Developing a Social CRM Security Policy

By Barton Goldenberg

In previous posts, I outlined various security risks associated with Social CRM installations, all pointing to the importance of developing an appropriate Social CRM security policy. Since no one technology or process can provide total security, the aim is to develop a defense through an in-depth Social CRM security policy.

Securing a network can ensure the following goals:

• Confidentiality
• Integrity
• Availability

Start with established security principles and corporate security standards, and use these key guidelines for further development:

1. Appoint a high-level executive with organization-wide responsibility for developing and enforcing consistent security policies.
2. Ensure that security policies are holistically defined and enforced across the Social CRM environment. Organizations must hold specific individuals accountable for incidents as well as holding managers accountable for risk and budget decisions.
3. Make sure all lines of business are actively involved and support the Social CRM security strategy. Since line-of-business executives can influence Social CRM funding decisions in many organizations, not having their buy-in can reduce the effectiveness of corporate security investments.
4. Understand the links between Social CRM security and customer satisfaction. In many businesses, customer intimacy, loyalty, and satisfaction are imperative. Enforcing security policies that negatively impact the customer experience can be counterproductive.
5. Create a single focal point for security incident reporting.
6. Enforce good administration practices. Policies should be centralized, but allow flexibility to delegate certain administrative tasks based upon the needs of the business. All policies and procedures should be clearly outlined and consistently applied.
7. Ensure that data is backed up frequently. Create a contingency plan that covers all possible scenarios that would result in a loss of data and property.
8. Educate, educate, educate. Annual or semiannual security training for end users and administrators is a must.  Make sure administrators are up-to-date on current technology and best-practices.

The ability to deal with data security is critical to the future of Social CRM. While most organizations do not yet manage security well, a focused effort can lead to notable improvement.  This must include analyzing risks, setting a specific security budget, and, of course, creating effective policies.

See my next post for an actual case study of how organizations can use Social CRM for the benefit of their customers.

– – – – – – – — – – – – – –

Barton Goldenberg, is the founder and president of ISM Inc., customer-centric strategists/implementers serving best-in-class organizations globally. As a CRM leader for 30 years, he was among the first three inductees in the CRM Hall of Fame. Recognized as a leading “customer-focused” author, his latest book, The Definitive Guide to Social CRM, is hailed as the roadmap for Social CRM success. Barton is a popular speaker on “maximizing customer relationships to gain market insights, customers and profits”. He is a long-term columnist for CRM Magazine and speaker for CRMevolution and frequently quoted in the media.