business

Trusting third parties with our information

We’ve noticed a disturbing trend here at our startup in the past 12 months or so. We’ve been growing and adding new team members, and almost without fail, almost all our new starters are getting hit with a scam email within a few days of starting at our company. Here is one such example:

As you can see, the email appears to come from me, and is asking our team member to do a certain task, however upon closer inspection, the email address the request came from is not mine, and this email is obviously trying to phish for more information to organise some sort of deeper level scam.

Luckily, our team members are a really bright bunch, and so far, no one has fallen for this scam yet, but as we grow, this will become a bigger problem, so we have included a briefing about this on our onboarding flow for all new hires.

My view is that one of our third party providers is leaking or selling our email information to some nefarious party. The reason for saying this is that these are the following facts:

  • As a fully remote company, we use a lot of third party services to manage our support, documentation, project management etc. - all new hires have to sign up for about 5 or 6 different services using their newly assigned work email address

  • The main people being targeted are brand new employees with a brand new email address, and they are usually hit with these requests within 48 hours of starting with us

  • The only employee who wasn’t the subject of these spam emails was a contractor who used her own existing email and didn’t sign up for our other third party services at all

So someone, somewhere, is getting hold of new emails in our organisation, and targeting these team members knowing that they are fresh starters, and probably not familiar with the way we work here yet, and thus are more susceptible to falling for this trick.

We will shortly be setting up a ‘honeypot’ email and slowly logging on to third party services one by one over the course of several weeks to see if we can narrow down just who is leaking or selling our data to the wider internet.

My first ever app I made and sold...

I was digging through a cupboard today, when I came across the package shown below.

I was initially flabbergasted that I still had a copy on hand, but that soon gave way to feelings of nostalgia that took me back 30 years (yes, that is 3 decades) to when I first created this.

It is basically the first time I had “scratched my own itch”. Being a commercial pilot at the time, I was finding paper based logbooks to be painful to manage, so I wanted to use my programming skills to create a computer based one which would make it easier to tally up certain entries, especially looking at the recruitment process, where pilots would be asked questions like “How many hours do you have on multi engine aircraft?” or “How many in-command hours do you have on a certain aircraft type” etc.

I wanted to create a simple logbook app which could answer that, and so Sabre Personal Logbook was born sometime in 1990.

I wrote this using Clarion 2.1, which is still the most productive and useful application creation framework that I have ever come across to date. I think the original app took about 3 months to create, including the creation of the boxwork art, printing the manuals etc. I even created it using the IBM PS/2 shown on the box art!

There was no such thing as Paypal or Stripe back in those days, heck, even the internet was in its infancy, so everything was done via magazine ads (mainly in Australian Aviation magazine), or pilot specific BBS’s (Bulletin Board Systems), and payments were via people sending you cheques to bank. Wow, there was surely a lot more trust in those days (plus less scammers too, so I guess it all evens out). We even had one of the first online shops in Australia called PC Aviator as our distributor for a bit there.

We had a good run for a year or two, and sold several hundred copies of the app, and we had senior check and training pilots from airlines like Qantas and Cathay Pacific using it and giving us feedback. We had plans to create a “Professional” version for companies and flying schools which could track multiple pilots (hence the moniker “Personal” on this first version), but that never eventuated, as I got distracted with other aspects of the business, and life in general.

Eventually, we just stopped promoting and selling the app, and it simply died a natural death. I did experiment with creating an online version using ColdFusion for a while there, which would have been the first online pilot logbook, but web technology was in its infancy back then, and hosting was super expensive, and online payment gateways took a long time to become mainstream here in Australia, so I abandoned that project.

It was good to come across this today though. Funny to see that the passion to create apps still runs deep within me. These days, I run a very successful app that makes far more in one day than I made in 2 years of selling my Logbook app (indeed, the executable file for the logbook app was smaller than just the CSS file in my current app), but this was my first foray into selling something to total strangers, and I am still excited by it.

There have been many many apps in between, but you never forget your first.

Doing Support Wrong

Photo by Jonny Caspari on Unsplash

I remember when I set up my software consulting business over 25 years ago, my business partner and I wanted to differentiate ourselves from our competitors in town in dramatic fashion. So to try and achieve that, we decided that we would provide incredible support to our clients, which included making ourselves available to them at any time during the week that they needed us. And I mean any time - we sent out letters to them stating that they could call us on a Sunday night when their server went offline, or even on public holidays.

And guess what? They did just that.

At first, this excited us - our customers were taking advantage of our superb support offering, which was building loyalty and value. But then, we despaired, because customers were taking advantage of our offering as we had asked them to do.

You see, when the two of us were starting out and only had about 20 customers, the demands on our time were minimal - we would probably get only a single after hours call per week which we would take turns at responding to. But as our reputation grew and others heard about our ‘overtime’ service, we soon found that we couldn’t scale such a promise.

Calls would come in so frequently during the weekend and in the evenings, that we began to resent our clients instead of celebrating them. What is worse, is that our early clients began to just expect that we would be available to them at any time, and changing that preconceived expectation was nearly impossible once set. Any mention of reducing after hours availability was met with a “Oh, now you got successful off our backs, you are abandoning us??” type response.

It was hard. To make matters worse, we also promoted (to our early clients at least) that we would only charge a minimal extra surcharge for after hours service. This increased the resentment factor because we weren’t really making any extra revenue in return for missing out on family dinners etc.

Wind the clock forward to a couple of years ago when I was setting up my new SaaS business, I fell into the same trap again. I set up our support system so that notifications would be sent straight through to my phone and I was determined to answer emails within minutes, not hours as some of my (much larger) competitors did.

But alas, we ended up having more customers for our SaaS outside of Australia. Mainly in the US and Canada actually, which is the opposite side of the clock from me. Thus began the flurry of support emails coming through at 2am in the morning. Goodbye restful sleep!

What is worse is that our support chat widget on our site had already been ‘trained’ by my existing quick response time, so it would tell any new customer to expect a response “within a few minutes”. So of course, the added pressure was on me to wake up and respond to those requests in order to maintain this epic metric.

Luckily, in this instance, I managed to mitigate the problem by welcoming remote team members in different timezones to my business, so now we can still provide fairly exemplary service to our customers which is NOT detrimental to my own health or sanity.

To anyone else out there setting up a new business which requires providing help to customers, I urge you not to go overboard too quickly. Take a look at your current team size and customer locations, and work out whether instant support any time is actually doable. Also, I am sure that if you speak to your customers, most of them will be willing to wait at least a few hours for help. Unless you are of course selling something that is linked to vital emergency response - waiting won’t kill anyone. In some cases, customers will actually value you more if they don’t get an instant response.

Having an intelligent support system that can evaluate the urgency of the request and escalate accordingly is also useful. In fact, the first support person I hired in my new business - that was their job! Not to actually provide support per se, but purely to be there to take the customer message and say “Thanks for contacting us about problem ‘x’, we have escalated your issue to our technical team.” They knew my sleep patterns and so could even give the customer an accurate response time, i.e. “Someone from the developer team will get back to you in 3 hours”. In a lot of ways, setting up new customer expectations this way worked very well for us. No one got angry or left, and we still got 5 star support rating because we managed expectations well.

Do you have any tips for maintaining great customer support while maintaining your sanity and preventing burnout? If so, I would love to hear from you in the comments below.