Data is perhaps the most essential modern marketing tool but it can be challenging to manage and protect. The security and privacy of customer data should be a top priority for any company actively storing business data.
PII stands for Personally Identifiable Information and protecting it is vital. PII is information that can be used to uniquely identify, contact or locate a single person, including information that can be used with other sources.
Best practise guidelines should be followed to ensure CRM system providers, and indeed any business handling data, protect their information efficiently.
It is essential to educate your employees and colleagues about security issues, data risks, as well the prevention of viruses. The best way to achieve this is leading by example, never using shared computers or connecting to the internet via unsecure connections. Passwords should be at least eight characters long and changed on a regular basis.
- Never hold data outside your main database on portable storage devices
- Always encrypt, the evidence is that the majority of data is not encrypted
- Never send data by email attachment
- Always use secure transfer mechanisms and use a different medium for communicating the password!
Write a Data Security Policy
Having a data security strategy in place offers peace of mind to staff, stakeholders and most importantly customers. Knowing your Marketing Tools are secure is a huge benefit. Amongst other things it means everyone should know what they need to do at any time and allows your business to react quickly and effectively to a data security incident.
The strategy should include a carefully thought out Crisis Management Plan, or Business Continuity Plan (BCP) which will help you cope more easily in a potential crisis, enabling you to minimise disruption to your business and customers. The plan should:
- Identify potential crises
- Prioritise the risks
- Assess the impact of a security breach
- Determine how you can minimise risk
- Set out a plan of how to react
- Include a realistic timeline
- Identify the roles of individuals within your organisation in an emergency
- Ensure you have emergency contact information for all staff, particularly if a breach occurs outside office hours
- Appoint a single company spokesperson to handle PR enquiries
- Ensure staff and customers are informed before they find out anything in the press
The period immediately after a security breach is absolutely critical in terms of communicating with the authorities, businesses, and regulators. If a CRM software database is compromised in any way, make sure your clients hear it from you. Disclosing security compromises quickly and honestly will help maintain trust.
It is also a good idea to appoint an internal auditor. Ensure they have the power, time and budget to manage an on-going audit process and the audit staff necessary. Review meetings amongst Operational staff should be held quarterly and reported and discussed at a Board level annually.