Donald Hjelm - Enterprise Transparency

During the past few years, enterprises have been embracing transparency at all levels, from the C-suite down. However, despite taking important and, in some cases, impressive steps forward, many of these enterprises continue to face obstacles.

Why the roadblocks? Many enterprises are still talking about transparency, rather than exercising transparency. What is the difference? Enterprises that talk about transparency are obligated to continuously “push” transparency into their activities, functions, processes and policies -- because they know if they stop, then eventually so does the transparency. This “applied transparency” is the kind that enterprises can rent, but never own.

However, leaders within enterprises that exercise transparency do not feel the need to “force feed” transparency to employees. This is because transparency is embedded within the fabric of their culture. They own it.  As such, they unleash transparency from within to qualitatively and quantitatively improve employee engagement, workflow management, communication and collaboration, customer support and development, program and project governance, and more.  

Rather than confining key information (e.g. organizational goals, performance metrics, resource utilization plans, etc.) to a small circle of executives, transparent enterprises are marked by democratic information sharing. As such, these companies drive participation and engagement at all levels, leveraging 100 percent of their knowledge capital to make better decisions.

Instead of directing employees to perform tasks and then shielding them -- either by design or default -- from the effects of their efforts, transparent enterprises let employees see how their contribution fits the bigger picture. Why? Because they grasp that aligning input with impact is the smartest way to drive employee investment, which is not just the basis for growth: On a competitive landscape where talent is often more valuable the capital, it is critical for survival.

Transparent enterprises do not restrict innovation to the context of product, service or process development. Rather, much like transparency itself, they view innovation organically as well as functionally. To that end, they empower employees at all levels to innovate how the enterprise sells, markets, supports, develops, communicates and generates feedback.

Evolving into a transparent enterprise requires leaders to have knowledge and insight to make the right technology investments. More importantly, leaders must commit to changing their organizational structure from one that is hierarchical and centralized to one that is flatter and more democratic.

While there may be some growing pains associated with this shift, the effort is both worthwhile and necessary. In 2015, transparency is a “must” for an enterprise to achieve participation, alignment and awareness and to succeed as a democratic, forward-looking company.

Donald Hjelm - Bot Visits

A recent study found that not only do the number of bots (automated applications that crawl and scan websites) on the Internet outnumber human visitors, but smaller websites actually receive a disproportionately higher percentage of automated bot visitors -- up to 80 percent of all traffic on sites with fewer than 1,000 visitors a day. Malicious bots probe sites for vulnerabilities, effectively automating web hacking.

The rise of automation has broadened the scope of attacks, making small businesses just as vulnerable as Home Depot or Target. Today, all online businesses are at risk. You don’t have to be a Fortune 500 company to protect your business and customers from malfeasance. The following are simple measures any business owner can take to thwart attacks and prevent breach.

 Mind the gaps

Vulnerabilities are just that: exploitable weaknesses that allow attackers to penetrate systems. Fortunately, many of these vulnerabilities are well known and easy to patch. Specifically, there are two vulnerabilities all e-commerce business owners should be aware of: SQL and Cross Site Scripting (XXS).

Many sites, based on how their e-commerce application was built, are vulnerable to SQL injection attacks. Criminals probe web applications with SQL queries to try to extract information from the e-commerce database.

Cross Site Scripting attacks can occur when applications take untrusted data from users and send it to web browsers without properly validating or “treating” that data to ensure it isn’t malicious. XSS can be used to take over user accounts, change website content or redirect visitors to malicious websites without their knowledge.

Because attacks on these vulnerabilities are directed at web application, a web application firewall (WAF) very effective in preventing them.

 Denial of service

Some criminals are taking a brute force approach and flooding websites with traffic to take them offline -- called a distributed denial of service (DDoS) attack. For e-commerce sites, a DDoS attack has a direct impact on revenue. A single DDoS can cost more than $400,000, with some sources reporting costs of up to $40,000 per hour. With attacks ranging from mere hours to several days, no business can afford the risk of a DDoS attack.

Often times these attacks are accompanied by a ransom note demanding funds to stop the DDoS attack; other times the attack is merely a smokescreen, giving hackers time to probe the site for vulnerabilities.

In either case, rather than fall prey to extortionists, e-commerce sites should enlist DDoS protection to detect and mitigate the attack before it impacts their bottom line. DDoS protection is often available from hosting providers, so small businesses can ask their website hoster for options.

 Two-factor authentication

Stolen or compromised user credentials are a common cause of breaches. eBay reported that cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. Criminals use social engineering, phishing, malware and other means to guess or capture usernames and passwords. In other cases, attackers target administrators, whom they discover on social networks, using spear phishing attacks to obtain sensitive data.

Stopping this problem is as simple as implementing two-factor authentication. This second factor is usually a code generated via an app or received via text on a phone owned by the user. Two-factor authentication has been around for a while, but just as better smartphone cameras opened up a whole new market of photo editing and sharing applications, so too has the escalation in breaches increased the number of options for two-factor authentication.

Today, there are a number of great two-factor authentication solutions that are both easier to use and very effective at keeping hackers out. Many are free, including Google Authenticator, and are packaged as handy apps on smartphones. With the increasing risk of breach, it’s more important than ever that any application dealing with customer data be protected by two-factor authentication.

 Scan your site

Web scanners are an important tool for detecting the SQL injection vulnerabilities and XSS mentioned above, as well as a host of other vulnerabilities. Information from these scanners can be used to assess the security posture of an e-commerce website, providing insights for engineers on how to remediate vulnerabilities at the code level or tune a WAF to protect against the specific vulnerabilities.

However, in order to be effective, businesses need to use them regularly. It’s important to subscribe to a service that scans on a periodic basis -- not every three years.

 Know your vendors

Third party providers -- hosters, payment processors, call centers, shredders -- have a significant impact on breach likelihood and scope. You wouldn’t trust your money to a bank without rigorous, proven security measures in place. Nor should you trust a software vendor without security practices in place.

When seeking new providers, make sure they're compliant with security best practices like the Payment Card Industry’s Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Don’t be intimidated to ask cloud software vendors how they’re managing security and what certifications they have. If they have none, you should think twice about working with them.

Don’t overlook this. No matter how good the product, if the software introduces risk to your business, it’s not worth it.

Today the risk of data breach is greater than ever, for large and small businesses alike. But security does not have to be complicated. By using the right tools, partnering with the right vendors and implementing safeguards, online businesses can reduce risk.

UX Transitioning to CX

User experience (UX) is a mature enough discipline that most medium-to-large companies invest in it as a valuable in-house capability. But the emerging field of customer experience (CX) is still new enough that most companies are grappling with how to develop the organizational capability to deliver it well.

The problem is that while there is a growing urgency about making good customer experience everyone’s responsibility, nobody actually has the responsibility to do that.

Improving CX capability, then, is important, and it requires two big changes. The first is a move into service design. The second, harder, change is governance at a high-enough level in the organization to manage this move well. Customer experience depends on people from many areas of a company who are typically siloed off from one other.

We see a number of traditional UX consultancies positioning their work to incorporate CX. But is this just a renaming, or the evolution of UX, or is there more to this transition? Many of the essential practices of UX work can support the development of great, holistic customer experiences, but the methods and approaches to frame the objectives here differ substantially between the two fields.

UX designers are well equipped for CX work

Both fields practice human-centered design. Both seek to understand people deeply, to develop insights about the ideal-use cases and to describe the experience of the user (as opposed to the functioning of the system).

Almost inevitably, there will be digital interfaces as essential parts of a service system. These may be self-service tools for customers, software for frontline employees or an underlying platform that serves both customers and staff. There are few service experiences these days that don’t rely on good UX work. So, it makes sense that the line that divides the two disciplines is blurry.

That's reason enough for this new field of CX to be full of UX practitioners. Afterall, we UX people have most of the necessary skills.

But not all.

The difference is one of scale. You’re not designing a thing. You’re trying to design what happens as a result of many things you directly designed, which is very different from UX. UX is bound technically by a clear and limited use case: It always involves someone interacting with a device.

Service experiences, however, are broad and ephemeral. They happen in time, and might involve the design of spaces as well as spontaneous interactions between people. UX work is often focused on optimizing something that has already been defined, not necessarily generating something new.

Unlearning some UX practices 

The biggest change for me personally in making this transition has been in the approach to quality. The definition of a great service depends on whether it is an open or closed system. Most digital systems are closed. Software should work the same every time. For software, improving quality means fewer deviations from how things should be.

But for open-service systems, standardization can set the bar for quality at only a mediocre level. A standard for consistency defines the floor, the lowest level of acceptable service. To deliver great service, people need to be themselves, and represent their organization with good judgment and real agency. That will inevitably be delivered with a lot of variability.

Designing for unanticipated-use cases, then, is the unique challenge of CX work.

Some unlearning is just the recognition of your frame of reference: Starting from the vantage point of digital experiences can cause us to predetermine the solution. This is the old “When you’re holding a hammer everything looks like a nail” problem. Beware of bias toward what we do well. Many UX firms make great software, but CX solutions are likely bigger than that.

New methods and priorities

An early prototype of a total customer experience is a bold act of make-believe. Designers play the part of front-line or call-center employees, to deliver the entire service and test it. Customers should judge the customer service portrayed as though it were a real thing in the world. 

The goal is to have the most polished-seeming presentation of the service to customers with the most jerry-rigged, expedient hacks running the back-of-house.

Prototypes are enacted performances. They teach us how to prepare for contingencies and show us a range of scenarios, so we are ready for the new ones. They help us outline formal training, as well as design the “stuff” that helps us be ourselves in character. This is the stuff that in a theater would be production design and costumes, designed as much for the actors as for the audience.

Designing social interactions. You know, among people.

In doing CX, we also need to understand more broadly the nature of “jobs to be done” in the system, and assign them optimally, between people and technology. Everyone is familiar with a UX experience where they just want to deal with a person, but increasingly our dealings with people feel like bad human-computer interactions.

For example, if the person at the call center must obey a decision tree and follow a script with no personal discretion, then his or her humanity is wasted; it’s not an asset. 

Better data is crucial to this process. The sharing of data is what companies want, so they will make fewer mistaken assumptions about you. Communications in this digital age are not as personalized as we had hoped they would be by now; they're just targeted, in precise and arbitrary ways. Not personal at all.

But service is nothing if not personal. It’s not the same thing as digital self-service. The question for a purely digital designer is, “How can I leverage this device to create the best overall experience for my customer?”

In CX, in contrast, the question is, “What can we do to build the best possible relationship between customers and our company?”