CRM - August 2008 - (Page 16)

CRM TRENDS AND NEWS ANALYSIS Maximum Security You’re nothing without your data—so what are you doing to protect it? hey say there’s safety in numbers—but, increasingly, it’s the numbers (and other customer data) that need safekeeping. Infusionsoft, for example, a provider of marketing automation solutions, announced in June that its Web-based service has met the data security standard from the Payment Card Industry (PCI) Security Standards Council. Marc Chesley, the company’s vice president of development and technology, recalls that the attitude toward online transactions started shifting three to five years ago, when online banking became more reliable in the public’s eyes. For Infusionsoft, the mission to be PCI-compliant started more recently, about 18 months ago: Planning took six months, and then a full year was spent completing the 12-step process. Chesley says that his company’s efforts are part of a trend—soon, he says, “every company will be required to be certified to retain [its] merchant retail status.” Data security can’t be taken lightly. “When you recognize something as an asset, you do whatever it takes to protect 16 T it,” says Thomas Redman, president of Navesink Consulting Group and author of Data Driven (Harvard Business Press, September 2008), a book about data quality as a strategic advantage. Many organizations, however, find that to be much easier said than done. Ask any individual whether security is important, Redman says, and you’ll most certainly receive a chorus of consensus, but that unanimity often fails to extend to the organization. The responsibility gets juggled between the technology department and the executives— and then pushed to the back burner. Still, the responsibility for data security is typically a technological issue. Infusionsoft, which characterizes itself as “stubbornly small business,” understands that, for the most part, security certification is simply not feasible on a small company’s budget. Even when small businesses know security should be in place, “they don’t know where to spend the money,” Chesley says. “They just find an IT guy down the street.” As the software provider, Infusionsoft’s compliance extends to its customers—without any increase in cost. (The company says it’s also working on becoming compliant with both Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, two particularly rigorous federal regulations.) For companies that haven’t yet started on the path to PCI compliance, Chesley suggests that they start soon. The initial costs will invariably be less than the potential cost of a security breach, which can result in extravagant regulatory penalties—and catastrophic damage to customer retention. Nevertheless, while the technology team can put up firewalls or set up passwords, the battle is only half-won if there aren’t any corporate policies or regulations in place. Redman notes that security breaches making national news often aren’t caused by “some grand tech screw-up.” Rather, it was because of A PAIR OF NON-TECH-SAVVY SECURITY BREACHES February 2005: Atlanta-based data aggregation company ChoicePoint reports that criminals masquerading as business officials have obtained the personal information of more than 163,000 consumers. Penalty: $10 million in civil penalties, $10 million to settle a class-action lawsuit, $5 million for consumer redress, and stronger security policies and measures (www.privacyatchoicepoint.com). May 2006: Two teenagers are arrested for stealing a laptop from the home of a U.S. Department of Veterans Affairs employee. The computer contains names, Social Security numbers, dates of birth, and in many cases phone numbers and addresses of an estimated 28.6 million veterans. The computer is later recovered and it’s determined that no data has been taken. Penalty: Implemented a service to conduct security breach analysis to detect misuse. Class-action lawsuits have been filed. Source: Privacy Rights Clearinghouse CUSTOMER RELATIONSHIP MANAGEMENT | AUGUST 2008 www.destinationCRM.com http://www.privacyatchoicepoint.com http://www.destinationCRM.com

Table of Contents Feed for the Digital Edition of CRM - August 2008

CRM - August 2008 Contents Front Office Feedback Reality Check Customer Centricity The Tipping Point Maximum Security A Code Win Doesn’t Blow Forming the Platform CRM on Twitter CRM Class Is in Session Making CRM Mandatory for University Administration Required Reading Cover Story: Calling it Quits Wouldja Look at That? 8 Enterprise Strategies That Stick CRM Searches for Search All Lines Are Not Busy UC: As Easy as A-B-C Even Contact Centers Have Room for Improvement Money Lying Around? Secret of My Success Re:Tooling Scouting Report Pint of View

CRM - August 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.