Be Careful Out There: Data Security Threats Are On the Rise

You may have read recently about Dyre, the latest piece of malware that is circling the internet and that monitors victims’ browser traffic in an effort to steal login credentials. Although there is no evidence that any Salesforce users have been affected by this malware, it is important to take threats like Dyre seriously and remain vigilant. And as with its internet bad guy predecessors ILOVEYOU and Heartbleed, Dyre can be easily thwarted by taking a couple of extra security measures.

Salesforce has always been among the best in the business when it comes to internet security, but perhaps the discovery of Dyre is a good opportunity to run through a few security best practices that we, along with Salesforce, recommend you review and implement.

Password Policies

We recommend rotating passwords and enforcing character minimums and complexity requirements. AIM users can make passwords more secure and harder to break by requiring users to define complex passwords, setting up password expirations, and implementing lockouts.

To set password policies, click:

Setup>Security Controls>Password Policies

To force users to reset their passwords, click:

Setup>Security Controls>Expire All Passwords

SMS Identity Confirmation

The ability to access your portfolio management software from anywhere is one of the major benefits of being on the platform. Risks are mitigated by requiring identity verification when users log in from a new location. This has historically been in the form of an email but a new SMS-based confirmation is currently being rolled out as the default option. You may be prompted to enter your mobile phone number when logging in. We recommend you do this.

Update Session Settings

We recommend you take these two steps under session settings:

  • Require secure sessions to protect messages in transit.
  • Decrease Session timeout thresholds to protect against unauthorized access when a session is idle.

To update your settings go here:

Setup>Security Controls>Session Settings

Identify a Primary Security Contact

Inform your users about the security policies and why they are important. Designate an administrator as the point of contact if anyone has questions or concerns. For example, if someone receives a verification request that they didn’t trigger, it will be important to have the internal feedback loop in place so that login history can be immediately reviewed for suspicious activity.

Login history can be reviewed here:

Setup>Manage Users>Login History

Use the Salesforce1 app

Salesforce’s mobile app, Salesforce1 provides an additional layer of security with 2-step verification. The app is available via the iTunes App Store or via Google Play for Android devices.

And finally, here are some unofficial, common-sense security best practices that we recommend that will benefit you throughout your digital life:

  • don’t open unexpected files from emails
  • never send login credentials through email or via text message
  • don’t use ancient and unsupported software
  • install updates from your OS and browser vendors
  • don’t insert USB drives you find on the sidewalk
  • don’t leave your computer unlocked in a coffee shop while you walk away to refill your latte
  • don’t give remote access to random people from Lagos who call and say they work for Microsoft
  • don’t ignore warnings from your browser

If you’d like to review your current security preferences or if you have questions, please contact Altvia support

A traditional crm was built for general ‘customer’ scenarios

Software platforms have made the world a better place by making work a better place. Indeed the world is better off when people enjoy their jobs even marginally more, and workplace applications on big CRM platforms like have done that and much more.

But the potential that platforms like these offer presents diminishing returns: once the platform provider has engineered too many industry specific components into its platform, its usefulness for other industries begins to be threatened, and with that so do the usefulness of the component tools built into the platform.

So it is with the CRM category that has defined: it is generic enough to work for many industries, and yet still offers the potential for others to round off the edges and nail more vertically-oriented and extremely tailored software solutions.

Private capital markets are actually a great demonstration of this dynamic. Where generic CRM platforms simplify — appropriately so — to assume there’s a business, a customer, a sale, and service of that customer, there are a few industry-specific pieces that are missing.

Take for example, that investors become customers by investing through legal entities the GP raises. It’s a subtle but important nuance that just doesn’t make sense at a platform-as-a-service level (because it’s overly complicated for a simple one-time sale that many industries require), but which can easily be added without 10 years or software engineering. Once provided, the rest of the platform’s components become tremendously powerful again and you’re set to take over the world.

As a traditional CRM in our pillars methodology, these nuances must be present to properly account for investors in these legal entities, potential target companies and which are owned by these entities, the context of all interactions with these parties (as well as the appropriate overlap, ie co-investments), and how you’re arriving at finding these opportunities on both sides of the equation, such that you’re able to piece together what’s effective and what’s not. Not just because we say so, but because these are the very relationships and data that are key to the motivation behind a CRM in any industry.

It’s critical, too, that the valuable publicly-available information that helps to enrich CRM systems and save users painful steps of entering it themselves is fully-integrated at the platform level.

Again, look no further than the 3,000+ pre-built integrations that — the creator of the CRM platform concept — has at a platform level to do so, and which only exists by way of holding just short of overly-specifying certain industry workflows that would present challenges to properly integrate.

Stakeholder reporting and communication (investor relations) draws on a range of datasets

The traditional “customer service” model of CRM systems once again makes overly-simplified assumptions about the customer relationship when applied to private capital markets.

In fifteen years I personally have yet to hear the terms “warranty” or “service call” in this market because it’s just not the same. But make no mistake, as uncomfortable as it may be to say aloud, customer service is more important now than ever and it’s constantly happening; the industry is, after all, considered to be a financial “service”.

As it turns out, that service is primarily information-based — it’s driven by data and takes the form of reports and analysis that drive decisions, and then end up again in investor-facing reports and analysis.

The foundational elements of a private capital markets CRM must be built such that they accommodate this data (like we discussed above), but so too that it can accommodate additional supporting data that investors (customers!) need in the context of service.

Oftentimes this supporting data — financial metrics and time-based values, for example — is believed not to meet the traditional definition of CRM and the natural thought is “well, better do this in Excel!”.

While I happen to believe Excel is still the greatest software application ever built, its introduction to this value chain we’ve discussed herein actually creates the problem many firms suffer from: key data needed to provide customer service (again: effectively the entirety of a firm’s reports and analysis) is now in disparate systems and detached.

Both of those dynamics are important and distinct: not only is this supplemental data disparate, but when brought together there is no logical association that can be made between the two data sets.

Allow me, then, to make the point very simply: not only can this financial and time-based value data (you may be thinking about is as “portfolio monitoring” or “accounting”) be a part of a CRM, it is arguably the most important part of a CRM because it’s at the core of what providing service to the customer entails — information that comes out of data!

Firms need a digital method to engage stakeholders (ie investor portals)

Investor portals are not new; in fact, for many of us — including myself — they conjure up horrifying nightmares in which we’re aimlessly guessing at folders to find the newest document we need.

So in lies the opportunity: not only have the portals we’ve come to hate not simplified the process of acquiring information, they’ve failed to create an entirely new experience that is “customer service” driven.

To be fair, this is not a B2C market where you’d be long out of business for not having focused on customer service and thus the customer’s technology-driven experience. But don’t expect to be around too much longer if you aren’t thinking about this shift.

Today’s institutional investors increasingly expect this same consumer-like experience, and a massive opportunity is being missed by not providing it. It’s not about providing them the experience they desire; it’s more about the ability to measure engagement that is had in return.

Put simply: what’s keeping the market from providing this experience is the availability of the information that’s required to create the service that provides the experience.

If you’ve hung in this long, you know that by focusing on your CRM, you have the data that’s required to manage the customer relationship and the technology-driven experience through which that information is shared to create a differentiated and opportunistic customer experience.

investor relations