Passwords: A Key Security Feature of Your CRM
Password management is a critical feature of every CRM. For many companies, customers or clients need a password to access data or content. And all companies have employees who have various levels of access to the CRM system itself.
First, here are some ways passwords are used for customer or client data, beyond the obvious safeguarding of credit card numbers and personal data like emails, addresses and phone numbers:
- Privacy Law Compliance - If your company is a gym or spa or offers other health services, for example, you may be gathering information that falls under HIPAA guidelines. If that’s the case, make sure your CRM is HIPAA compliant.
- Ensure Age Appropriateness - All content isn’t appropriate for all audiences – mainstream products such as alcohol, cigarettes or vaping equipment, even some supplements, can’t be advertised to children. Also, contests and sweepstakes should only be marketed to adults unless specially designed to meet the FTC rules for advertising to children.
- Exclusive Content - Create content that can only be accessed by paying members. If you are an online publisher, for example, you might have free access to certain articles but paid access to research. This access could be per item or access to a group of items for a certain time period.
- Class Materials - Does your company offer online classes or in-person events? Password protect the materials based on event attended and make them available before, during or after the class or event.
- Sales Previews & Specials - Allow your best clients to preview new products. Offer special rates for renewing customers. Create excitement by inviting top users to beta test new software. The possibilities are endless!
Equally critical are the passwords your employees use to access your CRM – and how those passwords are managed. Here are some important things to consider in order to safeguard your database, which is likely one of your most precious assets:
- On-boarding - New employees are typically given access in the first days of employment. Make sure your process doesn’t have any security holes. For example, it is not good practice to give every new employee the same initial login password, that can open the gate for anyone who knows that password to hack in. And when they make a new password, it should be sufficiently complex, no “P@55word” or similarly obvious forms should be allowed.
- Data Access Restriction - One way to help safeguard your data is to restrict employee access to just the data they need. Too often we find that too many (or even all!) of a company’s employees have access to everything in the database. By restricting access, you actually make the database less frustrating because team members are only seeing the information they need. Your West Coast sales team might only have access to those states, for example, while the East Coast has access to the states in their territory.
- Field Security - This is one way to accomplish data access restriction. If your company gathers social security numbers, for example, you can restrict access to that field of data. This keeps the data most important to your customers under lock and key. It also makes it easier to track down the source of any security breaches.
- Administrator Passwords - These should be especially unique, and specific to each administrator. Don’t use passwords that are similar in structure (LastNameBirthMonthBirthDay for example), and each administrator should have their own personal access. This again makes it easier to track down any system admin issues that might come up.
- Ramp-down Procedure - What happens when someone gives their two-week notice? How and when do you limit their security, record their access, and remove export permissions? What if you think someone is disgruntled and might be looking to leave but hasn’t given notice yet? And once they have left, how quickly do you inactivate their account or, at a minimum, change their password?
If you have questions about your CRM security features or about password best practices, get in touch. At AspenTech CRM, we specialize in supporting our clients from needs identification through system implementation, followed by support and on-going maintenance and assessment. We look forward to speaking with you.