Home » Articles » Ensuring Rock-Solid Client CRM Data Security

In Financial Services, many companies prefer to keep client information locked tight in-house to guarantee complete protection. This legacy thinking is with significant justification. Those who let personally identifiable client data slip face massive loss of reputation, loss of clients, plus punitive fines and lawsuits.

Being relatively new, cloud computing services, including cloud CRM, are a natural object of distrust. And there are many myths about their safety – which we’ve busted in a previous article.

Today, it’s widely recognized cloud CRM, from a proven vendor and properly configured, can provide Financial Advisors plenty of benefits, plus unparalleled security. That includes secure cloud storage for all your client records and documents, at a predictable and affordable price.

Nevertheless, to ensure due diligence, you’ll want to follow best practices, including asking your vendor pointed questions about their level of security before getting into a committed relationship.

Here are some key considerations to help you pick the right vendor and foolproof your CRM against security breaches and malicious attacks.

3 top considerations when picking a vendor

First, you’ll want to ensure your vendor provides only the best security guarantees. Some guidelines to inform your assessment of your vendor’s data center are as follows:

  1. First, check your Financial CRM vendor’s data center “tier rating”. The Uptime Institute is responsible for setting these standards, now embraced by over 1,000 data centers world-wide as a way of demonstrating data center security and disaster preparedness.

Tier IV certified centers are the best on offer and include proven safeguards such as 24/7 intrusion detection monitoring, certified third party penetration testing, daily backups and off-site server redundancy. By going with a cloud vendor, you can often acquire these enterprise-level security features, at a fraction of what they might cost to build and maintain in-house.

  1.   Look to see whether they are PCI compliant. These are same standards used to ensure safety of credit-card holder information at every step. While intended primarily for ecommerce, they also serve as a proof your vendor follows robust network security monitoring and encryption, so you can confidently access sensitive client information over the internet.
  2.   Check for other trusted quality certifications. For example, at Maximizer, we ensure ISO 9001 and 27001 certification. These serve as a proven way of demonstrating that the organization actively manages data security in alignment with international best practice, including the European Union’s recently enforced anti-spam data protection law – GDPR.

How to configure your CRM for foolproof security

Cloud CRM can serve as a convenient way to store your reams of paperwork and client information. For example, we provide our cloud customers 75 gigabytes of cloud storage part and parcel with their all-in-one subscription – providing space for tens of thousands of documents and records — accessible from any internet browser.

Still, just because your vendor stores your records in a world-class data center, including rock-solid backups and encryption, doesn’t mean you’re fully protected. As the old adage goes, “a fool with a tool is still a fool.”

In any organization, your security is only as strong as your weakest link; and often, that weak link is a naïve and or improperly trained staff member.

There are several CRM security best practices you’ll need to ensure are followed consistently by your crew. Also consider picking a financial CRM with multi-level security controls, to address concerns about employees viewing, editing or removing data they’re not supposed to.

These  multi-level controls should include…

  1.      Export privileges:  Client information exported from your CRM into an Excel sheet, could represent a serious security risk – especially if stored on an easily-stolen laptop or flash stick. Gating export privileges will ensure your client information never leaves your cloud CRM except under controlled circumstances.
  2.      Data capture field controls: Sometimes, a staff member needs to see client information, but you want to block changes. With data capture field control, you can specify particular read and edit privileges on individual data capture fields.
  3.      Role-based access privileges: Finally, and most importantly,  a CRM with role-based security privileges will enable you to specify access rights on individual records, features and modules. By setting up Super Users with full administrative rights, you can also delegate oversight to key individuals like your compliance officer.

The bottom line

As a financial services company, your client data security is your top priority. And by taking proactive steps, including choosing the right vendor and implementing proper configuration, you can enjoy all the advantages cloud CRM offers, while resting confident in the fact that your data is protected against accidental leaks, disasters or malicious attacks.