GUARDING CUSTOMER SECRETS: ESSENTIAL DATA PRIVACY AND SECURITY STRATEGIES FOR CRM AND ERP SYSTEMS
Keywords:
Data Protection, PII (Personally Identifiable Information), CRM (Customer Relationship Management), ERP (Enterprise Resource Planning), Compliance, Encryption, Access ControlAbstract
Personal information safety in the contexts of CRM and ERP has to be preserved due to the high levels of PII involved. Such systems are considered vulnerable to cyber threats, and due to improper data protection measures, there may be dire consequences, including identity theft, monetary loss, and severe reputational risks. Data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), show how companies are even enhancing data security practices. This paper aims to establish course recommendations for CRM and ERP systems data protection and privacy and security mechanisms to safeguard customers’ data. The measures described here are access controls, use of encryption, collection of data minimization, training for the employees, incident handling and response plan, and compliance risk assessment. Tools like RBAC, MFA, and AES-256 are emphasized here as excellent means to limit access and data leakage and improve compliance. The paper also focuses on the importance of frequent checks and internal and external audits to detect possible security issues. Using various benchmarks from the industry and current legal guidelines, this research offers a roadmap to organizations for improving their data security and addressing the issues linked with compromised PII. With these practices, organizations should be able to meet the legal requirements on data protection while simultaneously creating consciousness of their side in handling customer information to retain competitive advantage.
References
Adams, J. (2016). The importance of vendor management in data protection. Journal of Cybersecurity Management, 12(2), 145-157.
Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident response teams—Challenges in supporting the organizational security function. Computers & Security, 31(5), 643-652.
Barka, E., & Sandhu, R. (2019). A role-based access control for distributed data sharing. Computers & Security, 10(2), 100–112.
Barker, K., & Smith, L. (2018). Assessing third-party risks: Strategies for secure partnerships. Information Security Journal: A Global Perspective, 27(1), 25-34.
Bodeau, D. J., & Graubart, R. D. (2011). Cyber resilience: enabling mission assurance. MITRE Technical Paper.
Cate, F. H. (2014). The failure of fair information practice principles. Consumer Protection in the Age of the "Information Economy", 55-74.
Cavoukian, A. (2010). Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada.
Clarke, R. (2014). Information technology and dataveillance. Communications of the ACM, 31(5), 498-512.
Dasgupta, M., Ghose, S., & Upadhyay, D. (2020). Enhancing cyber threat intelligence through phishing simulations. Information Security Journal: A Global Perspective, 29(2), 63-71.
El Emam, K. (2013). Guide to the De-Identification of Personal Health Information. CRC Press.
Ferraiolo, D., Kuhn, D. R., & Sandhu, R. (2017). The NIST model for role-based access control: Towards a unified standard. ACM Transactions on Information and System Security (TISSEC), 4(2), 224-274.
Gellman, R. (2015). The Law of Privacy and Data Protection in the Digital Age. Cambridge, MA: MIT Press.
Gill, A. (2018). Developing a real-time electronic funds transfer system for credit unions. International Journal of Advanced Research in Engineering and Technology (IJARET), 9(1), 162-184. Retrieved from https://iaeme.com/Home/issue/IJARET?Volume=9&Issue=1
Gupta, A., Reddy, R., & Wei, J. (2018). "Proactive Patch Management and Automated Tools for Enhanced Cybersecurity." Journal of Information Security Management, 15(2), 120-135.
Hoofnagle, C. J. (2016). Federal Trade Commission Privacy Law and Policy. Cambridge, UK: Cambridge University Press.
Hu, V. C., Ferraiolo, D., & Kuhn, D. R. (2017). Assessment of Security Frameworks in Data Protection. Cybersecurity Review, 13(3), 123-139.
Jang, S., & Kim, Y. (2019). "Challenges in Patch Management: A Case Study on Security and Usability." International Journal of Network Management, 29(3), e2061.
Johnson, M. (2017). Vendor risk management for data privacy and security. Data Protection Quarterly, 34(4), 201-214.
Johnson, M. (2018). Intrusion Detection Systems: Fundamentals and Best Practices. New York: Cybersecurity Press.
Kaya, T., & Koç, Y. (2019). A survey of security vulnerabilities in online and mobile banking: Security risks, current protections, and future directions. Journal of Information Security and Applications, 44, 39-50.
Killcrece, G., Kossakowski, K., Ruefle, R., & Zajicek, M. (2003). Incident Management for Small and Medium-Sized Organizations. Carnegie Mellon University Software Engineering Institute.
Lee, J., Kim, S., & Park, H. (2017). Advances in Network Security: Intrusion Detection and Response Systems. Journal of Information Security, 10(3), 134-145.
Li, N., Li, T., & Venkatasubramanian, S. (2007). t-Closeness: Privacy beyond k-anonymity and l-diversity. IEEE 23rd International Conference on Data Engineering, 106-115.
Moore, A., Smith, T., & Jones, D. (2019). Data Loss Prevention Strategies in the Age of Cloud Computing. International Journal of Data Security, 15(2), 203-217.
Narayanan, A., & Shmatikov, V. (2010). Myths and fallacies of "Personally Identifiable Information." Communications of the ACM, 53(6), 24-26.
Nyati, S. (2018). Revolutionizing LTL carrier operations: A comprehensive analysis of an algorithm-driven pickup and delivery
dispatching solution. International Journal of Science and Research (IJSR), 7(2), 1659-1666. https://www.ijsr.net/getabstract.php?paperid=SR24203183637
Nyati, S. (2018). Transforming telematics in fleet management: Innovations in asset tracking, efficiency, and communication. International Journal of Science and Research (IJSR), 7(10), 1804-1810. https://www.ijsr.net/getabstract.php?paperid=SR24203184230
Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review, 57, 1701-1777.
Patel, S. (2019). Transport Layer Security: Evolving Standards for Data Protection in Network Communications. Journal of Information Security, 8(2), 101-116.
Rocher, L., Hendrickx, J. M., & de Montjoye, Y. A. (2019). Estimating the success of re-identifications in incomplete datasets using generative models. Nature Communications, 10(1), 1-9.
Rodriguez, M., & Thompson, D. (2020). Navigating encryption standards for data protection. Journal of Information Security and Applications, 48, 102–115.
Role-based access control: History and future directions. Journal of Computer Security, 27(6), 857-875.
Schwartz, P. M., & Solove, D. J. (2011). Privacy and Data Protection Law: A Comparative Analysis. Berkeley, CA: University of California Press.
Shah, S., & Mehtre, B. M. (2015). Securing Web APIs: Challenges and Solutions. International Journal of Information Security Science, 4(3), 129-142.
Solove, D. J. (2013). Privacy law fundamentals. International Association of Privacy Professionals.
Van Der Stock, A., & Johnson, L. (2017). "Automating Software Patching to Reduce Cybersecurity Risks." Computers & Security, 68, 45-58.
Voigt, P., & Bussche, A. V. D. (2017). The EU General Data Protection Regulation (GDPR): A Practical Guide. Springer International Publishing.
Walker, T., & Lewis, H. (2020). Encryption and system performance: A delicate balance. International Journal of Computer Security, 12(4), 299-312.
Warren, S., & Brandeis, L. (2017). The Right to Privacy Revisited: Implications for Modern Information Practices. New York, NY: Routledge.
Watson, K., & Zhang, L. (2017). Key management for data encryption: Challenges and strategies. Journal of Cryptographic Engineering, 7(1), 23-34.
West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece, G., Ruefle, R., & Zajicek, M. (2003). Handbook for Computer Security Incident Response Teams (CSIRTs). Carnegie Mellon University Software Engineering Institute.
Williams, J. (2018). Understanding data at rest and in transit: Security challenges in data encryption. Information Security Journal: A Global Perspective, 27(2), 89-102.
Zhang, X., & Joshi, J. B. D. (2017). Access Control Models for Web Services Security: Current Developments and Future Directions. ACM Computing Surveys, 39(1), 1-36.
Downloads
Published
Issue
Section
License
Copyright (c) 2020 Gnana Teja Reddy Nelavoy Rajendra (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
