End Users: IT’s Biggest Barrier to Good Customer Service
Posted by Ioana Bazavan Justus on April 22, 2009 · 2 Comments 
Print This Post
by Ioana Justus
Ask any security professional what the biggest danger is to their organization’s security, and they’ll all say the same thing: end users. Some may be shocked at that answer, others will laugh ruefully, but it’s true. All it takes is one well-intended but computer illiterate person to bring any number of security controls to their knees. And of course, getting the word out – getting users to do the right things (and not do the wrong things) – is one of the biggest challenges that organizations face today.
Well, it turns out that the biggest problem that IT has in delivering good customer service is also, yes, the end user. I can’t tell you how many times I’ve gotten phone calls from desperate customers, which began with, “I’m not IT.” Yes, I know you’re not IT. It’s OK.
For me this situation has generally been nothing more than amusing, sometimes mildly annoying. But then I started talking to others in IT, and I discovered shock, disgust, and rage. “I can’t BELIEVE they don’t get it!!!” “How can they NOT get it?!?!?!” “Why won’t they learn????”
My responses to this may be surprising:
“I can’t believe they don’t get it” – get over it. They don’t get it. Being shocked and spending cycles on it won’t change this.
“How can they NOT get it?”/”Why won’t they learn?” – it depends. Some have never been taught. Others may have tried to learn, but had a bad teacher. Unfortunately, some genuinely don’t care. Either way, it doesn’t matter – at least not initially.
Here’s the deal: when a customer comes and asks for IT help, they’re coming into your house. You shouldn’t expect them to know any more about IT than you know about corporate law or advertising. Remind yourself that they’re not inherently stupid or difficult – they just have a different area of expertise. If an end-user makes a point of telling you “I’m not IT” what they’re really saying is one of the following;
I don’t think I’m smart enough to understand this.
I’m scared of this because in the past someone in IT talked down to me and made me feel stupid.
I don’t have time to understand this.
It’s not my job to understand this.
I don’t want to understand this.
Unfortunately, their fear or previous bad experiences will often manifest themselves as impatience and rudeness. But getting upset by their lack of understanding or bad attitude sets you up for failure. It ensures that you will be condescending or impatient, which will result in a bad experience for both of you and have repercussions beyond that one encounter: you will be more grumpy with the next customer, the customer may complain to your boss, and the customer will become even more entrenched in, “I’m not IT.” Ultimately, it’s your own heart attack in the making, and it doesn’t do anyone any good.
So start by patiently assisting the customer with the issue at hand. Use terms they will understand, lead them through it, and help them gain the confidence that it’s not that hard. Make it a positive experience for them. Not only will it make both of your days better, but you will have built a relationship of trust, making it more likely that this individual will seek out your assistance in the future and listen to what you have to say. They will also feel more comfortable sharing their needs and fears with you, which sets you up for addressing the bigger problem: why they don’t learn.
At the end of the day, operating a computer is a lot like driving a car – you need to know which pedals to push, and what the warning lights on the dashboard mean. You also need to know the rules of the road. But you don’t need to know how to change your own oil or fix the engine.
If end users could learn some basic computer literacy skills – like drivers need to learn the basic operation of a car – it would make serving their needs a lot easier. Unfortunately, no one requires a license to operate a computer. This is where that positive relationship comes in: it gives you the opportunity to start probing into why the customer doesn’t have the basic skills. If they’re scared or don’t think they can do it, help them learn – even if it takes a little extra time. If they think they don’t have time, help them understand how learning will save them time in the future. If they think it’s not their job, help them understand how basic computer literacy will make their job easier.
If they simply don’t care, then don’t worry about it. As they say, you can take a horse to water-and make sure the water is clean, and even shove its nose into the trough-but you can’t make it drink. If you provide the best service you can, and win over many other customers by making their job and yours easier, no one is going to fault you for those few that just don’t want to participate.
Ioana Bazavan Justus has been an InfoSec professional since 1998. She began her career working for Accenture, where she had the opportunity to build security organizations, conduct risk assessments, write and implement policies, establish identity management practices, and design a privacy and compliance offering for companies and organizations such as Microsoft, Pacific Life, Visa, California county governments, the US Air Force, and Accenture itself, as well as for several start-ups. Ioana moved to Safeway in 2004, where she built a world-class access services organization and helped to implement an enterprise identity management suite. Ioana is the co-author of Information Security Cost Management, has spoken at RSA, and has been quoted in numerous media publications.
Ioana,
Great article. I really enjoyed it. It makes you step back and think about how you can approach end user.
Your point about having a ‘license to operate a computer’ is an interesting one. We have joked in our circle about how companies used to have typing tests for staff assistants when they applied for a job. We wondered what would be wrong with a general/basic computer skills test for possible users. Do other companies do this or just go on the blind faith that all applicants have basic computer skills?
Perhaps it is just in the Education realm, but we have another category of ‘Why won’t they learn’. Some users tend to think that IT is here to serve them. To a point we are, to keep computers/servers/printers/etc running and functional. However, some think that if anything has to do with the computer, then we should be the ones taking care of it. As an extreme example, that IT should be responsible for ordering paper, since paper goes into a printer, and a printer can be hooked to a computer, so it is up to IT to order it. This is most likely a management problem or possibly even falls into a ‘don’t care’ category, but it is something we have to deal with.
Great article Ioana!
Ed
I enjoyed this article!
It’s interesting that a lot of what you say in the article is also a groundwork for an argument *against* user education in security. Yes, we should make some effort to educate, but in the end it’s not their job, they don’t care, or they don’t have the skills to necessarily operate at a high level of security as we’d like.
I mean, that’s why security/IT people are paid to do it.
Maybe one difference between IT and security questions from end users is that security questions often don’t get asked at all. Rather than ask for clarification, they may do what they want even if it is in violation of a policy. With many IT questions, they ask IT because they’re stuck, stopped, or fully impeded.