Security is a hot topic in the IT industry right now. With fears of state-level cyber espionage and operating in a post-GDPR world, organisations need to be as vigilant as ever when it comes to protecting their data or risk the consequences.
As CRM and business solutions such as Dynamics 365 Customer Engagement become increasingly central to an organisations operations, it's critical that they have a watertight system that follows processes and procedures.
We've put this list that can help you ensure you are protecting your companies data.
#1 Map your user rights to your organisation
Set a permissions policy across your organisation. Who should have access to what data and CRM components? Think about the structure and hierarchy of your workforce and align it with your CRM system. Consider if you have local departments across a country or continent and if they can view data in other geographical locations. Think about department functions as well, should marketing have access to legal? Can sales staff track the data field engineers use? These questions depend on a business to business basis, but it should be one of your first steps to planning for security strategy.
We would also advise you review your permissions at regular intervals and make sure old accounts are deleted. A disgruntled ex-employee with access to company data could have disastrous consequences.
#2 Implement strong passwords
It seems obvious but using weak passwords such as "password123" is asking for trouble. Bots frequent the web looking for loopholes and vulnerabilities with automated logins attempts, providing stolen credential data to its owners.
Whichever CRM you use, make sure it forces users to create strong passwords using a high minimum of characters, numbers and symbols. We also suggest that you remind staff to not stored credentials offline using sticky notes or notepads.
#3 Third-Party audit
Recruiting an outsider to stress test the security of your system can expose vulnerabilities you didn't know you had. A specialist will look top to bottom across your enterprise to find loopholes before a hacker with bad intentions does. It may seem expensive, but the cost of compromised data is far worse.
#4 Monitor your network
Examine network activities that could cause data loss. Web communications such as email and social media may create vulnerabilities if you are using older systems can be exploited to infiltrate your system.
#5 System redundancies
If your system breaks, how is it backed up? Who's responsible for solving these problems, how long can your staff continue without access, and what do they do meanwhile? If you haven't already your business needs to have a policy in place that has a detailed procedure list in the event data is lost or inaccessible.
On-premise and cloud solutions face different challenges to backing up and restoring data. If you have an on-premise system, even if you backed up your system, do you have the files located outside the office and in different locations? Consider the event of a fire and how even your saved backups could fail you.
If you using the cloud, do you trust your software vendor to have the right backup procedure to roll back your instance? How often are snapshots taken and how much data would you likely lose between backup rollbacks?