the transactional space the web offers us, it’s our regressive attitudes and lack of ability to systemise governance that is causing the problems and consequently stifling the possibilities for innovation and progression.
The influential American philosopher Elbert Hubbert once asserted, “one machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man.” In an age of virtual assistants and automated medical advice lines this is a philosophy us humans should perhaps cherish. Customer feedback solutions specialists, ServiceTick, concur with Hubbert. A survey conducted by the company pits contact centres against web-based customer management and finds the latter is still lacking. Their 150,000-strong survey discovered that customer satisfaction scores and NPS (Net Promoter Score) were consistently higher at the end of a personal conversation with an agent than with web-based scores. The difference was clear – customer satisfaction scores were 22 points higher and NPS 69% higher.
Thinking laterally, this is hardly surprising. After all, having someone listen to your query or problem and actively strive for a solution or enhance your experience with their product or service, is most consumers idea of excellent customer service. Choice, convenience, service standards and provision must be key when deciding on the communication channels your company offers. The customer service strategy you employ is dependent on the type of campaign you are running. Simple services with little need for interaction or risk of procedural error could be suited to web-based applications, but if the campaign is more information-driven or if there is more risk for the customer to become confused by a difficult process or service, a contact centre environment might be more appropriate. Expertly managed online systems are well demonstrated by Facebook and Google who, when not fighting over world domination, have constructed comprehensive troubleshooting systems that negate, though not replace, the need for “contact” customer service. Their businesses are such that the majority of the problems their users encounter can be solved through the kind of procedural IT troubleshooting that many of us are familiar with from work. We can see that in some contexts this approach is well suited, but if you are hoping to reap the rewards of upselling, cross-selling or simply injecting your brand with a bit of personality, contact centre services can’t be beaten.
Modern consumers create complex personas through their product choices and the way they select, negotiate, manage and communicate these choices. We allow ourselves to be constantly contactable, both by our peers and marketers alike, and expect the same availability from our service providers. Smart businesses understand that, in order to promote customer acquisition and retention, a more holistic approach to customer service is needed. While web-based processes are sometimes quicker or more convenient to access, the frustration that can develop from not being able to locate your answer within a FAQ matrix can be a far less preferable process to speaking to a responsive and laterally-minded person, interested in retaining your custom. Should a customer be thinking of shopping around for a different supplier, a chat with an advisor gives the opportunity to win the customer back over. Social media and forums mean that people are going to be talking about your products and services; good and bad. Both the bane and beauty of social media is that it is so hard to control and moderate, in fact nigh on impossible. By ensuring the quality standards of your service or product at source, you can be assured that you are doing all you can to prevent negative publicity as well as ensuring that you have a strategy in place if online chat turns negative.
Being able to fully integrate your contact centre and online systems should be the ultimate aim when optimising your customer service provision. It is not a contest between one or the other and, as with many of the facets of business, as long as you are considering the needs of your customer, every step of the way, you can’t go far wrong.
