Safeguarding Access to Microsoft Dynamics CRM 2011 Online

  • What if your CRM account was suddenly locked out without a way to re-set it?
  • What if someone sold your customer list to a competitor– or to a spammer? How would that affect your relationship with those customers?
  • What if someone started changing prices on quotes, orders, or invoices?  What if it looked like you were the person making these malicious changes?

 Almost weekly we hear stories of data security breaches and the growing number of parties (amateur, criminal, and state-sponsored) interested in accessing as much information as possible. It is critical to take a few steps to ensure your own (and your users’) security within all your online accounts, especially Microsoft Dynamics CRM.

Microsoft Dynamics CRM 2011 is built on a strong and secure platform and there are extensive safeguards in place to ensure your data security. However, the best security is only as good as its weakest link – and not surprisingly, as users, we are the weakest link.

There are, fortunately, some relatively simple behaviors every CRM user should follow to ensure they aren’t the weakest link.

 

CRM Online Account Recovery Protection


If you’re using CRM Online – Login to live.com immediately and ensure that your proof's are up-to-date.

To get started with adding account security info, follow these steps:

  1. Sign in to https://Live.com using your CRM Online email address and password then select ‘Account’ from the menu under your name.image
  2. On your account page, under Account security, select the "Manage" link next to the Security info section.
    image

These settings allow you verify yourself if you need to reset your password. For instance if you forget it – or if someone tries guessing it until your account gets locked.

Ensure that your phone number and alternate email addresses are up-to-date. This will allow you to verify your identity if your password is lost or if your account gets locked out.

 

Change your password (now).

Make your password weird and unique to CRM – and change it now.
If you’re using CRM Online and Windows Live IDs, you can log in to Live.com and change your password here: https://account.live.com/ChangePassword.aspx

If you’re logging into CRM using any other password mechanism, IFD or ADFS, the instructions to change your password will vary; drop everything and change your password now.

Sign in to https://Live.com using your CRM Online email address and password then click https://account.live.com/ChangePassword.aspx to change your password.

 

Strong Passwords:

It’s a common enough knowledge that your password should be ‘strong’ – but most users don’t really think about what that means. – Take a moment and check the strength of your current CRM password here: https://www.microsoft.com/security/pc-security/password-checker.aspx

NASA provided a series of password best practices:

  • It should contain at least eight characters
  • It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as [email protected]#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.
  • It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.

 

Unique Passwords:

Make your CRM password UNIQUE to CRM – and not a combination of your ‘common’ password with the letters ”CRM” tacked on the end. – Don’t use the same password you use for Facebook, Twitter, LinkedIn etc. for CRM (or anything else you want protected).

Research showed that 75% of internet users used the same password for social networking sites as they did for their email. That puts those users at highly vulnerable position. – If the password you used for LinkedIn was used in any other site, assume that a hacker has that password already and an automated script will eventually test your email address and password combination against various banks, eBay, PayPal, Facebook, Twitter, etc. – It’s not IF, it’s WHEN. Change those passwords and NEVER re-use them – those passwords are permanently compromised.

There are tools such as https://lastpass.com/ , http://www.roboform.com/ or the open source  http://keepass.info/ that can help you manage your passwords – but even these tools could become a security risk if the password used to encrypt the local password database was weak or compromised.

Conclusion:

Discussions about online security too often sound a lot like “tinfoil hat” conspiracy theories, but as the monetary value of the data we keep online grows, so does the incentives for others to reach in and take what isn’t theirs.

Take the time to ensure your account isn’t the weakest link in your organization. You wont regret it.

“Only the Paranoid Survive.”  - Andy Grove

Post by: Scott Sewell, Customer Effective

2 thoughts on “Safeguarding Access to Microsoft Dynamics CRM 2011 Online”

  1. Windows Live Id doesn't really suit the purpose of CRM access control. For instance, right now we are trying to create about 20 Live Id's for a customer organisation. Attempting this behind a firewall means that you can only create a couple of Live Id's a day! (due to the Live Id restriction.) And Live Id support by Microsoft plain sucks (it's a consumer product after all).

Comments are closed.

Show Buttons
Hide Buttons