I’ve seen a lot of CRM projects and – based on my experience – there’s one thing that 90% of clients don’t bother with: a well-thought-out security model. I’m not talking about good passwords. I’m talking about a tendency for making everyone a system admin, instead of deciding which sections, records and fields each user should have access to.
Sometimes the client isn’t concerned about security, other times they decide to go live and figure it out on the fly. Either way, the result is a small number of CRM systems taking advantage of a set of features that improves usability, efficiency and obviously, security.
Surprisingly, the biggest reason to invest some time into your security model isn’t even security related. A good security model improves the user experience and boosts adoption. It does this through security roles – sets of permissions customized for each type of user – which hide unnecessary items such as dashboards, types of records and even whole sections of the system from certain users.
This means your customer service reps don’t have screens cluttered with information only marketing cares about.
When it comes to security, you may trust your users, but there are still plenty of reasons not to make everybody a system administrator and hope for the best.
For example, if you’ve got a list of leads it is much more efficient to give a manager access to all leads while restricting your sales reps to viewing only the leads they own. This isn’t because you can’t trust your reps. It’s because it’s much easier to build an internal workflow when the manager knows he needs to perform his task – assigning leads – before any work can get done.
Finally, there are the security concerns. (Is it weird this is the last point in an article about security?) Ensuring that users have enough access to function, while limiting their ability to disrupt the system or other users, should be the goal.
You can handle this by adjusting the permissions given to each user. This means you can give sales reps the ability to create and modify leads, accounts and customers, but make deleting those same records a manager's privilege.
All of this takes time, but if you spend the time to think it out, you’ll be better positioned to grow your CRM and you’ll make the day to day lives of your users better.