News about data breaches is becoming more and more common. Recently, we have seen data breaches with an Illinois unemployment system and IT managed services giant, Cognizant. The bigger companies make the news, but the fact is, hackers are not choosers. They look for anyone who has a compromised system that stores personal data including CRMs.
When individuals enter their information into a contact form or give you permission to add them to your CRM, they are trusting that you are taking necessary measures to protect their data. To help you assess the quality of your CRM data protection, here are 4 questions to ask yourself.
- How secure is the server where my data is stored?Some CRMs offer cloud storage while others install their platform on the server of your choice. It can be a challenge for us to know if a server is secure since we do not have a technical background, but we can still evaluate the security by looking at these things.
- Does the provider have a certification like IS 27001 which shows you that security is a priority?
- Can the provider show you their data recovery plan if an issue arises?
- Do they have a protocol in place regarding customers accessing server-level configurations?
- Am I assigning the right level of permissions to my CRM users?Every CRM has a default setting for user permissions from zero permissions to enable all permissions. It is a good idea to look at the default settings and make sure your users are assigned the right level of permissions when they are added. It is better to error on the side of caution and restrict user permissions. You can always add more permissions to users. The last thing you want is for someone to have admin permissions and knowingly or unknowingly wreak havoc within your CRM.
- Are my employees creating strong passwords for their accounts?Many breaches start with a commonly-used password. Hackers know that people make simple passwords because they are easy to remember, so they take a look at the user’s persona and can make educated guesses based on interests, anniversaries, birthdays, children, and the list goes on. It is a good idea to require that your employees create a password that does not have any recognizable words and like at least 8 characters, one uppercase, one lowercase, number, and a symbol. It is better to reset your password if you can’t remember it, than using a simple, common password that hackers could easily figure out.
- Is my CRM being accessed over insecure networks?Not only do many breaches happen because of passwords, but they also happen over unsecured networks. Many public wifis are unsecured networks. It is very easy to connect to these networks in places such as Starbucks, Walmart, and restaurants. However, the convenience of these wifi hotspots also carries the risk of personal data exposure. It is better to pass on the wifi and use your data connection. We recommend that you have a discussion with employees who use the CRM and discuss the risks and best practices when accessing your CRM outside the office or their home.
We take for granted the ability to access our CRM data anytime, anywhere, but we also have a responsibility to do all that we can to keep our data safe. Take time to answer the questions above and ensure that your data is protected. If you are considering a CRM or have questions about CRM security, reach out to us at firstname.lastname@example.org or 301-332-0613.
More CRM Topics
- On June 23, 2020