Anand Sethupathy February 25, 2008 No comments

Keeping Your CRM Safe

Here are a few tips we are sharing with our clients about keeping their CRM instances safe and secure. This is mostly targeted at organizations that are currently using the Salesforce platform.

We can broadly break up this topic into three areas:

Physical Security

Machine Access – If you or your staff operate in a fairly public environment where their machines could easily be accessed by others, you need to take extreme care to ensure that your users logout whenever they are away from their machines. Since it is likely that Users will forget to logout it would be prudent to setup a frequent Session Timeout. You can do this in Salesforce by going to Setup –> Security Controls –> Session Settings. We would recommend the 30 minute timeout for anyone who operates in a public or semi-public space.

Written Passwords – Ensure that your users are not writing their username and password on a sheet of paper which is next to their computer. We have witnessed this many times and it defeats even the best security measures!

Digital Security

Strong Passwords – We recommend that you set your password policy so that at least 8 characters are required with a mix of alpha and numeric. Never allow the password to be used as a part of the username or the security question. To manage password policies in Salesforce go to Setup –> Security Controls –> Password Policies.

Password Expiration – We recommend you have your passwords expire at least once every 90 days and more frequently if you organization can handle it. Please note that if you have external applications (such as a website) which interface with your CRM, you will also need to reset these passwords when they expire.

Disable Accounts – Don’t forget to disable accounts for former employees and consultants who may have been on the system in the past.

Audit Your Login History – Check out who is logging into your CRM instance by viewing the Login History or User Adoption Dashboards. You may even want to setup a report that you can check on a periodic basis.

Recovery

Backup Your Data – Please backup your data! If you are a Salesforce user, you can backup your data for free every week. Simply go to Setup –> Data Mgt –> Data Export. If your data changes so frequently that a weekly backup is insufficient, consider using a product such as Demand Tools or get an ODBC Driver which allow you to connect to your CRM and download all data on a more frequent basis.

Following the above tips should leave you in pretty good shape for your CRM security. Also, please be sure to read any security bulletins which your CRM vendor sends to you and alert your users to any new threats as they arise.

You may Leave a comment or Subscribe to Comments RSS or Trackback this entry.

Leave a comment

Please be polite and on topic. Your e-mail will never be published.