By Jessica Smith, Senior Vice President, Crypsis Group
When you work in the services industry, it’s natural to become frustrated when clients don’t do the fundamentals that could prevent significant problems down the line. In cybersecurity, we see it frequently—much of our business involves helping clients after they have had a significant cybersecurity incident. It’s possible that a doorway may have been left open for an attacker to enter, and in some cases, we may learn the root cause of the incident and know the issue could have been prevented.
This frustration is common across many services-based businesses: The dentist treating gum disease on patients who neglect regular oral hygiene; the IT firm brought in to fix poorly maintained systems; plumbers called in to do thousands of dollars in repairs when a $100 fix a year ago would have averted the issue; law firms serving clients who made bad choices; auto mechanics repairing high-end vehicles that ran dry of oil.
As experts in our field, we may know the steps that could have/should have been taken, and it can seem on the surface that clients can be their own worst enemies. But it’s important to remember that, no matter how passionate we may be about our business, our clients have many other concerns beyond cybersecurity, or dentistry, or plumbing, etc. What may be our core purpose in life is not theirs—and they have budget and time constraints, knowledge gaps, competing priorities, even personal life challenges we know nothing about. Naturally, we know our field better than they do—that is why they come to us in the first place.
In my field of cybersecurity, victims of breaches are often blamed (very visibly so, as large breaches can impact many thousands of people and end up in the news). As experts, however, we realize what they are up against: even with heavy financial investments, it is nearly impossible to mitigate every risk across the IT landscape, especially given their competing fiscal priorities. They have to make tough choices. In other fields, clients may be similarly challenged or lacking fundamental knowledge to address the basics needed to avert issues, both large and small.
But, even if we know and understand some degree of client neglect may have been the source of their own woes, we must resist judgment and focus instead on helping them and caring about their current problem at hand. When companies come to us, they are often afraid—for their jobs, health, finances, business solvency, etc. What they need from their services professionals is knowledgeable assistance—and a healthy dose of empathy.
Building a Culture of Caring: It Starts from the Top
To be successful in creating a “culture of caring” for clients, it has to be driven from the leadership on down and cultivated throughout the employee base. It must become part of the company DNA, ingrained in how we hire, train, lead, communicates, and reinforced through the company culture. As leaders, we must ensure our employees across the business remember that “blaming” is not a company value, and that caring about people—both clients and coworkers—is. Even if it weren’t a simple human value to demonstrate caring, it certainly is a fiscal one: clients will return to companies that demonstrate compassion and shun those that make them feel judged for the problems for which they seek assistance.
A Step-by-Step Approach
Below are some concrete steps you can take to build a more compassionate culture:
Lead by Example: Be a caring leader. By demonstrating that the company cares about their employees’ overall wellbeing—beyond just their revenue-generating potential—you set an example of how you expect employees to treat each other. This includes soliciting feedback; demonstrating humility (we don’t have all the answers and should be willing to listen to better ideas); understanding that employees have personal lives; getting to know your employees on a personal level.
Hire the Right People: Go beyond the resume to find people that fit your desired culture of caring. Hiring the smartest people won’t yield the best results if they are arrogant, disruptive, or harmful to employee dynamics and service orientation. Don’t be afraid to let the wrong people go if issues cannot be addressed with an adequate investment in coaching.
Empathetic Coaching: Few employees enter the workplace without areas for improvement, and leaders aren’t exempt, either. When you see opportunities for employees to improve in their interactions with clients and employees, guide them on better methods, but do so with empathy (and not punitively). By setting this example even in coaching scenarios, they will get the message of what is expected.
Invest in Your Culture: In my experience, happy employees do, in fact, make happy customers. Focus on building a culture that includes rich offsite experiences not focused on work, volunteering events, a strong total rewards package, and employees from diverse backgrounds. However, having a strong culture has to go beyond the obvious benefits and team building events—it means creating a place where employees feel heard and can safely voice their opinions, ideas, and frustrations, and know that valid input will be acted upon.
Employ Customer Satisfaction Programs: If you haven’t operationalized a Customer Satisfaction feedback program, it is highly recommended to gain feedback directly from clients on their interactions with staff. Share this feedback with all customer-facing personnel regularly, set goals around these areas, and track progress with the whole team.
At the end of the day, services staff are people too. Frustration is understandable, especially when common mistakes with serious, preventable consequences are seen frequently. But it’s important to stay focused on the mission—helping clients and driving revenue. Demonstrating empathy helps accomplish both goals while improving the overall culture of the organization.
About the Author
Jessica Smith is the Senior Vice President of The Crypsis Group. Jessica is a veteran practitioner of digital forensics with an extensive record of involvement in complex civil and criminal cases, Jessica brings her experience and know-how to The Crypsis Group’s client engagements as well as helping direct the daily operations of the firm, focusing on professional service projects that allow Crypsis to continue to scale. She previously was Managing Director of Digital Forensics in Stroz Friedberg’s Washington, DC office, where she was responsible for co-managing the firm’s technical operations in the areas of computer forensics, cybercrime response, and incident handling. Over the course of her career, Jessica has provided expert testimony and performed forensic analysis of digital media in many challenging and high-profile cases. She has evaluated obstructive deletion activity in securities fraud cases, covertly acquired and analyzed media in cases involving theft of intellectual property, and identified and reconstructed deleted, fragmented digital DNA files relevant to a multiple homicide investigation and death penalty trial. A member of the American Academy of Forensic Sciences, she has presented at the group’s Annual Meeting and received its 2008 General Section Achievement Award.Jessica can be reached at our company website https://www.crypsisgroup.com/