Cisco Logo


Security

One of the first lessons I learned about business came from my first boss, Bill, the sole proprietor of a small retail shop where I worked after high school a few days a week: the customer is always right. Bill always told me that word-of-mouth advertising was much more valuable than paying for print or radio ads, because when a satisfied customer tells a friend about a good experience it makes a lasting impression. Even more-so the negative impression — if a customer goes away unsatisfied, they’ll tell even more people than if they were pleased with their shopping experience. So it was very important to smile (even when answering the phone), be courteous, helpful, and always look for an opportunity to make a bad experience a good one, or at least neutral, before the customer left.

Bill’s shop was a small-town business, and he knew that word travels fast in a small town, for better or worse. With social media, online customer reviews, and ubiquitous smartphones, shoppers are lured instantly to the best deals and away from the worst experiences. Now for even the largest businesses, much of that small-town atmosphere now applies to a global customer base, and handling this hyper-connected community can require great care. As we saw for one local contractor, sometimes an indelicate response to a customer’s bad experience can mean even greater negative publicity than before.

Customer service, public relations, and brand protection are disciplines in their own right, and I don’t presume to cover their concerns here. But each overlaps organizational security in key areas, including: protecting the organization, insuring adherence to defined policies, and communicating the customer’s or end user’s hardship back to the organization.

The Value of Ratings

What is the value of your brand or organizational reputation? Understanding that, and how it can be negatively impacted online, is a necessary first step to assessing and addressing the risks to that asset. As part of the calculation, it will be important to calculate how competitors are perceived. For this reason, and because users are consistently turning to unvalidated, collaborative opinions online, these ratings can be a key factor to differentiation and being chosen by customers.

Online ratings, and the difference in ratings among competitors, have become so important that it has embroiled online local review site Yelp.com in a ratings controversy. Last year, Yelp’s CEO Jeremy Stoppelman took to his blog to dispel allegations that Yelp sales personnel were skewing reviews. Several businesses have stated that Yelp was promising promotion of good reviews and removal of bad reviews if the businesses being reviewed would pay for advertising. In February of this year, a federal class action lawsuit was filed against Yelp. Whether or not the claims against Yelp turn out to be true, the case highlights both the value of what is perceived to be independent reviewers’ opinions, as well as the lengths that businesses might be expected to go to preserve their positive image on such a site.

That’s My Policy, and I’m Sticking to it

Good security starts with a good policy, one that is clear, repeatable, and supported by those decision makers higher up in the organization who are willing to defend the policy’s existence and execution. A good policy should guide an organization to set controls around who can communicate on behalf of the organization, and under what parameters they do so:

In many cases, being clear and consistent can head off concerns and difficulties up front. For example, if an organization maintains an online customer knowledge base that is a consolidated source of truth, then referring customers to the website’s Support section might be one suggestion that every employee could know if they run into a customer with a problem.

Strong and effective policies should also assist organizations with recourse in making amends. If a representative provides a customer with a negative experience that is clearly against organizational policy, then the organization can take corrective action while simultaneously assuring the customer that the representative was not acting in accordance with corporate guidelines. And of course, representatives that are sufficiently educated about corporate policy can act quickly, assured that their actions to make the customer satisfied will be supported by their organization.

Assessing the Situation and Taking Swift, Corrective Action

At times, it will be necessary to perform a swift incident response. In most cases, this will be because the business has identified an area that needs more attention or more thorough action that will satisfy the customer or the general public. But in other cases, this could be because something malicious has been posted online in an attempt to defame the organization in some way (for example, a targeted phishing campaign, or a series of slanderous YouTube videos).

When this happens, organizations should be aware of the often-cited “Streisand Effect” where attempts to censor bad publicity can cause a surge of inverse responses, leading to much greater publicity than was likely before. Organizations may not be likely to predict what actions or what levels of response might trigger significant social backlash, or the persistent nature of that backlash.

Not only is it important to respond to the rapid increase in publicity that a concerted online campaign might require, but it may be necessary to ensure that keywords, FAQs, or other search features direct people to the company’s response. It may not be possible to get ahead of the damage that a bad publicity event could create in the wake of a social-media-fueled viral video campaign, but years later it might help to have a permanent response available to those who come across the old information, with pointers to what has been done since then to improve the customer experience. For example, after nine months of trying to get compensation from his airline for damaged baggage, one disgruntled passenger uploaded a series of videos that received 3 million views in less than two weeks, but I was unable to find any mention of the claim on the airline’s website.

Know Your Limits, Operate Effectively Within Them

Organizations will need to consider the unique operating requirements of their industry. For example, doctors are finding it particularly difficult to respond when patients make statements about the care they have received. Laws in the U.S. can constrain how doctors may respond regarding individual patient care cases in a public fashion. As a result, they must have other avenues to address any concerns related to online complaints about service.

Online opinions are also shaped by the nature of collaborative content. With apparently anonymous posting, there is no easy way to tell who is making what sort of comment (whether honest feedback, inflationary self-promotion, or disgruntled mud-slinging) in many public forums. Sorting out real complaints from the rest may not be a simple undertaking, so it is important to consider how much effort needs to be put forth to maintain effective service and appearance. Many times, having as close to a perfect rating in a subjective online review site may be important, but it may be acceptable to have a good response ready for those who notice increasingly negative reviews piling up — such as a no-hassle money-back guarantee.

Conclusion

Keeping an organization’s reputation safe in the age of instant opinion has certainly become more difficult. The number of outlets for customer dissatisfaction has skyrocketed, and the reliance on peer opinion for decision-making has remained high. With the uncertain trustworthiness of online comments not being a deterrent to many potential customers, organizations must not only combat real problems or perceived problems, but also patently false ones. Under these tightened tolerances, organizations must ensure that their employees are capable of doing their best to make things right the first time, and that their response plans are capable of making effective reparations when things go wrong.

Comments Are Closed

  1. Return to Countries/Regions
  2. Return to Home
  1. All Security
  2. Return to Home