Sunday, May 23, 2021

Scores for Customer Happiness

The culture is to delivering happiness to customers, but how to evaluate this? From support and marketing perspective, there are three major types of customer surveys (CSAT, CES and NPS) to help executives to make decisions.

Customer Satisfaction Score (CSAT) is the most straightforward of the customer satisfaction survey methodologies, and it measures customer satisfaction with a business, purchase, or interaction. It's calculated by asking a question, such as "How satisfied were you with your experience?"

A CSAT score of 80% is a good indicator of success, although it will vary by industry. Customer Satisfaction surveys are not designed to give you a comprehensive view of customer perception, but they're very helpful for pinpointing issues, especially if you use CSAT scores to grade different parts of your business.

Customer Effort Score (CES) is a single-item metric that measures how much effort a customer has to exert to get an issue resolved, a request fulfilled, a product purchased/returned or a question answered.

There's no definitive industry standard for customer effort score. However, customer effort score is recorded on a numeric scale, so a higher score would represent a better user experience. For a standard seven-point scale, responses of five or higher would be considered good scores.

Net Promoter Score (NPS) is a widely used market research metric that typically takes the form of a single survey question asking respondents to rate the likelihood that they would recommend a company, product, or a service to a friend or colleague.

NPS measures the loyalty of customers to a company. NPS scores are measured with a single question survey and reported with a number from -100 to +100, a higher score is desirable. Based on the global NPS standards however, any score above 0 would be considered "good", with 50 and above classified as excellent, and 70 or higher as world class. In other words, any score above 0 will be considered a good score. The NPS survery is to find if customers are Promoters (9-10), Passives (7-8), or Detractors (0-6). No company has yet to score an NPS of 100.

Saturday, May 15, 2021

Security awareness training notes

The following is the terminologies related to security risk from social engineering.

  • Social engineering: the art of manipulating, influencing, or deceiving you into taking some action or divulging confidential information.
  • Phishing: Acquire sensitive information such as usernames and passwords
  • Spear phishing: specific phishing target using soical media, personalized message
  • Vishing: voice phishing, using scam recorded message
  • Smishing: phish you using text messages
  • Pretexting: the practice of presenting oneself as someone else in order to obtain private information
  • Tailgating: trying to gain unauthorized access to physical locations
  • Ransomware: malicious software that will allow a hacker to deny access to all of files or network until a ransom is paid.
  • Spyware: installed software to spy and collect data
    Bot: act as malicious software, running in background, usually causing system slow or crash
  • Malicious app: link/attachment to install bad app on mobile phones

Three things to remember

  • Stop, look, and think before take proper actions
  • Don't open links or attachment in suspicious emails
  • Don't use public wifi

Email sender authentication

Speaking of authentication in an email delivery, usually we will talk about SPF, DKIM and DMARC. Put aside these fancy acronyms, authentication is basically to prove the sender is the legit sender and the email is not tampered in transit.

SPF (Sender Policy Framework) verifies the email is coming from an authorized server. An SPF record is a DNS TXT record specifying which IPs or servers are allowed to send email from that domain.

DKIM (DomainKeys Identified Mail) proves the email has not been changed in transit and the sender owns the DKIM domain. DKIM is also a TXT record signature that builds trust between the sender and the receiver.

DMARC (Domain-Based Message Authentication Reporting and Conformance) is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner "from" domain. In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned. Gmail and Microsoft adopt DMARC into their filtering methods for None, Quarantine, or Reject policies.