Although organizations claim to prioritize customer needs, many companies fail to incorporate security into their CX strategies.
As customer expectations and digital threats evolve, organizations should prioritize security in all new and old customer interaction channels. If organizations don't balance security measures with the customer journey, they can hinder CX with time-consuming controls. To balance CX and security, CX leaders can encourage interdepartmental cooperation, develop attacker journey maps, personalize customer identity and access management (CIAM) controls and more.
Why incorporate security into CX?
Organizations must balance security with CX because customers demand both convenience and protection. Additionally, the proliferation of digital channels has led to an increase in cyber attacks, which makes security more important than ever.
People want convenience. The myth that convenience comes at the cost of security has led to a siloed approach to enterprise security. Time-consuming authentication processes can create bad website experiences that turn customers away. Yet, cyber attacks can do more damage to CX than a bad web experience, so many organizations sacrifice smooth CX for security. Instead, they should find a balance between security and the customer journey with seamless, sensible and consistent security measures for critical services and systems.
People want protection. In addition to convenience, customers expect security by design. People want frictionless experiences across authentications, logins and cross-channel interactions without compromising their security. A growing list of privacy laws reflects customer demands for more privacy options -- including the ability to opt out, refuse cookie trackers and request data expungement.
Cyberthreats have increased. As digital channels widen the CX domain, the potential for cyberthreats such as account takeovers, fraud, phishing and ransomware increases. The pandemic also accelerated these trends, as remote work measures prompted organizations to expand their digital channels. Additionally, customers spend far more time online now than before the pandemic, which opens the door for more cyber attacks.
5 steps to integrate security into CX
To integrate security into a CX strategy, organizations should embrace collaboration, personalize security controls, identify attack vectors and more.
1. Start with culture
Organizations should encourage a culture of collaboration between security teams and other departments such as IT, product, customer service and marketing teams. Secure CX requires training across departments, too, because they all play a role.
2. Align security with the customer journey
CX leaders have a clear sense of how different customer segments or personas engage with their organizations. CX teams use research, maps, tables, A/B testing and analytics to determine types of customer personas and their preferences, common paths and touchpoints throughout the customer journey.
Organizations should tailor their security measures to specific personas and specific phases of the customer journey. Just as customers differ in their preferences, in each journey phase they can differ in awareness, pain points and requirements related to security, privacy, data and device governance.
|Journey phase||Questions to ask||Common CIAM functions|
|Awareness||How do different personas manage common digital security actions such as password tracking, registration and mobile authentication?||
As prospects evaluate services, what levels of education and support, such as Q&As and customer service, could create trust?
How can account registration and onboarding engage users around security?
When customers make an account with an organization, how can CX teams enable seamless and secure web experiences?
What types of interfaces, such as account and password settings, can enhance UX and maintain security?
|Service and retention||
Will different personas require different security configurations, such as session lockout duration?
How can touchpoints that promote customer flexibility -- such as logins, portal access, customization and bill payment -- improve security?
What is the plan for when a breach occurs?
What ideas or new policies for security enhancement can organizations use to incentivize customers?
How can organizations design secure account termination processes based on personas?
3. Develop attacker journey maps
As organizations integrate security into CX strategies, they should create attacker journey maps. These offer a view of all potential attack vectors, such as phishing and malware. Attacker journey maps, along with tools like vulnerability scanning software, can help organizations find systems' weak points.
Cybersecurity groups, such as the SANS Institute, offer research and training to help organizations identify areas that need stronger security controls, such as reauthentication, mobile device management and timeout and logout functions.
4. Apply CIAM controls to high-risk areas
If organizations assess weaknesses and security requirements across customer and attacker journeys, they can find where and how to apply CIAM controls. Organizations often start with their most critical attack vectors, then apply CIAM functions such as multifactor authentication, identity proofing and anti-fraud verification to secure vulnerable areas.
Organizations should tailor CIAM functions to specific attack vectors. For instance, to protect against compromised credentials, organizations may implement stricter password policies and two-factor authentication. To prevent encryption weaknesses, on the other hand, organizations can craft policies that enforce encryption in flight and at rest.
5. Define and maintain governance policies
To keep up with evolving security and CX landscapes, organizations need governance, risk management and compliance (GRC). Research, attacker journey maps and CIAM controls can help organizations integrate security into CX, but they aren't one-and-done solutions. Business leaders must repeat and update their security and CX strategies as customer preferences, digital channels and attack vectors evolve. They should also develop metrics for success and engage with partners and stakeholders to share and learn from best practices.
Ultimately, modern CX should not just meet customers where they are, but also protect them where they are.