Data security is no laughing matter, but you don’t need to have a room like this one to keep your org protected.
Salesforce provides powerful out-of-the-box tools you can use to spruce up security without breaking the bank. There’s a reason it’s the #1 CRM across industries from consumer goods to government - there’s something for everyone when it comes to protecting your data.
Data Security, Designed In
It’s important to note that Salesforce is an incredibly secure solution to begin with. Its stringent security policies are backed up by certifications hailing from every industry.
This powerful platform designs security into its products from the get-go, and stays transparent by providing live incident updates at trust.salesforce.com. Keep this in mind - it will be important when we get to Step #4!
Without further ado, let’s dive into 6 easy ways you can make your Salesforce org more secure.
You Might Also Like: 5 Security and Compliance Benefits of Salesforce Document Automation
#1: Start With A Salesforce Health Check
If you’re looking for quick wins, using Salesforce’s native Health Check is a no-brainer. This great feature shows you how your org stacks up against Salesforce’s Security Baseline Standard, and provides you with instructions on how to remedy any issues that it finds.
You can even upload your own security baseline standard and run periodic checks against that as well. Keep in mind, though, that Salesforce has had 20 years to develop theirs - and it’s always being updated!
To run a health check on your org, head over to Setup > Security > Health Check.
#2: Implement Multi-Factor Authentication (Formerly Two-Factor Authentication)
Multi-Factor Authentication (MFA) is a way to validate who is logging into your org by requiring two separate pieces of evidence, such as a password and email code. In February 2022, Salesforce will begin requiring customers to use MFA to access Salesforce products - so get in on it now!
To enable Multi-Factor Authentication, simply create a new permission set with the Multi-Factor Authentication for User Interface Logins permission and assign it to your users.
Quick Tip: Tell your users to download the Salesforce Authenticator App on their mobile devices. That way, employees can approve their logins with a single tap instead of entering a code.
Use Multi-Factor Authentication For Reports
When proprietary data is condensed into one single place (a report), it’s even easier for unauthorized users to take advantage of it. You can enable MFA for report access to tighten up security even more.
To do so, navigate to Setup > Feature Settings > Analytics > Reports & Dashboards > Access Policies, and select High assurance session required.
Then, navigate to Setup > Security > Session Settings, and ensure that Multi-Factor Authentication is added to the High Assurance box.
You Might Also Like: How To Increase Salesforce User Adoption
#3: Set Up Trusted IP Ranges
Employees are now logging into Salesforce from more locations than ever before, and this can create vulnerabilities. To remedy this, you can set up Trusted IP Ranges that tell Salesforce which login locations are normal, and which ones are suspicious. For example, you can tell Salesforce to trust your company’s office IP address and other select locations where employees are working - and to challenge users logging in from any other addresses.
To increase your Salesforce security with trusted IP ranges, navigate to Setup > Security > Network Access, and set a custom range of trusted addresses.
Profile-Based Trusted IP Addresses & Login Hours
If you don’t want trusted IP ranges to apply to your entire org, you can modify them based on user profiles. For example, let’s say you only want support users to log in from your company network, and only between the hours of 8AM and 6PM on Monday through Friday.
That’s easy! Just head over to Setup > Users > Profiles, select your Support profile, and set your IP ranges and login hours there.
When you start browsing the AppExchange in search of new Salesforce functionality, it can be challenging to find solutions that comply with your data security policy.
Native Salesforce apps like S-Docs can help you out here. Remember when we established the incredible security of the Salesforce platform at the beginning of this article? Native apps are built directly on that platform.
You Might Also Like: [Datasheet] Native Salesforce App Architecture and Benefits
That means that they never send your data outside of Salesforce. There’s no API calls to worry about, no third-party web servers to authorize, and no compliance concerns. If you trust Salesforce (which, if you’ve invested in the platform, we’re assuming you do), then you can trust native apps to handle your data just as securely.
How Do I Know If A Salesforce App Is Native?
Salesforce provides a Native App tag that you can filter by on the AppExchange to quickly find native apps in the category that you’re searching in. However, you can’t always trust this tag since it’s self-reported.
The best way to tell if an AppExchange app is native is to initiate the download process. If you’re asked to authorize third-party site access, then that app isn’t native.
#5: Use Clickjack Protection
Clickjacking is the process by which users are tricked into clicking on legitimate-looking links that actually perform malicious actions - such as modifying your Salesforce data without your consent.
While Salesforce protects against clickjacking out-of-the-box, you can bump up these protections in Setup > Security > Session Settings by ensuring all checkboxes under the Clickjack Protection section are checked.
You Might Also Like: How to Evaluate The Security of AppExchange Apps
#6: Use Strong Password Policies
Our last quick Salesforce data security quick win is to spruce up your password policies. While you don’t want to make your password requirements too strict (if users have to create new passwords every few days, they won’t be happy), you can still up your security game with small changes.
Here are some optimal settings (which you can configure in Setup > Security > Password Policies):
Password Length: 15 characters (Salesforce’s default is 8)
Password Complexity: Must include alpha, numeric, and special characters
Password Expiration: 90 days
Password question requirement: Cannot contain password (if users set the answer to their security question as their password, anybody could gain access to their account)
If you’ve followed this guide, passwords should be additionally backed up with MFA - meaning that these settings will significantly reduce the chances of breached accounts.
6 Easy Ways to Make Your Salesforce Org More Secure
If you follow the 6 easy steps in this guide, you’ll be well on your way to a more secure but functional org. When it comes to security, though, there’s an endless amount of potential enhancements. Subscribe to the S-Docs blog for more great tips throughout the year!
Start Securing Your Salesforce Document Workflows With S-Docs
S-Docs is the only 100% native document generation and e-signature solution for Salesforce. We help our global partners simplify their document workflows in Salesforce while maintaining the highest level of security, since all processing occurs on the Salesforce platform.