8 Common Salesforce Security Mistakes That Put You at Risk
The security measures we put in place and the daily habits of our team members can either be our greatest asset or a vulnerability.
Picture your Salesforce instance as a large building with multiple doors. Cybercriminals are going to try each one of those doors until they find one unwittingly left unlocked.
Constant attention is essential to maintaining a successful security structure for your Salesforce system. The choices, habits, and customizations made by users have the potential to create security vulnerabilities that can wreak havoc on your system.
Salesforce—as a platform—is secure. However, this becomes compromised as users personalize their Salesforce instance to best fit their needs.
Being aware of your potential for creating security risks is the first step toward guarding against this possibility.
Here are 8 common Salesforce security mistakes that put your system at risk:
1. Improperly Secured Access Points
The first area of consideration needs to be the various access points of your Salesforce system. This is the simplest area for a cybercriminal to attack and gain entry.
A major part of this is communicating the importance of complicated, non-repeating passwords to all your team members.
This tool will give you a quick report on how secure your password actually is.
Access points can be secured in multiple ways beyond strong passwords. Updating user permissions and eliminating unused applications will also assist to make your external barriers more successful.
2. Accessing System on Unsecured Devices
Company-issued devices give the business a greater degree of control over how their system is accessed. This also translates into the overall integrity of the system’s security infrastructure.
There are inherent risks to team members using personal devices to access company systems:
- Personal devices tend to have lower security standards
- System data goes with the employee should they depart the company
- Data has a higher potential for becoming corrupted due to browsing habits
Issuing company devices might come with a higher upfront cost but the benefits can outweigh this investment. IBM reports that the average cost of a data breach last year was $3.86 million.
3. Inadequate Permissions Settings
Salesforce allows you to manually adjust permission sets based on role or individual accounts. These permissions should be updated to reflect the current needs of your company.
Improper permissions settings have the potential to overexpose your data, making it more susceptible to a cyberattack.
Many view permission settings as guarding your system from team members. And while this is an aspect of the need for proper permissions, it goes beyond this.
A single team member’s account can become compromised. The breach can spread to every area this team member has permission to access. Maintaining updated permission settings to dictate each team member’s Salesforce access can prevent a widespread breach by minimizing exposure.
4. Not Tracking User Habits
These permission settings apply to more than our current team members. Former employees are still able to access your Salesforce instance if your company fails to change their permissions settings.
We’d like to simply trust our team members—past and present—but that shouldn’t be the case.
Your Salesforce system information is attractive to both your competitors as well as hackers.
Analyzing unusual report activity and updating user permissions will provide insight into who is accessing your system data and why. Failure to provide this oversight can create an atmosphere able to be exploited by those with bad intentions.
5. Coding Issues
Developing new updates and applications on the Salesforce platform opens the possibilities for your company. However, improperly-structured code has the potential to create data security risks.
Constant attention to code quality and operational integrations is essential to maintaining the integrity of your developments.
Continuous integration and continuous delivery (CI/CD) provide the ability to automate security checks throughout the development pipeline.
Paying attention to security issues throughout the development process greatly reduces the chances that security vulnerabilities will exist when it comes time to launch the new services.
6. No Barriers Between Third-Party Applications and Your System
It’s very common for businesses to integrate third-party vendors to address various needs. However, these vendors can also pose unique security risks to your system if they don’t work to properly protect themselves.
For instance, Kroger recently experienced a breach of their pharmacy customers’ information when a third-party vendor experienced a data breach of their own. The hackers used the vulnerability in the vendor to gain access to Kroger’s system.
This can be addressed by segregating various aspects of your Salesforce system.
Placing barriers between these areas will stop hackers from accessing all your data if they are able to get into a singular location.
7. Infrequent Backups
Data loss events happen for a wide variety of reasons. You can work to reduce the likelihood of experiencing a data disaster, but the possibility will always exist.
Losing your Salesforce data can create massive headaches for your customers or clients. It can also eliminate your ability to operate normally and provide services.
Complete and contemporary backups of your Salesforce data—and the ability to quickly restore this data—are the only way to prepare for such an event.
Backups can be automated and scheduled to backup your necessary system data so you always have a reliable safety net should a data disaster occur.
8. Moving Too Fast
Business moves quickly. Timely updates are essential to competing in the current market. This can lead developers and system administrators to rush through their duties and potentially neglect an essential security consideration.
Devote an adequate amount of time to each security consideration so you can be sure nothing falls through the cracks.
The majority of security issues are the result of a simple mistake. This means that these issues are entirely preventable with the right amount of time and attention paid to important aspects of your Salesforce system.