Updated on: September 4, 2024
It’s hard for everyday people like me and you to remain on top of new cybersecurity threats and complex concepts while trying to protect our online privacy and digital rights without giving up the convenience of our favorite apps and technologies.
In this interview series by Safety Detectives, I talk to cybersecurity experts and thought leaders who share insights, actionable tips, and future predictions that will help you better understand what is really going on with your data and how you can protect your digital life more effectively without losing your sanity.
Today we looked at the current state of cybersecurity awareness in the CRM industry with Lars Helgeson, Founder of GreenRope, a CRM and marketing automation platform with over 3,000 users, author of the popular book CRM For Dummies, and co-founder of CoolerEmail, one of the very first email service providers.
What are the most overlooked cyber threats that you see affecting consumers in your industry? What makes threats particularly concerning?
I think one of the most overlooked – and shocking – is that businesses aren’t protecting sensitive data with multi-factor authentication (MFA). Any software that stores client data, particularly if it’s personally identifiable (PII) or health-related, absolutely must have MFA as a minimum. That includes your CRM, email marketing platform, support ticket software, or anything that stores customer data.
📈 According to Verizon’s 2023 Data Breach Investigations Report, compromised credentials were involved in almost half of the 4,250 non-error, non-misuse breaches analyzed.
One study found that MFA can stop 30% to 50% of such attacks
Sources:
https://www.uledger.io/post/ignoring-mfa-biggest-business-mistake
https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/
Whether it’s through laziness or ignorance, no business, non-profit, or government organization should use an application with access to customer data without MFA in place. Unfortunately, this is still a widespread issue, particularly with smaller businesses who believe in security through obscurity.
Burying your head in the sand works… until it doesn’t.
How do you help address these potential risks, and what else can users do to prevent them?
It’s as simple as making sure every place you store customer data has MFA in place. This is a choice made by the decision makers in a company, and not one to allow anyone in the business to convince you otherwise. The minor inconvenience of using a text message or authenticator app is insignificant to the cost of a data breach.
What are other crucial things people should STOP or START doing today to improve the safety of their data?
The first step is logging where your business is storing customer data. Many business leaders don’t have a single document that outlines where the company data is stored, and who has access to it. Whether your organization uses a shared drive on Microsoft, Google, or an external wiki, having a place to manage your data storage locations is important to make sure you have policies for each of them.
Training your team on responsible access, use, and sharing of that data is also important. Your team members, which could include employees, interns, or contractors, should all be aware of what is ok and what is not ok when it comes to gaining access to your critical company data.
Do you believe your industry is keeping up with the evolution of cyber threats, or are there gaps and misconceptions that need to be addressed ASAP?
Some businesses don’t realize how critical the data in their CRM really is. It’s easy to take it for granted until something happens. Whether it’s a simple breach, or more insidious like phishing your clients, the headache of a data loss can be overwhelming to a business.
According to IBM, the estimated average cost of a data breach was $4.45 million in 2023, a 15% increase over the previous three years.
Source: https://www.ibm.com/reports/data-breach
Given the frequency of data breaches these days, it’s vital for a business to assess and plan for as many loss scenarios as possible. You hope for the day to never come, but if it does, having a plan on how to deal with it is far superior than panicking or making bad decisions quickly.
In your opinion, what trends are shaping the future of cybersecurity in your industry? What role do you think emerging technologies will play?
Unfortunately, we are finding more and more breaches that are outside the control of the businesses that are trying to prevent them. SolarWinds, Microsoft, and CrowdStrike all have released software that has crippled the very businesses that have relied on them for protection. Even open-source software isn’t immune after the log4j exploit that came to light a couple of years ago.
I believe AI will continue to play a greater role, both in developing threats and in protecting against those threats.
How are you preparing for these changes?
At GreenRope Complete CRM, we have many ways for AI to assist our users in their sales, marketing, and customer service roles. We also enforce MFA, encrypt data at rest and in transit, and require manual approval for any data export. These are the first steps in securing data, and we invest in training our customers so they make the right decisions to protect their vital data.
If there was one key takeaway you wish our readers could bring home from our conversation, what would it be?
Evaluate all of the places your customer data is stored, and make sure you have MFA in place. There may be services your team is using where customer data is sent that you don’t know about.
Does your marketing team export your contact list to an email marketing service provider?
How is that data exported, transferred, and stored in that service?
Are you confident in their ability to safeguard your data?
How can our readers connect with you?
Website:
- https://www.greenrope.com
- https://www.completecrm.com
LinkedIn: https://www.linkedin.com/company/greenrope
X: https://x.com/greenrope