AlphaCRM and user security

AlphaCRM has always been designed as a platform for running your business your way. We’ve been reviewing the ways that people try to get into your business to stop you.

A simple way to reduce risks is to require passwords of a given strength and restrict their lifespan. Using AlphaCRM you can define the lifespan of a password and whether passwords can be reused. We also guide a user about strength setting their own password and can issue default passwords to an agreed strength.

Another quite non-invasive defence is to use our built-in whitelisted/blacklist of IP addresses for users to connect from. Each user can have their own whitelists and they are invited by email to confirm the first time they try to connect from a new address.

Moving on to two-factor authentication, you can also require log-in to have a code which is emailed to the user. This is slightly more invasive than whitelisted IP addresses, but is a recognised and accepted workflow.

That’s enough about protection alongside users who are intended to have access. We also have measures in place to protect from ‘hacking’ and these help defend against the most common approaches such as ‘SQL injection’, ‘Postman/API hacks’ and the use of automated browsers.

Not only do the measures above help you to defend your business data, but also provide you with real-time notice that an attack is being carried out. This allows you to take action immediately and to be confident of meeting GDPR requirements around reporting.

If you would like to talk to us about what we’ve outlined above or to get more technical details, please get in touch.