How to stop someone stealing your customer database
One of the sales team is planning on leaving, and they have access to your entire customer database. How worried should you be? How can you stop someone stealing your data? Would you even know if it had been stolen?
To quote from Peppers and Rogers “The only value that your company will ever create is the value that comes from your customers – the ones you have now and the ones you will have in the future.” All of which might lead you to expect that customer data would be protected like any other company asset. Locked in a safe, or protected in a banks vault. Indeed the law requires that data you hold be stored securely. So could someone steal your customer database?
In reality there is no such thing as a secure computer system, just degrees of insecurity. The highest levels of computer hardware security (TEMPEST) can still be undermined by lax operators. Multi level passwords and encryption will not protect data extracted into Excel for analysis.
The sensible approach to managing the risks associated with data is to define standards and monitor for compliance.
Standards for data security.
If you were to take as a guide the key principals of the Data Protection Act these provide an excellent starting point.
- Data shall be processed fairly and lawfully
- Data shall be obtained only for one or more specified and lawful purposes.
- Data shall be adequate, relevant and not excessive.
- Data shall be accurate and, where necessary, kept up to date.
- Data shall not be kept for longer than is necessary.
- Data shall be processed in accordance with the rights of data subjects under this Act.
- Data shall be protected against accidental loss
- Data shall not be transferred to a country or territory outside the European Economic Area
When these principals are applied to the structure and security of a customer database they often produce working practices that secure the data. For example – if sales people are only responsible for customer acquisition, then they may lose access when prospects convert. Conversely if sales people are required to undertake account development tasks then they may see only a restricted list of customers.
The guiding principles of only obtaining, storing and processing data for a specified purpose are important. Whilst many will segment customers by industry, it may be more applicable to describe them in terms specific to your organisation. This ensures that users are focused on your USP and relationship to the client. It also reduces the value of the data to an external organisation.
Protection against accidental or malicious loss is the final layer of security and covers such subjects as back up policy and hardware.
Monitoring for compliance
Having developed the standards for data security, and communicated them to the users, it is important that you monitor for compliance. At the simplest level this might involve ceding your database with dummy contacts. Anyone targeting one of these contacts would trigger an alert that lets you know your customer data is compromised. It is also possible to develop enhanced monitoring within some CRM platforms that inform an administrator if records are exported.
If you have correctly defined your standards then it will be possible to implement data checking and verification routines that remove data that is not being processed. So contacts that are not being engaged by the salesperson are removed and passed back to marketing.
With any form or monitoring of data usage it is important that you balance the risks against the rewards. If you are concerned that someone might steal your customer data, perhaps it is worth asking “why?”. If your monitoring is too invasive, or the standards unreasonable then you are potentially encouraging users to build parallel data structures - even though this may be in contravention of your policy.
Summary
If one of your reasons for not investing in a CRM solution is fear of making it easier for users to steal all of your customer data, don't delay. Implement CRM today. Your users already have the data. It’d on their mobile phones, in emails, or in notebooks. In fact the only person who doesn’t have the data is you.
If on the other hand you already have a CRM system, and you are worried that someone may steal your data, then these tips will go some way to securing and protecting an important asset.
Paul Pitman is a Solutions Architect at Collier Pickard.
