We know how much empathy can enhance customer experience, but it can also make a substantial difference in ensuring that customer information is well-protected.
With the recent barrage of massive security breaches involving customers’ credit-card and other personal information, companies need to deploy every tool available to safeguard sensitive information. Employee emotions and empathy are a powerful force in the fight against cyber threats to customer, employee and company information.
1. Put people at the center.
Technology strategies and compliance frameworks are major players in cybersecurity, but the old adage that compliance is not enough has never been truer than in this digital age. That’s because what most organizations identify as the weakest link — employees, the people on the frontlines — could also potentially be the strongest defense. In the customer service industry, those are the people talking to your customers and handling their information; making effective training and communication a critical part of building your first line of defense.
2. Focus on emotions and engagement.
What is the best way to empower people to protect customer information? Just talking about compliance requirements isn’t enough — you must also communicate on an emotional level. In their book “Switch: How to Change Things When Change Is Hard,” authors Chip and Dan Heath use decades of research to explain why knowledge isn’t enough to cause people to change. Even in the workplace, where business reasons and rational thinking are supposed to rule, relying solely on facts to motivate people is a mistake. To change employee behavior, you also need to relate to their personal situation and address their feelings as part of your strategy.
Think of it as a three-pronged approach. First, training must be clear and effective from Day One. That education sets the expectations and gives employees the knowledge and facts they need to be successful. Next, the right technology must be available to help agents keep what they’ve learned top-of-mind with desk alerts and regular communication streams. These factual snippets can even be trigger-based depending on employee activity. Finally, fostering empathy and emotion will make the information meaningful and relevant.
For example, we use a multichannel approach at SYKES to ensure our employees receive the information necessary to do their jobs and understand their obligations to both client and regulatory compliance. In addition to effective training and robust technological controls, we regularly engage our employees in open and frank discussion about why it is so important to safeguard sensitive information. Such conversations help agents recognize how each customer interaction can make a difference. Connecting with our employees, we encourage empathy by looking at what happens to people when their information is violated or fraud is committed. It’s about more than complying with various regulatory bodies; because while the responsible company may incur millions of dollars in brand damage and lost business, that doesn’t communicate a personal, empathy-based message. Instead, we look at the personal harm experienced by everyone involved in the interaction and show agents how important their role is, as the voice of the customer, in providing the best possible protection.
Another way to incorporate empathy in security training and reinforce its impact is to involve people outside of the security and compliance organizations in planning, presenting and talking to agents. At SYKES, we strive to make security and compliance a team sport, one that is owned by all parties. When having frank discussions on the gravitas of compliance, who better to reach employees than their own colleagues and direct leaders? Promoted as a best practice by the National Cyber Security Alliance, communication from “within the ranks” is generally more persuasive and effective than when it comes from experts on a Security team. You can learn more about our “team sport” approach to security in another recent article I wrote.
3. Build a culture of compliance and ethics.
In customer-focused organizations, ethics and compliance go hand-in-hand. When all is said and done, it comes down to protecting customer information and privacy because it’s the right thing to do. When you build a culture around doing the right thing, you avoid unintentionally narrowing your focus to specific compliance requirements — which can foster a checklist mentality, leading to greater long-term vulnerability and higher implementation costs. This means looking beyond the letter of the law to understand the intent (or spirit) of the law. If you’re only looking at a compliance checklist, you miss the opportunity to more broadly reap the benefits of those requirements across your enterprise. There’s a reason regulatory bodies exist, and the more we recognize the intent — that they’re trying to protect and implement best practices across the board — the better chance we have to save the company time, effort and money in the future.
By building a culture and mindset focused on the spirit of compliance and protection throughout the enterprise, you make it everyone’s responsibility to prevent breaches and fraud, not just that of the Compliance or Security departments. Nothing makes me happier than to hear about people in our Operational departments raising questions about data privacy or holding team meetings to talk about the latest threats. That means they understand what they’re doing, are challenging whether something is compliant or not and recognizing how they can make a difference.
Most important, making security and compliance part of the culture and normal day-to-day communications carries through to people’s behaviors in each customer interaction, not just during Fraud Awareness Week or Data Privacy Day. While these events certainly help renew focus and get people’s attention, you need to build a line of defense that’s part of your everyday walk-and-talk: 24 hours a day, seven days a week, 365 days a year.