Also never have group accounts; accounts need to be separate and established for each user, says SingleHop's Pace says. "This allows you to ensure accountability and makes it easy to isolate breached accounts."
And add VPN and IP range restrictions where applicable, he adds. "Many users only access CRMs from the work place and each of these users should have their access limited to VPN."
Get proactive with DLP
IT can prevent malware incidents by using Data Loss Prevention (DLP) at the endpoint level, says Roman Foeckl, CEO of CoSoSys.
"DLP technologies should be combined, meaning they should be used to protect data in motion, DLP for data at rest and DLP for data in use," he says. "Scanning data at rest is useful to proactively determine what endpoints are particularly vulnerable based on large amounts of CRM data residing on them."
Ditto mobile endpoints
Mobile endpoints -- smartphones and tablets -- also need to have an MDM solution in place since lots of CRM data and access credentials are saved on them, Foeckl added.
Ensure proper data backup and recovery solutions are in place
Jeff Erramouspe, CEO of Spanning, says that most of the Salesforce administrators the company has met are either doing nothing specific to protect their data, or at most use the Salesforce Weekly Export feature. "Automatic daily backups are needed to ensure IT-level business continuity in case the worst does happen," he says.
Sign up for CIO Asia eNewsletters.