Brand damage and lost of trust from customers are consequences of security breaches. I'm not saying don't have a CRM, but I am saying don't complain when the customer data in your CRM leaks and customers complain. LastPass has had several such breaches over the years, and I think people are right to say that the company has a reputation of poor security hygiene.

By all means, have a CRM. But consider that it probably doesn't need to be as broadly accessible as you think it does, and consider that the people with access to it probably need to be held to a higher standard.