Risk Assessment
IVK: Customer Relationship Management
TA5: Risk Assessment
Contributors:
Jeremiah Clinchoc, Scott Sieber, Evan Fraundorfer, Jonathan Hanna, William D’Andrea
When buying, leasing, or subscribing to a new software offering, it is important for companies to do their homework. According to Gallaugher (2016), information security should start with an inventory-style auditing and risk assessment to identify specific business risks so that a company knows what the need to protect against, why they need to protect against it, and how it should be protected. Risk is inherent in all aspects of a business and companies can only hope to manage these risks. From an overall business standpoint, IT risks affect four key objectives (Westerman, 2014):
- Availability: Keeping business processes running, and recovering from failures within acceptable timeframes
- Access: Providing information to the right people while keeping it away from the wrong people
- Discussing IT risk does more than help you make better project decisions. It also helps you understand when it’s time to rework some of the mess your organization has accumulated over the years.
- Open lines of communication across departments
- Accuracy: Ensuring information is correct, timely, and complete
- Agility: Changing business processes with acceptable cost and speed
- Improving agility and accuracy typically requires cleaning up a spaghetti-like mess of systems and processes built up over decades. They can’t be fixed just by buying a new device or devising a new procedure.
These objectives are important to consider when analyzing the risks of leasing the Salesforce CRM software. This software provides IVK with the ability to give their customers the availability that they deserve. This software will give them real-time updates to maximize the customer's benefits. The access of the software is available for users on their smartphone’s which provides them a great benefit but also brings forth many risks. If the device that the software is on is not properly protected, anyone could get their hands on customer data. Losing one’s phone is a more common occurrence than any of us would like to admit. Therefore, it is imperative for users to apply security permissions to these devices. The accuracy of the information that is found in the Salesforce software is only as reliable as the users entering the data. This will always be a concern for software such as this. The leasing of this software provides the agility for IVK to change as the market changes. Salesforce has many apps that can be added or created to accomplish any need that a business may have.
IVK needs to be aware of potential privacy issues that come with utilizing a CRM system like SalesForce. The main purpose of these CRM systems is to collect consumer data, including personal and financial information. This type of information can be a potential bait for data harvesters and create serious security concerns. IVK needs to be aware of potential areas of vulnerability, as well as ensuring their coding is secure. One of the perils of poor programming is SQL injection. This type of security issue exploits weaknesses by changing the SQL to allow for removal of protected information. According to CIO’s “Databases Assaulted by SQL Injection Attacks,” Many Web applications do not validate the information in the forms, allowing an attacker to inject malicious SQL commands that are executed by the database (CIO, 2006). These forms could be directly connected to the CRM database. An attacker can use various tools to collect information from the database. Salesforce must implement security within their CRM from the start. This includes areas from installation, configuration, to the end-user. They need to be aware of these potential viruses, worms, and Trojans that may look to infect the system. SalesForce also needs to be aware of the potential risks that IVK's customers pose to themselves. Cybercriminals can utilize social engineering techniques to con individuals into providing inappropriate information or conduct phishing to bait the customer into releasing their own information. Unfortunately, all organizations are vulnerable to attack from multiple points of weakness, including users, the firm's infrastructure, its networking system, as well as various physical threats. If IVK were to suffer a security breach, it would certainly correlate to financial loss in customer acquisitions, declining stock price, and possible legal payouts. Admiral James Winnefeld in HBR’s “Defending Your Networks: Lessons from the Pentagon” suggests periodic random testing and inspections expose weaknesses in a company’s defensive systems that may be exposed in a security breach (Winnefeld, 2015).
With the rapid growth of technology that can mine even the smallest detail about a customer, IT professionals, marketers and policy-makers must be sensitive to these ethical issues. When Seth Godin published Permission Marketing in 1999, he established the basic groundwork for ethical CRM: Ask for permission and keep the relationship honest at all times. A relationship in Godin’s world means a two-way road of mutual respect and value, not a one-way ticket to exploitation. Retention of customers is based on trust developed through clear, consistent, nonintrusive and honest dialogue that meets expectations all around.
But permission marketing is hard work. It takes longer to acquire customers who have "raised their hand" and invited the company to communicate with them. But in the end, it’s worth doing. Not following this philosophy of business will only invite customer ire and more restrictive legislation. Ultimately, it all boils down to IT and marketing executives taking the high road by being the voice and conscience of their company and making sure that CRM is done the right way (Jourdier,2002).
When implementing any CRM system into a business plan, benefits and risks always have to be weighed. In this project, IVK is choosing to implement a Salesforce CRM system. There are both tangible (monetary and quantitative) and intangible benefits to implementing a CRM system. The intangible benefits of IVK implementing a CRM system are listed below for reference:
- Providing services and products that are exactly what your customers want
- Offering better customer service
- Cross-selling products more effectively
- Helping sales staff close deals faster
- Retaining existing customers and discovering new ones (Wailgum, 2017)
- Customer service agents can make more calls with transparent and reliable data from the CRM
- Identify what marketing campaigns and events work and ones that don’t work
- Business decision making improvement - targeting customer segments, price setting, and manufacturing/development changes
- Users can put more focus on the data rather than the entity that manages the data (Ledingham & Rigby, 2004)
When analyzing these benefits about the risks referenced in this paper, the benefits correlate and outweigh the risks. As mentioned at the beginning of the paper, IT risks affects four key objectives: availability, access, accuracy, and agility (Westerman, 2014). If you analyze the benefits mentioned above compared to these four key objectives that IT can affect, one can correlate each benefit with one of the objectives. For example, a benefit of implementing a CRM system is offering better customer service. Offering better customer service can be correlated with the objective of access; as the CRM system is implemented and grants more individuals access to better customer service, the company benefits positively. Each benefit of a CRM system can ultimately eliminate risk factors if the system is implemented and managed properly. Let me repeat, the CRM system needs to be implemented correctly and managed properly. If this does not occur, the risks involved in implementing a CRM system will outweigh the benefits and the CRM system will ultimately fail.
Privacy & security risks are also a hazard when implementing a CRM system. Though CRM systems house customer financial and personal information, if implemented and managed properly, the CRM system should give an organization more positive benefits than negative. In conclusion, risks will always be present when implementing any new system. To minimize these risks and allow the benefits of a CRM system to shine brightly. An organization must implement the system properly into their business plan, educate their employees on how to maximize benefits and eliminate risks with the system. This will manage the system strictly since a breach in the system can cause harm to customers and the organization itself.
References
Westerman, G. (2014, August 07). How to Have the IT Risk Conversation. Retrieved November 03, 2017, from https://hbr.org/2013/06/how-to-have-the-it-risk-conver
Jourdier, A. (2002, May 01). Privacy & Ethics: Is CRM Too Close for Comfort? Retrieved November 03, 2017, from https://www.cio.com/article/2440824/security-privacy/privacy---ethics--is-crm-too-close-for-comfort-.html
Gallaugher, J. (2016). Information systems: a manager’s guide to harnessing technology [5.0]. Retrieved November 05, 2017, from https://scholar.flatworldknowledge.com
CIO (2006, July 19). Databases Assaulted by SQL Injection Attacks. Retrieved November 06, 2017, from https://www.cio.com/article/2445445/security0/databases-assaulted-by-sql-injection-attacks.html
Winnefeld, J., Kirchhoff, C., & Upton, D. (2015, November 10). Defending Your Networks: Lessons from the Pentagon. Retrieved November 07, 2017, from https://hbr.org/webinar/2015/10/defending-your-networks-lessons-from-the-pentagon
Comments
Post a Comment