Since customer data is often cited as the most valuable asset businesses have, nailing down the security aspects of CRM comes almost as a reflex – if you have customer data, you make sure it’s secure. Right?
Sadly, no – getting the security features of CRM set up properly often escapes the attention of many CRM users. When the new system goes live, their minds are on filling it up with information, not on protecting that information – and that can be a major error, says Richard Boardman, founder of Mareeba CRM Consulting, a U.K.-based independent consultancy.
“It’s very rare to see security and admin functionality on a set of requirements,” he said. “People don’t really think about it. They just figure what they need will just be there. And that often isn’t the case.”
Making sure the CRM system is secure seems like an obvious idea, but “I’m not sure it is that obvious, though,” said Boardman. “A lot of projects are sponsored by marketing and run by IT. There’s nothing wrong with that, but they don’t necessarily have the sensitivity (some might say paranoia) about ‘who can see what’ that is endemic in the sales world.”
The risks are many – “The headline one is people walking off with the database, having exported all the customers, prospects, opportunities, etc., and then going to work for a competitor.” That prospect takes the strengths of CRM for collecting information in a central place and recasts it as a hazard. So how do you avoid it
Firstly, you have to recognize it as the problem it’s always been. There’s always been the chance of a salesperson leaving the company with customer information he or she wasn’t entitled to – that pre-dates the computer age. Internally, you may have salespeople poaching customer information from each other, causing strife on the sales team. Don’t become so enamored of the technology that you forget that these are evergreen problems, and make sure you start thinking about them early on.
“Getting security right is about taking the time to work out what you want up front, before you even select a product,” Boardman advises. “If you don’t do this you risk choosing the wrong software and ending with a failed project. A project failure can come either from management saying we can’t go forward on this basis, or users not updating the system because they aren’t confident their data is secure – in other words, they don’t update their sales opportunities because they’re concerned another salesperson is going to walk off with them. So to answer the question, getting it right doesn’t cost a great deal, but getting it wrong can mean all the time and money invested in a project can be totally wasted.”
Developing a set of policies and requirements comes first. Then, you need to devote sufficient time to securing the CRM application.
“Some organizations prove to be super-sensitive about sharing data. You can end up with some very complex security settings, which take some while to figure out and set up,” said Boardman. “The biggest time issue, though, can prove to be user acceptance testing, where you are trying to check all the settings, many of which don’t prove to work as expected!”
When you’re finished, you should have a system that functions as an effective gatekeeper of information, allowing it to be entered, shared and distributed in a controlled manner – and one that prevents data from escaping back into the wild through the bad behavior or ineptitude of the system’s users.