Cloud customer relationship management (CRM) systems afford businesses many conveniences and efficiencies, allowing sales teams to manage their pipelines with greater ease and proficiency. Businesses are becoming more dependent on these systems to provide timely reporting and even predictive analytics to inform future strategy. As these businesses increasingly rely on their CRM solutions, however, entrusting them with valuable information, it becomes even more important to ensure that the data residing in these systems is protected against theft or loss. Here are four ways in which businesses can take measures to secure their CRM environments.
1. Do Your Due Diligence on Your CRM Provider
One benefit of using a cloud-based CRM system is that you no longer have to patch it, back it up, or perform the daily administrative tasks you might otherwise have had to do. That said, placing your eggs in a cloud provider’s basket does not mean that you are entirely off the hook when it comes to ensuring that the data are protected and safe. If you haven’t already done so, familiarize yourself with your CRM provider’s data security and backup practices—particularly if you are bound to government regulations. Make sure to ask detailed questions of your provider and understand how your CRM data are protected against both unauthorized access and data loss.
2. Do Your Due Diligence on Your Own Network
Using a cloud-based CRM system does not prevent you from suffering a data breach involving CRM data. If your information security policy is not strong enough to manage the level of risk your business faces, you can still be compromised. An attacker, having gained access to a corporate user account, will likely not have much trouble gaining access to other systems that your business uses (either through piggybacking on accounts to which the attacker is already authenticated or by using a keylogger). Review your internal security practices, and ensure that your network is adequately protected.
3. Properly Restrict Users’ Access
Although we don’t like to contemplate it, insider threat is a very real aspect of information security that all organizations must consider. Have you recently reviewed the access privileges for the users currently defined in the CRM system? Do those users have the correct rights and privileges, or have some of them been granted permissions beyond a level they need to perform their work? Take a moment to review how passwords are managed, as well. If you don’t currently integrate your CRM system with Active Directory or Lightweight Directory Access Protocol, you may find it beneficial to do so—just make sure that the password policy on which those systems rely is as strong as it should be and that your overall information security practices are up to the task. In addition, make sure you have a clear plan for removing user accounts from the CRM system after employees depart your company.
4. Secure Your Mobile Devices
Last but certainly not least, make sure that any end points that accessing the CRM system—be they laptops, tablets, smartphones, or even wearables like the Apple Watch—are properly secured so that only the appropriate parties have access to them. This links back to your information security policy, of course, and it also ties back to your processes and tools for managing your mobile devices. If you have a Bring Your Own Device program in place, pay particular attention to how passwords and authentication codes are handled on any devices that access your CRM system.
With prudent measures and vigilant proactive attention, you can ensure that your CRM system is protected from a data breach. Knowing that you have taken those steps, you can rest assured that the valuable data you have placed in your CRM system are safe and secure.
By Rose de Fremery "founder of lowercase d consulting"
