Tag Archives: business owner

Forget Big Data — Focus on Small Data

In their rush to jump on the big data bandwagon, many organizations have lost sight of a much simpler yet effective source of customer insight: “small data.”

Big data is about synthesizing, mining and analyzing mounds of seemingly unrelated information to derive actionable insights about your customer. It’s a complex science but one that can be leveraged to understand and engage customers in new, surprising and sometimes even creepy ways. (Consider the well-documented case where retailer Target figured out that a teenage girl was pregnant before her father even knew—merely by analyzing her purchase history data. See “The Challenges Around Big Data and the Lessons to Be Learned.”)

In contrast, small data is about listening to and observing your customers intently, picking up on simple cues that allow you to better personalize and customize your interactions with them.

Small data doesn’t require supercomputers to decipher. It’s not really a new concept, either—it’s just a new moniker for a tried and true approach that the best sales and service people have employed for decades, if not centuries.

That might make small data sound quaint and old-fashioned, but don’t be fooled. Using it can actually enhance your business’ customer experience in very material ways, without the expensive overhead associated with big data solutions.

See Also: To Go Big (Data), Try Starting Small

To get a flavor of how small data can influence your customer experience, consider these examples of the strategy put into practice:

• Delta Airlines’ 800-Line Greeting

Presuming a customer calls Delta from a phone number the airline has on record, the 800-line voice response system will skip the standard pleasantries and prompt you with a question such as “Are you calling about your delayed flight?” If the answer is yes, then Delta immediately routes the caller to an automated service or a live representative who can help, obviating the need to navigate through a series of menu options.

Once the incoming phone number is identified, Delta’s systems check to see if the customer has reservations coming up, or if perhaps a flight that day has been delayed or canceled.

That’s not a terribly complex undertaking from a data perspective, as it is a relatively simple look-up exercise, rather than a full-blown analytics task.  Yet it yields a much better and more efficient customer experience, particularly at a time when passengers may be frazzled about unexpected changes in their travel plans.

• Ritz-Carlton’s Personalized Guest Experiences

The Ritz-Carlton luxury hotel chain is renowned for its ability to create highly personalized guest experiences. If the Ritz in Boston learns that a guest is allergic to feathers, then the Ritz in Dubai—half a world away—will de-feather that same guest’s room prior to arrival.

How does the company do that? Ritz staff are trained to listen carefully for guests’ likes, dislikes and general preferences. These are small pieces of data (such as a favorite newspaper or snack, or a preferred room location) that Ritz-Carlton employees dutifully record in a customer database dubbed “Mystique.”

They’re also trained to consult that database prior to a guest’s arrival and act on any relevant information they find. This helps ensure that any previously captured small data is used to create an unusually customized guest experience during subsequent visits.

These two examples are from outside of the insurance industry, but the approaches they illustrate are easily transferable. It’s simply a matter of putting your antennae up and looking for small pieces of data that can be used to deliver a more personalized, relevant and anticipatory customer experience.

Consider the small data that’s available to insurance carriers—data that, if captured and capitalized on, could generate some very positive customer impressions:

• Children’s Ages

By recording information about a customer’s children during an initial needs analysis, insurers can engage the policy owner to assist in stressful parenting periods, such as when a child approaches driving age.

While identifying households with youthful drivers isn’t a new idea for insurers, using that information to strengthen the customer relationship is. Historically, such data has been used by insurers to address situations where a new, uninsured driver may be behind the wheel (to adjust premiums).

However, the identification of a youthful household driver shouldn’t just be an exercise in rate adjustment. It’s also an opportunity for the insurer to demonstrate the value it provides—in this case, by communicating relevant information to parents that helps them navigate a difficult family transition (e.g., determining what resources are available to teach their son/daughter how to drive or how they can best ensure their child’s safety while they learn to drive).

Using small data in this way creates a customer experience that appears strikingly prescient to the policy owner, essentially addressing their concerns and questions before they even have a chance to raise them.

• Sales

For certain types of commercial lines coverages, insurers have visibility into business performance measures for their clients (such as sales), which are recorded annually via premium audits.

Here again, as with youthful drivers, the industry has traditionally used such data exclusively to adjust premium rates for coverages that are tied to these business metrics. But this small data can be far more useful.

Consider the first time a commercial lines customer crosses over the $10 million revenue threshold. That’s a milestone that would be reflected in the small data most insurers collect, yet few do anything with it, other than raise premiums.

Imagine if that customer received a handwritten note from his insurer (or agent) a month after renewal, congratulating him on reaching that milestone. Imagine how that small token of recognition would make the customer feel.

Business owners, after all, don’t really care about their business insurance—but they do care about their business. When their business grows, that affords an opportunity to celebrate alongside them, to give them a “pat on the back” that they likely weren’t expecting from their insurance provider but will remember fondly.

• Recurring Information Requests

At Ritz-Carlton hotels, if a guest requests the same newspaper, snack or room location visit after visit, the staff will notice and use that small data to shape the customer’s future stays.

There is an analog for this in the insurance industry. Consider the reports and other information materials that a policy owner requests year after year—e.g., a commercial insured requesting updated certificates of insurance for her core set of clients, or a corporate risk manager requesting loss reports sorted by site.

Every recurring information request represents a piece of behavioral small data that can be used to customize the policy owner’s future experience.

Imagine if a policyholder didn’t even have to make those information requests, just as the Ritz-Carlton guest who’s allergic to feathers need not request a feather-free room.

Imagine if an insurance provider, based on a policyholder’s prior history of information requests, offered all of those reports and certificates to the customer at precisely the right time each year.

That would be the epitome of a more personalized and effortless customer experience, all made possible simply by acting on a piece of small data.

Small data may be less glamorous than its more buzz-worthy big data counterpart, but it’s no less important.

Big data has its merits, but as the “shiny new object” that every company covets it has unfairly eclipsed the value of simpler and more straightforward sources of customer insight.

Better understanding your customers and her needs doesn’t always require intense data crunching and sophisticated analytics. Often, what’s really needed is just a watchful eye, an attentive ear and the discipline to act on whatever insights you uncover.

Because when it comes to creating a positive, memorable and personalized customer experience, small data can have a really big impact.

This article first appeared at Carrier Management.

Politics of Guns and Workplace Safety

The politics of guns in America are volatile, divisive and passionate, yet the risks that firearms present to organizations every day do not depend on the politics of the moment. Employers must deal with the reality of gun violence in America. A RIMS 2016 session discussed the legal aspects of what organizations can do and the practical implications of creating a firearms risk management program.

Speakers were:

  • Michael Lowry, attorney, Thorndal Armstrong Delk Balkenbush & Eisinger
  • Danielle Goodgion, director of human resources, Texas de Brazil

What Risks Do Firearms Pose?

OSHA states that an employer must provide “employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees.”

See Also: Active Shooter Scenarios

There are several risks to your organization, including:

  • Operations can halt in the case of a shooting. You have issues like police investigations and possibly injured employees.
  • Workers’ compensation will kick in if employees become injured.
  • General liability will be activated to cover injuries of non-employees.
  • Reputational risks are possibly the largest risks. You do not want your business associated with a violent act.

Most think that the Second Amendment bars private businesses from banning guns, but this is incorrect. The amendment applies to governments, not private homes and businesses.

Some employers react by posting signs banning all guns. This simple sign can be a recipe for disaster for several reasons:

  • Have you created a duty? If you post a sign, you have officially created a duty.
  • Why did you create this policy?
  • What are you doing to enforce this policy? Did you have a manual? Did you put up X-ray detectors? Probably not. You have to be able to prove you are enforcing the policy if you post a sign.
  • Did you train your employees to enforce this policy? If this policy is not enforced, a person might be injured by a firearm on your property.

“Bring Your Gun to Work” Laws

This is not a good idea. According to the law, business may not bar a person who is legally entitled to possess a firearm from possessing a firearm, part of a firearm, ammunition or ammunition component in a vehicle on the property.

In Kentucky, an employee may retrieve the firearm in the case of self-defense, defense of another, defense of property or as authorized by the owner, lessee or occupant of the property. In Florida, the employer has been held liable for civil damages if it takes action against an employee exercising this right.

Reputational risks also can apply. You could either get special interest groups protesting against your business or people who refuse to do business with you.

The Middle Ground

It is best to create a policy. Even if you support the right to bear arms, you can do it subtly. There are several provisions on what type of carry you allow and what signs are required. Business owners also do have the ability to allow no guns on the premises.

See Also: Broader Approach to Workplace Violence

Your policy should describe exactly how to approach a customer if an employee sees a weapon, including who should approach the customer, what to say and the steps to take to address the issue. Training is important.

Why Train?

  • Researchers from the Harvard School of Public Health and Northeastern University found the rate of mass shootings has tripled since 2011.
  • In 2014, an FBI study considered 160 events between 2000 and 2013. 70% occurred in business or educational setting.
  • In 2000-2006, the annual average rate was 6.4 shootings. That jumped to 16.4 in 2007-2014.

This is clearly a problem that is getting worse, so why is training rarely provided? Places of business are a target – especially retail, restaurants and businesses in the hospitality industry. The active shooter wants soft, easy targets in large, open, public and crowded areas, and the goal is to kill indiscriminately. If your business is doing well with large crowds, you are a soft target.

Active Shooter Resources

To learn how to manage this risk, you can find resources from:

  • Law enforcement
  • Insurance partners
  • Government
  • Outside experts
  • Legal
  • Human Resources

Online resources include:

New Way to Lower Healthcare Costs

Managers are more likely to limit rental cars to $30 a day than limit an open heart surgery to $100,000 — for ethical and regulatory reasons, many executives steer clear of involving themselves in healthcare decisions, other than selecting the broadest possible network access. But few expenses that executives know so little about matter more than those involved in healthcare do.

This article speaks to a cultural shift that could provide tremendous impact for employers. They can now lower costs while also improving outcomes.

Until now, employers have used two main strategies:

–They offloaded costs to employees, hoping that giving them more skin in the game would reduce their spending on healthcare. But the continuing lack of transparency about healthcare costs, combined with costs that rose faster than employers shifted them, resulted in insurance picking up more cost and consumerism being driven down.

–Employers also invested in wellness programs. But wellness programs are most attractive to the already healthy. And they attempt to reduce how often enrollees encounter the system. But we know that everyone will encounter care at some point. It is each encounter’s volume and cost that is at the heart of this out-of-control system.

The new, better approach was demonstrated in a whirlwind, 48-hour trip I took with some incredible healthcare leaders.

First, we met with the executives of Rosen Hotels in Orlando, who have saved hundreds of millions of dollars compared with average employer healthcare costs. Rosen’s single-digit employee turnover would delight most employers, but it is spectacular in the hospitality industry. Rosen achieves this turnover with a benefit-rich plan most employees would drool over: e.g., no-cost prescriptions, $750 max hospital out-of-pocket.

How does Rosen accomplish this? First, its healthcare thinking is based on what it wants to achieve rather than what it has to provide. Beginning with the CEO, Rosen’s top executives really care about every one of their employees, as evidenced by the more than a few employees who have been there for 40-plus years. (Remember, this is a hotel chain, not a hedge fund with six-digit salaries). The strategies deployed vary, but they mainly support making the highest value care as accessible as possible.

Value—a fair return or equivalent in goods, services or money in exchange for something—is seriously lacking in American healthcare. Rosen took it upon itself to provide healthcare whenever and wherever possible, using its clout to lower costs. The company arranged special prescription drug discounts with Walmart. Rosen has on-site medical directors who personally engage with each employee’s health. The directors visit employees in the hospital and help arrange home delivery of costly specialty medications from lower-cost pharmacies. The company monitors and supports sick employees’ recovery and progress. It also built a health-and-wellness center for all employees and dependents with primary care, prescriptions, fitness instruction and more. I know all this sounds expensive, but the impact far outweighs the cost.

The second part of our adventure involved a flight to the Caribbean island of Grand Cayman, just south of Cuba, a beautiful tropical setting an hour-long flight from Miami (and with direct flights from a dozen other U.S. cities). The morning after our late arrival, we enjoyed the beautiful sunrise for exactly 20 seconds before we were bused to a facility called Health City Cayman Islands (HCCI). The single building on 200 acres (with significant future expansion plans) is clean, new and functional, though it is not nearly as grand as many U.S. mega-hospitals. Now two years old, HCCI is a joint venture between Ascension Health (a non-profit U.S. health system) and Narayana Health, a top Indian health system based in Bangalore. HCCI’s Indian roots are very important, because that country has no national healthcare or insurance system. The Indians have a novel approach to healthcare: You pay for it.

Narayana Health, which has achieved Joint Commission International (JCI) accreditation, performs a volume of procedures unprecedented in most hospitals. This volume is produced by a highly experienced team with quality outcomes that equal or exceed the best U.S. hospitals, but the team does it at far lower cost. Dr. Devi Shetty, Narayana’s founder and a cardiologist who has performed more than 25,000 heart surgeries, is focused on reducing the price of an open heart surgery to $800. (It currently sits around $1,400). Compare that with a 2008 Millman report that pegs U.S. open heart surgery costs around $324,000.

Some employers—Carnival Cruise Lines, for example—are so convinced of HCCI’s value (better health outcomes at far lower cost) that they will pay for all travel, including a family member’s accommodations for the length of a stay, and often waive an employee’s out-of-pocket costs associated with the procedure.

While HCCI’s pricing is higher than its Indian sister facility, many people could afford to pay for HCCI’s care with their credit card, if that were necessary.

HCCI charges a single, bundled fee that covers all associated costs, plus the cost of most complications — the director says, “Why should the patient pay for something if it was our mistake?” Compare that attitude with that at U.S. facilities, which have financial incentives to deliver as much care for as long as possible, and which get paid more if they make mistakes. HCCI’s upfront pricing model creates a serious incentive for efficiency and quality, because the facility is financially responsible for complications, infections and extra tests.

Patients and purchasers (i.e. employers and unions) should realize that nearly all U.S. healthcare—hospitals, doctors, drug companies and even insurance carriers—are structured to benefit from more care, rather than good, efficient or innovative care.

This means that purchasers and patients must use any available levers to get the best healthcare value they can. As Rosen and HCCI have proven, those levers are increasingly available.

ransomware

Ransomware: Growing Threat for SMBs

Ransomware, a cyber scourge that appears on the verge of intensifying, poses an increasingly dire threat to small- and medium-sized businesses (SMBs) in 2016.

In a ransomware attack, victims are prevented or limited from accessing their systems. Cyber criminals attempt to extort money by first using malware to encrypt the contents of a victim’s computer, then extracting a ransom in exchange for decrypting the data and allowing the victim to regain access.

Until now, most attacks have targeted consumers and, to a lesser extent, businesses working on Windows platforms.

That’s about to change. Security experts caution that small- and medium-sized business owners and users of non-Windows platforms can expect to be increasingly targeted in attacks that seek to extort money from them via sophisticated ransomware tools.

Upcoming webinar: Navigating Identity Theft: How to Educate and Protect Your Employees and Clients

Experts say many of the malicious campaigns will likely be carried out by opportunistic attackers and newbie extorters trying to take advantage of inexpensive do-it-yourself ransomware kits that are beginning to become available in underground markets.

Estimates about the cost to victims from more widely used ransomware tools like CryptoWall and CryptoLocker range from tens to hundreds of millions of dollars.

Now, analysts are concerned that cyber criminals are on the verge of widening the scope of their attacks. Last month, researchers at security vendor Emsisoft analyzed Ransom32, a malware tool many believe is a harbinger of things to come on the ransomware front.

Fewer are immune to attack

Ransom32 is the first ransomware tool written entirely in Javascript. That makes it easily portable to other platforms like Linux and Mac OS X.

Kowsik Guruswamy, Menlo Security chief technology officer
Kowsik Guruswamy, Menlo Security chief technology officer 

 

Kowsik Guruswamy, chief technology officer at Menlo Security, says that, unlike the JavaScript in a browser that is sandboxed to prevent access to the file system and other local resources, Ransom32 also is designed to have unfettered access to the system.

“Ransom32 is one-of-a-kind in that it’s cross-platform, which alone increases the targets for the malware authors,” Guruswamy says. “Since the underlying Chromium interpreter is cross-platform, this allows Ransom32 to target users across all of the (operating systems) and devices in one go. This is the worrisome part.”

Related video: A case for making software more resistant from the start

Significantly, the authors of the malware appear to have adopted a ransomware-as-a-service model in their distribution approach. Ransom32 is available via a hidden server on Tor to anyone with a bitcoin account.

The malware does not require any specific skills to operate, and it comes with a management interface that the attacker can use to customize ransom messages and specify the ransom amounts. The interface supports a feature that lets the authors of Ransom32 track how much money is being collected via the tool and lets the authors take a 25% cut from the total.

DIY kit for bad guys

Ransom32 is the second publicly disclosed ransomware in recent months that is being distributed as a do-it-yourself kit in the cyber underground. The first was Tox, a malware tool discovered by a researcher at Intel’s McAfee Labs that, like Ransom32, was distributed via Tor to anyone interested in launching a ransomware attack.

“Ransomware as a service is an increasing and worrisome trend,” says Fabian Wosar, a security researcher at Emsisoft. “Fortunately, most schemes are of poor quality, but the people writing these types of frameworks are learning.”

Each time a security vendor finds a weakness in a ransomware tool, the threat actors figure out what mistakes they are making and plug it immediately, Wosar says.

Going forward, expect to see the emergence of tools like Ransom32 and trends like ransomware-as-a-service pose a bigger threat for businesses, especially the small and medium ones, which generally don’t have the same resources that large companies have to defend themselves.

Lately, there have been an increasing number of reports about company servers being attacked directly through the Remote Desktop Protocol (RDP) that is used to remotely administer and manage systems.

SMBs have limited defenses

“Most SMBs don’t have the budget to employ their own in-house IT staff,” Wosar says. “As a result, a lot of them employ outside companies to take care of their IT infrastructure, and these companies often use remote control tools like RDP to administrate the network and server [remotely].”

One result is that a lot of SMBs are exposed to attacks that take advantage of weakly protected remote control interface to gain access to internal systems and data. Wosar says that in such situations it is just a matter of time before an attacker stumbles on a critical server and hijacks it for ransom.

Because the attackers typically gain access to the server itself, they also can turn off any security software that might be installed on it, and they become virtually undetectable in the process. All that is left behind is usually a note that informs the admin about the hack, with a means of communication to negotiate the price.

There already has been an increased interest from cyber criminals in specifically targeting companies, largely because of the potentially bigger payouts involved, says Christian Funk, who heads Kaspersky Lab’s global research and analysis team in Germany.

“A business is depending on its digital assets and, therefore, often more willing to pay the ransom,” Funk says. “There have been cases where cyber criminals noticed that a company has been successfully infected and, therefore, the criminals decided to charge up to eight times the original ransom. I suspect such methods, as well as targeted attacks, are likely to increase in future.”

This article was written by Third Certainty’s Jaikumar Vijayan.

Is ‘Direct’ a Dirty Word for Insurers?

The second-worst-kept secret of the year, after the launch of Google Compare in the U.S., is Berkshire Hathaway announcing its plans to sell insurance directly to business owners over the web. Quelle surprise.

I recently spoke with a C-suite exec who told me that “direct” is a dirty word.

Perception is reality.

In reality, though, “direct” is a lousy term that doesn’t do justice to the implementations that today’s technology has to offer that are often in direct alignment with an insurance company’s business model.

The conversation becomes uncomfortable to some once the word “middlemen” is introduced. It doesn’t have to be.

There are two primary outcomes to direct selling: (1) eliminating the middlemen or (2) empowering them. For visualization purposes, consider the following three brands:

Quotemehappy.com occupies the left extreme of selling directly to consumers. A spin-off of Aviva since 2011, the online insurer only provides phone support if a customer has a claim. For all other inquiries, there is browsing. Then there are the Geicos of the world, where insurers offer the convenience of buying on the web with the assurance of speaking to an agent, when needed. To the right extreme, Plymouth Rock provides an example of an insurer that has a patent-pending technology that matches online quotes to agents either pre- or post-purchase. There are several other players occupying the comfortable middle with direct-to-consumer models that offer varying degrees of human interaction.

Typically the outcome is determined by the company’s original distribution channel: whether offline, web or mobile. The table below further illustrates how versatile “going direct” can be:

  • Geico, Policy Genius and Cuvva are examples of insurance companies that implemented a direct-to-consumer strategy from the get-go; here, direct is a no-brainer.
  • Plymouth Rock and Quotemehappy.com via Aviva signal companies that implemented a direct-to-consumer strategy in an attempt to address a change in the market.
  • Allstate acquired Esurance to buy its way into the direct market, and so did AmFam with the acquisition of Homesite.
  • Also, AmFam invested in insurance comparison site CoverHound.

When all is said and done, direct selling is first and foremost a marketing channel that empowers the consumer. Sans proper marketing and messaging, the online insurance journey is transactional at best, and players risk commoditizing their product.

“Commodity.” Now there’s a dirty word for you.