alt Hacker NewsWhat's the solution? Don't have a CRM and store stuff about customers under lock and key? Don't give access to the CRM to any employees? More security training about clicking shady links?
I don't get how you think some other competitor would be better suited against this threat. The right solution is to mitigate the damage. CRM has minimum available stuff, like names, addresses, etc. Don't keep stuff like payment information, passwords, etc in that place as that's the vulnerable system. It seems like that's what LP does and probably every other company in this space does.
Again, it's entirely reasonable to have an off the shelf CRM, pretty broad access to it. You try to prevent phishing email or phone scams (assuming this is what it was) but you have 800 employees, its bound to happen.
Replies
Brand damage and lost of trust from customers are consequences of security breaches. I'm not saying don't have a CRM, but I am saying don't complain when the customer data in your CRM leaks and customers complain. LastPass has had several such breaches over the years, and I think people are right to say that the company has a reputation of poor security hygiene.
By all means, have a CRM. But consider that it probably doesn't need to be as broadly accessible as you think it does, and consider that the people with access to it probably need to be held to a higher standard.
> What's the solution?
Use any of the other password managers that don't have the poor security history that LP do.