Are you paying enough attention to secure your CRM tools?
Your CRM tools are a treasure trove of customer data and not surprisingly they are usually targeted in a number of security breaches. Loss of your customer data can affect your brand and strengthen your competitors who can now target your customers more effectively. The breach can occur due to an attack on your servers or from stolen mobile devices or laptops. In this post, I will detail some of the steps for you to take in keep your customer data safe.
Strong Password Policy
Institute a strong password policy for all user accounts. Given that most CRM tools enable mobile access now, make it mandatory to have password protection on all devices that can access your CRM database. Use best practices to ensure password strength (minimum 8 characters and including numbers, special characters, alphabets) and make sure the password is changed every 30 days. You could also make your employees carry physical keys such as passwords stored in USB drives, if you are dealing with highly critical user information.
Encrypt Remote Data
Encrypt all your remote data. Also make sure the Wifi connection is encrypted (802.11i) when you are accessing corporate information.
Save Data in the Cloud
Train your employees to never save customer records in their laptops without password protecting the files. If you are taking an excel dump of your customer records and leaving it unprotected in your computer, you risk a serious data breach if the laptop is stolen.
Separate the databases that store mildly critical information (such as usernames, email addresses) from those that store highly critical information (such as passwords, credit card details, transaction details etc). By separating the details, it is easier to protect the critical database in case of a compromise. Zappos did that and was able to protect its customer data when its servers were hacked in January 2012.
Role Based Security
Use role based security. That means an lower level employees should not be able to access any data that is not directly needed to perform the job. With a proper granularity of user roles, you can contain a breach due to an intentional or an unintentional security hole created from an employee’s action.
Train your staff on the best practices of security. That could include not storing the passwords in plaintext, not sending passwords or other critical information in emails and not accessing critical corporate information in public wifi hotspots.
Protect from Employee Leaving
There have been many cases where employees have walked away with the company’s accounts, leads and opportunities, when they quit the company. To prevent this, disable exporting of data and API access to the database, and make the access only through an interface with role based security. That would prevent the employees from accessing any records after they quit the company.
Hire Security Audit
Hire a security audit service from whitehat hackers and make sure all your tools are configured with the best security possible. The audit will uncover holes and security threats.