Cyber-security perspectives on customer service policy


Richard Gerson once said that to provide great customer service you must employ great people. Great people perfect their acts through continuous training and practice. To be able to understand your customers, meet their needs and go that extra mile to make them happy, you need data. Data about who they are, their stature, lifestyle and expectations. You also need to incorporate their feedback into the products or solutions you offer to “wow” them.

Crime has existed since the beginning of time. People find crafty ways of duping others for their own good. This can be in the form of someone entering your premise with a weapon and robbing you of something valuable or swindling you by false pretense. Crime is also mostly associated with data.  The more the data you have about your potential victims, the better prepared you are to launch an assault on them.

In modern times, technology has offered people an easy way to modify their lifestyles. We live, eat and breath technology; this we call innovation. People will call their friends to say hello instead of visiting them in their homes, send money through an app instead of walking to the bank, order food, material items etc. using technology.

Criminals have also identified this great potential within the technology chain and have moved their business in that direction.    Cyber is anything electronic or digital, from your baby monitor, to your surveillance systems, your cars, your phone and your computers. Any form of electronics is within Cyber-space. Data is the essential commodity we keep within Cyber-space: data about ourselves, our families, work, social and financial behaviors. Over time, when aggregated, these bits of data produce meaningful information with overwhelming benefits to customer service and cyber-crime alike.

Cyber-crime can be said to be any crime committed by means of a computer system or through the computer network. If criminals can manipulate any of the significant values within the security ecosystem (the people, the process or the technology) to outsmart their victims, they will. These criminals work in groups and sometimes are financed by state agencies to use any means necessary to obtain the information they need to outwit their victims. Out of the three significant values stated above, the human factor is the weakest link to attack, and innovations in the technology space have made this very easy.

To provide a service, someone visits a website of the victim, harvests information about personnel of the organization and cross checks on LinkedIn to learn more about the victim’s professional life. If the victim is on Facebook, the predator studies the victim’s social behavior and sends the latter a friend request if the victim meets the criminal’s objectives.   Because of the information harvested, the stranger fits perfectly into the victim’s friends list and a trust relationship begins.

The victim starts sharing ordinary data back and forth and then sensitive information. Before the victim is aware he or she may have broken the bank. The interesting thing in this scenario is that the victim may have never seen this predator.  The latter might claim to be providing a service for this customer, whether as an individual or organization in the customer service industry, but might in fact be a potential cyber-criminal. Although both predator and customer service provider may be looking for the same data, one’s purpose is to steal from prey, while the other’s aim is to offer exceptional customer service.   In this scenario, data provides great competitive advantage on both sides of the divide.

Now let us explore the kinds of data we have. We have Personal Data: this, the Data Protection Act 843 defines as data about you (the data subject). This data includes information such as your name, phone number and where you live.

The Act also defines Special Personal Data as any data relating to a child who is under parental control, sexual lifestyle, criminal record, religious affiliation and beliefs, race and health records

Then we have Sensitive data: this is any data which if acquired wrongfully would cause reputational damage, or bring an end to a business. Depending on the industry it may include trade secrets, legal contracts, secret recipes, or data acquired through some confidential agreement.

There are rules governing the holding and processing of personal or special data. To begin with, an entity needs to be registered with the Data Protection Commission if it collects personal data. If the entity fails to provide the necessary protection for the data it holds, it will be in breach of the nation’s laws.

Therefore, if an entity does not have a reason to hold someone else’s personal or special data, don’t hold it, or hold minimum data about customers that will assist you to do your work, or outsource the risk. However, if the entity really needs to hold this data, it must protect this data with all the controls it can muster.  This is my first cyber-security perspective on customer service policy.    For the second perspective, a wise mother once said that when you prepare for the worst, nothing beats you down; you can only excel. Cyber-criminals are savvy and daring.

The best defense against them is being vigilant and getting cyber educated. Yet sometimes you will get beaten. So, it’s not a matter of how, but when. You need to have a plan to ensure that even when your head is under water you can breathe fine.   A great customer service must extend to your customer’s data. This is why you need to have a mitigation plan.

This is achieved by:

  • Identifying and classifying data of your business, including that of the customer,
  • Analyzing how this data is being handled and installing controls to mitigate against crime • Performing a risk assessment to identify what can go wrong and how to deal with it.
  • Then form a team consisting of personnel from public relations, legal affairs, operations and technology to develop a working mitigation plan.

This team must work in tandem when dealing with a cyber breach.  Start-ups that do not have the luxury of PR, legal aid, etc. still need to plan and identify their risks. They must have external consultants on call to assist them circumvent the risks of cyber-crime.  As you plan your customer service policy, ensure that you include customer data protection.  Your customers as well as national authorities will be pleased to know you did your homework before the lions came in and may look favorably on you for at least having a working plan for mitigating Cyber-security breaches.

In conclusion, I must emphasize that data is the new currency that can make or break your business. To enjoy its fruits,

  • categorize the data you hold and protect it as much as possible,
  • perform a security risk assessment of your people, your processes and the technology you employ,
  • have a working backup plan for your data and an actual working backup as well, • think before you volunteer data unto the internet and, • seek advice from professionals in the industry to ensure you are home and dry.

The points above offer an appropriate way to balance providing excellent customer service with securing your customer data.



The author is the team lead for IT security and planning at the University of Ghana; an information security consultant who is passionate about building capacity and improving organizational culture in information security. His professional experiences span information security management and implementation, IT governance projects and risk management, and he has a keen interest in building security awareness programs for organizations.

You can reach him via the following channels: Email: [email protected] LinkedIn: Twitter:    @niibenjie Skype:       niibenjie Cell:          +233 24 873 9393

Leave a Reply