Virtru’s Senior Director of Customer Support, Alex Litoff, sits down with Senior Director, Solutions Engineer, Trevor Foskett, to walk through a “day in the life” of a high-performing support team, including the complex challenges his team experiences every day, handling vast amounts of sensitive information to deliver exceptional customer service, and ultimately building customer trust. Data security and privacy are not just best practices; they are necessary to ensure customer satisfaction and retention. This episode sheds light on the critical role of support teams, the risks they face when handling sensitive data, and the importance of empowering them with efficient tools for data security and efficiency.
Tune in with a cup of coffee (free, on Virtru!) to gain valuable insights into the world of customer support and how to enhance data security while providing outstanding service.
Read transcript
Hide transcript
Hey, everybody.
Welcome to the latest installment of virtually's hash it out series. These are informal chats that we have covering kind of the latest topics and, you know, things of interest for us in the industry, where we kinda give our thoughts, and then we we share them. And so today, you're joined by of course myself, Robert Foskett. I am the senior director of solutions engineering.
You're a virtue, and I'm joined by my colleague, Alex Litoff, who is our senior director. Customer support, aptly because today's, session is titled, Lou Fast. Stay secure, efficient security for high performing support teams. So we're gonna dive into, what all that means. So, Alex, thanks for being here today.
I guess I'll start by saying, you know, I I think in our world, we tend to think about technology stacks that a lot of organizations have, and we think that the person who we wanna talk to about that is is the IT administrator, or maybe it's a security admin. But as the leader of of our support function, you kinda have your own technology stack that you work off of and and kinda manage yourself. So to start, can you tell me a little about the tools that you and your team are using on a day to day basis? And maybe how they're a little bit different than what the rest of us in the organization are using?
Yeah. Absolutely. And, I'm first off excited to be here long time, was in her first time to call her. And so I'd be excited to dig in with Yigar, Trevor.
You know, I I think that's a great place to start because the reality is is There's some nuances of running the support team, and one of them is they live and breathe in a ticketing system. And so for us, that Zendesk sales since the desk are two of the more popular ones, whether it's customer or some other type of tool. I mean, that's where they live and breathe. Then We wanna keep the teams in there as much as possible in any other app or system we're using. We want it as tightly integrated possible.
Because when you start talking about hundreds, thousands, tens of thousands of tickets, you know, every click starts to head up over the course of days, week months, years, And so, you know, there's other tools in the mix. We got a billing system. Salesforce is our CRM, but as much of that, it's possible we'd want integrated into, you know, into our system. There's also a back end, but the tee teams support teams live and breathe out of that ticketing system.
I mean, I can email my team and they won't see it for days. But if I put it in as a ticket, they'll see it in two minutes. And that that's just a reality of rice. Gotta go into that queue.
Things have to be lightly aggregated there.
Yeah. I mean, one thing you mentioned there is that number of clicks adds up over you know, time. And once you get into these high volume ticketing system, one thing that we hear a lot is, you know, that's how these people are measured on the performance of their job is, you know, ability to close it in a timely manner. And so anytime you're asking them to go somewhere else, that's, you know, not just annoying. And they have to be quick more, but it could have even a potential ramifications for how they you know, look to their manager, come come, you know, QBR time.
Makes a ton of sense. So, it sounds like adventure, you know, you mentioned we're using Zendesk. Any other tools that you guys have, sort of, in that in that environment, things that you've integrated into them or is it all sort of purely run straight through Zendesk, natively, if you will? Yeah. That's a great question. And Peter, what I said before is, unfortunately, reality is part of it's aspirational. Not everything is tightly integrated.
You know, for us, I think there's couple of really important pieces, you know, when we got a Salesforce integration, so we can see customer data, right, in the tickets, Then we also have our, virtue of secure share app. So when we are handling sensitive information, sending user lists, Hmat tokens or unique identifiers, we can quickly use that to share files, share that sensitive information, securely with virtual for writing Zendesk.
And so, you know, those are some of the types of things we're doing. The one piece for us that isn't integrated. Some of our like, our homegrown back end applications we use to, like, you know, check the database to make sure stuff's not out of whack there or view or user actions or streams, that's just the one piece that for security reasons and technical reasons isn't gonna be very good, but for us, We tried really hard to get everything else in there and, you know, with security in mind, obviously, it's got a privacy and security.
Yeah. I mean, you you bring up an interesting point because I think a lot of people, when they think of, you know, your customer support work, well, you're not really thinking, is this some that needs additional security or their privacy implications, but you just mentioned a a few right there where you guys are, you know, talking back and forth with customers and and sharing sensitive details about their accounts and their configurations. And, obviously, the configuration of of a data centric security tool like virtual that they're using is is in itself sensitive, right, because of or their security posture, API keys, HMac tokens you mentioned.
And we hear there's a lot from health care organizations too that that may be running a lot of their patient outreach through a a platform like Zendesk, even though it's not directly support. It is designed for communicating with people who are outside your organization in in a an organized fashion. And so we hear you. People just will send us their Social Security number or the list of symptoms they're having or we need to share with them, you know, their their report details, And if we have to go outside of our environment, that introduces one extra extra clicks, extra time like you said, and two, Anytime we're sort of deviating from our established workflow means we're kind of coming up with something else on the fly, which you know, the security admins are thinking, oh, god. What what are they doing when they're doing, you know, something other than what they're supposed to do?
He tell me a little bit about, you know, what your process before some of those direct integrations were that you mentioned, you know, you said we have some of our virtuous tools kinda baked at the end of these days, but what did you guys have to do before that? How did you handle if you needed to send, say, a user list or, you know, an account configuration to someone, and we didn't have any sort of direct integration environment? What does that look like? Yeah.
That's a another good question. And, you know, I mean, for me, even pre virtue, I mean, this stuff wasn't on my radar wanting to look like. We just did it right in in Zendesk or whatever our support tool was. Right?
I came out of the that marketing space. I went then when I came here, you know, security went from something I had to, you know, pay it with occasionally to Oh, wow. I really have to get this right. This is and, oh, wow.
This is important. I've been a little naive earlier in my career.
And so, you know, for us, what previously happened is, like, we had reps going to their individual inboxes and then, you know, using our virtual email plugin to toggle that on and mail the user list, but I think, you know, as you just mentioned, that, a, ads, clicks, b, gets them out of the tool, and then they've got a thread outside of our ticketing system, where now that customer can come back to that rep individually and one of their reps on vacation, but if they don't work here, what if a different team needs it, it's, you know, now they're emailing a rep's inbox and all the checks and balances we have built into our support you, all the automation, all the things designed to make sure that customer, that's a good experience. Or now, we can't apply those. And so it it really ties into that year switching and, you know, providing a good experience customers.
And for us, you know, we had to find ways to stay secure just because of the company we are. But in other places, it's like, it's a little scarier. People are just sending it in the clear or, you know, sharing the information without any protection or controls. And it it's gotta leave them open to, you know, potential fines or, you know, could lead to data getting in the wrong people's hands. And, you know, fortunately, reality is support's already viewed by a lot of leaders on all as as a cost center. And I don't believe it's a cost center, but because it doesn't directly own revenue, it's looked at that. And when you add this additional risk factor on top of that, I think it's enough to keep support leaders up at night of, you know, I'm already viewed as a cost, and now I've got, you know, potentially stuff being sent in the clear or things that could violate certain regulations, like, that's scary.
Yeah. I mean, you you mentioned one thing there that I thought was really I mean, it was all all interesting. Of course. But one thing that really, you know, really I I kinda picked up on was, I think it was interesting to me because of the fact that you know, we have a couple of integrations into Zendesk at Vircher that we obviously sell and provide to our our customers.
And in in my capacity, given that they're new, I'm typically talking to people who already have virtual elsewhere in their environment in some capacity. And so you mentioned you know, one of the options is let's go into our personal Gmail and send via virtual there because we have that integration. That's what I hear a lot is what we have this process that kinda works, but it's it's slower. We'd like to make it better and have it more centrally located within our our ticketing system.
But the other one you mentioned, and I think given that this is a newer sort of product for us, one that I haven't engaged with much yet is that person who just says, we don't have a process. And we don't have a we don't have a process that we'd like to make better. We just don't have one at all. And I think, you know, that's really important to think about is if you you don't have any sort of established process now, what are your agents sharing? I mean, what industry are you in, what lines is that you deal with, could any of the things that get, you know, incorporated into supporting your customers, whether it be logs or financial statements or a past reset any of these things, do we have a process in place for it other than just send it via email? I hope it's okay.
If so, maybe, as you said, I mean, that should be keeping you up at night. And and if you don't wanna be up at night, maybe think about what what else we can apply, then maybe change that up and and conserve shore up that security That's really interesting. And Go ahead. Yeah, man.
If, you know, just to kinda build on that, the way I think about it and if you are listening you're you're starting where I I think there's a couple items to to take into account. You know, number one is what do my reps and, you know, particularly of different types of reps? What do they need access to? I think there's this temptation too to just give people access to things.
And so, you don't give me an example. Like, for us, does a third party contractor need to be need access to go in it and update accounts in our data Well, that's probably not the most secure thing to give someone halfway around the world when we're subject to all these regulations and all this stuff. And that person's likely handling some lower level stuff. Why do they need the most advanced, sophisticated access?
Why don't you reserve that for tenure reps and managers? Right? They can go take those you know, does the super technical person who's only dealing with certain things on a product they really need access to all the ability data and credit card info on customers. And so, segmenting your team and the access tools and provisioning in a way that makes sense and aligns with need.
It's just a simple way to create a process that eliminates risk. And it starts before you'd be communicating. Right? It's just a question of does this person need access to this?
And if not, then giving it to them is only a risk and not a positive. And so that's number one. And number two, you know, because that's upstream of what we're talking about, which is actually sending the information, actually getting it to the cost of her. And then from there, it's about thinking about what's the right tool to do this securely?
And we we've talked a lot about having to tightly integrate it with Zendesk. That that's important, obviously. But You mentioned an example earlier of a health care company. If I didn't work at VIRTrew and I worked at a health care company and ninety percent of our tickets or about test results.
I may not even try to embed the security in Zendesk. I might get, like, a virtual gateway or some other similar tool that's just encrypting things going in and out of my environment. Rather than embedding something they need, because I know ninety percent of my tickets are, like, HIPAA or, you know, due to regulation, that's gonna be considered sensitive. So Why am I making my reps worry about this at all?
Why don't I just blanket protect things? Versus for us, we try not handle more sensitive info than we need to. So that's where, like, ours are in thing we were talking about earlier are integrated Zendesk connector and application come in because it lets us be a little more pointed. Okay.
I need to share the security user list, but the rest of the conversation, they're really not really in PII or super sensitive, you know, data being shared. Right? So it's about finding that right tool and, you know, what, you know, do I have reps have access to the right thing and then, you know, how often are they dealing with sensitive information and what's the right tool for that? Is it blanket solution?
Is it something more pointed? And when you take those cookies and then combine combine those with just the regular security training and security awareness, back where I think support leaders, like, maybe start with you a lot more confident in Ricklecan and Rick profiles, but been lowered significantly.
Sure. It I mean, it's how it sounds like there's, a lot of things you're kinda juggling here. Some of it is some of it is a tooling.
Some of it is tooling, obviously, and, you know, selfishly, virtue has and things that that that we can help with. We have our gateway. We have our secure share integration for, you know, sharing files sensibly inbound and outbound.
But as with all, you know, whether it's compliance or civil security officers, that's not just going to make you.
Done. Right. There's other things to think about there, configurations within your ticketing platform that will, you know, determine who gets access what ticket in the first place. If it's a billing question, it should go to this, you know, not go to that team.
You know, we're gonna give you access to to the back end systems to get those API keys, well, if you're the billing admin, probably not, you don't need them. And so I think, you know, as you kinda laid out, there's a lot of things to think about. If you're if you're not thinking about them already, I would imagine most support leader, probably about a lot of this stuff, maybe not all of it. Is there is this whole sort of ecosystem going on almost in parallel or tangential to what those IT and security leaders are typically thinking about, which is all of our kind of business users who are in Office three sixty five or who are are in Google Workspace or in, you know, our AWS instance, whatever it is, but that sort of customer support world is where, you know, you probably have most of your sort of communications going on with your customer, basically outside of that corporate environment. So there's obviously a lot to think about there.
And, you know, I see the hairs turning gray on your head as with beak Alex. I know you're thinking about it all the time.
But you're doing a great job.
I I think, you know, that this is covered a lot here. I I guess, you know, is maybe a final note, I would say If you're someone who's who's listening to this, and thanks, man, I'm not thinking about any of this.
What's your advice to that person who who wants to maybe start thinking about this? It's a lot to kind of get on your plate at once. So what would be your your serve entry point? To that journey. If you're day one, you've just joined merger, you're in charge of support, and they're not doing anything right.
What's what's your first step there? Yeah. I mean, listen. The fundamental level, our job is speed, right, and the balance of those two, to deliver good customer experience.
So everything starts there. And when you talk about, you know, okay. People aren't thinking about this security piece, you know, but it's a little bit of of what I think of as cable stakes. You have to do it well enough to kinda play the game or check the box.
Where I'd start with this, just brush up a little bit on, you know, the industry you are in and any regulations that apply to it from a data security standpoint. If you have an IT team, a CTO, or, you know, particularly a security team, they'll likely know this stuff and you can go and that's where it starts. That's gonna be the least, like, we talk about health care, you know. Okay.
So we know HIPAA is gonna apply and there's certain things we have to do. Okay, we're a financial organization and these regulations apply to us or dogs, you know, versus, I mean, Netflix and, you know, about All I might have is that, you know, credit card info, but not much else in passwords, not much else is really that sensitive we're dealing with. Does it really, you know, Well, you know, I, you know, I don't I don't want any live to find out how much, you know, late night cooking shows I'm watching on Netflix Locks. I wouldn't say Yeah.
No sensitive data, but it's a little bit more based around that.
You're binging habits, I would say.
Exactly. But in Cipindoa, things they'll see them which reality TV I watch. But anyway, you know, it in each of those scenarios, like we talked about earlier, finding the right tool for the job, finding that, you know, least common, sure, denominator. That's where it's gonna start, you know, in some of those scenarios like the HIPAA one where I'm delivering all those test results.
Yeah. I probably need a blanket solution. I probably need security baked into my ticketing tool. I need some additional stuff to make sure it's encrypted as it goes to customers end to end because that part or letter of the law, whereas if I'm, you know, in a different scenario, that may be a little less relevant.
So it starts by just really understanding what lies to you, what doesn't a basic high level. And from there, then it comes into what we talked about earlier.
Who needs access to what? What's the right tool for that job and then layering on the ongoing? Security and awareness training that we all, as any employee, need to need to be taking and doing. And and, hopefully, that part's led by someone else.
So that that part's not on port leaders. Right? And it's really just about, okay. How do I make my ticketing to meet those security and compliance needs without slowing us down.
Right? Because if it gets in the way, that's where we're back to the first part of this conversation, you know.
Ticket volume or ticket speed and efficiency or going down, satisfaction usually follows because you're moving slower. And that's stuff we have to avoid. And so really about, okay, you know, which is understanding your industry, understand your customers and what apply it to you and pick the right tool for that job. Restrict access.
And you can, you know, pretty confidently push forward and worry about the seventy five million things we have to worry about is importantly Yeah. Not not the simplest juggling act. We've got speed, quality, security, and compliance that all serve, I think, have equal weight in this discussion. So, you know, hat hat's off to you, Alex, for for managing it as well as you do.
There's no small task.
Think that wraps us up for for today's session. So for those of you just joining, you're late go back to the start. The this has been, the latest edition of Virtress hash it out series where we just kinda shoot the and, and talk about some of these tech tech concepts in a more casual way. Hopefully, we'll see it for the next one. Thanks.
/Carissa/Events%20and%20Webinars%20Events%20Page%20Card/26-Hash%20It%20Out-Thumbnail-Ep%2035.jpg)
/Carissa/Events%20and%20Webinars%20Events%20Page%20Card/26-Hash%20It%20Out-Thumbnail-Ep%2034.jpg)
