Protecting CRM Customer Data Requires Vigilance

by Jim Berkowitz on December 14, 2009

Here are several excerpts from an excellent article by Jennifer LeClaire, Protecting CRM Customer Data Requires Vigilance.  For much more on this topic, check out the complete source article.

Keeping CRM customer data secure isn’t a one-size-fits-all task. Indeed, tackling security issues around CRM data demands close examination of vendors as well as internal and external threats — and it’s a vital part of customer relationship management.

The alternative is devastating. Ponemon Institute research indicates that data breaches have serious financial consequences for an organization. According to the most recent Ponemon Institute Annual Cost of a Data Breach study, the average cost of a data breach has risen to $202 per customer record. The average cost of a data breach over four years is $6.65 million.

Companies should consider the issue of CRM and customer data security critically important, and this is true for companies of all sizes, according to Sanjeet Mall, a CRM architect at SAP. A company’s most valuable data, he added, should be protected whether or not regulations mandate it.

The Online Trust Alliance recently developed a set of global guidelines for preserving and enhancing consumer trust and confidence. With those guidelines in mind, Craig Spiezle, executive director of the alliance, offers a quick checklist for securing CRM data…

  1. Encrypt all sensitive data and contacts shared with third parties or transported out of company-owned facilities.
  2. Create a Data Loss Plan (DLP) to be prepared for loss and breeches.
  3. Regularly scan systems, including servers and desktops, for known vulnerabilities in operating systems and applications.
  4. Implement protection against phishing, spam, viruses, data loss, and malware.
  5. Encrypt all wireless data access points.
  6. Require employees and vendors to upgrade to the most current browser.
  7. Audit all third-party code and links used or referenced on internal sites.
  8. Limit access to data on a need-to-know basis.
  9. Archive or destroy inactive customer data.
  10. Collect data for only real or expected business purposes.

“Too many companies don’t take CRM data seriously,” Andrew Storms, Director of Security Ops for nCircle said. “What would happen if your top 10 deals for next quarter were leaked to your closest competitor? How would your customers feel if confidential data about their businesses were stolen from your systems? Imagine the long-term damage this could inflict on your business and then take action accordingly.”

{ 1 comment }

Thomas Trevino January 7, 2010 at 8:42 am

These are good things to definitely not take lightly.. thanks!

Comments on this entry are closed.

Previous post:

Next post: