featured image with security astro

Be a Security-Minded Admin

By

Understanding the basics of security is critically important to being an #AwesomeAdmin. As a steward of valuable data, you have the opportunity to be an important asset to your company by managing it with security in mind. Increasing your own cybersecurity knowledge allows you to play a role in not only safeguarding your company’s data but also helping your company meet security compliance requirements like the GDPR and CCPA. As an admin, you should work closely with IT to understand and maintain your company’s security standards.

The security-minded admin understands that security is “never done.” A security-minded Salesforce Admin knows that locking down user access with Multi-Factor Authentication (MFA) is the best way to safeguard their data from unauthorized account access. These admins also know what to do in the event of suspicious activity in their Salesforce implementation (knowing the internal procedure for escalating suspicious activity, emails, etc. and also understanding that this can be escalated to security@salesforce.com).

Being a security-minded admin is not as hard as it may seem. It means understanding the key principles of security and being able to apply them to your Salesforce implementation.

Know the basics of org security

1. Set up Multi-Factor Authentication (MFA) to protect access to your org.

MFA, also known as two-factor authentication, is the most effective way to protect your users’ accounts from common security threats like phishing, account takeover, and credential stuffing. As a security-minded admin, you can amplify your org’s security by requiring a second level of authentication for every user login. You can also require MFA when a user meets certain criteria, such as attempting to view reports or access a connected app. MFA verifies that a user is who they say they are, before they gain access to your Salesforce data.

2. Set login IP ranges and trusted IP ranges to protect where users can access your org.

Admins can control login access at the profile level by specifying a range of allowed IP addresses. If a user from an unidentified IP tries to log in, they will be denied. To control access at the org level, set trusted IP ranges. Unknown users logging in from non-trusted IPs are challenged to verify their identity — this is also commonly known as IP “whitelisting.” These restrictions help protect your Salesforce data from unauthorized access and phishing attacks.

3. Use permission sets to increase security inside your org.

Following the Principle of Least Privilege, give users the lowest level of user rights (access to read/write data) that they need to do their job. Salesforce helps you implement this with permission set groups so that you can easily customize the access given to users.

For additional security, you can activate session-based permission sets. This allows the user to have certain permissions only during a predefined session type (like when a user authenticates into your environment, for example).

4. Run Salesforce Health Check after every release.

Measure the security health of your org with Health Check. Admins can even create custom baselines to align security settings with the unique needs of the business. Be sure to run Health Check after every release to ensure your security score hasn’t changed.

5. Stay up-to-date on security.

Find the most up-to-date security resources and information on Salesforce’s security site.

Find more admin-related security resources available to you

Check out our resource page: admin.salesforce.com/security

Cloudy in the mountains with a megaphone next to text that says "How MFA Can Save Your Company Money While Reducing Risk."

How MFA Can Save Your Company Money While Reducing Risk

Remember the days when you only had one password? As fondly as we look back on those technologically simpler times, we know now that usernames and passwords are no longer sufficient to protect accounts against unauthorized access. And while everyone knows that multi-factor authentication (MFA) is one of the easiest, most effective ways to help […]

READ MORE
Enhanced Personal Information Management

Protect User PII Data with Enhanced Personal Information Management

In the Winter ’22 Release, we’ll roll out the ability to prevent external users, such as portal or partner users, from viewing personal information in your user records by enabling the Enhanced Personal Information Management permission. This permission replaces the less-configurable Hide Personal Information setting, which will be retired in the Winter ’23 Release. So, […]

READ MORE
Astro and Cloudy on a mountain next to text that says "#4 Security Center Enhancements."

Learn MOAR in Winter ’22 with Security Center Enhancements 🔒

Follow and complete a Learn MOAR Winter ’22 trailmix for admins or developers by October 31 to earn a special community badge and enter for a chance to win one of five $200 USD Salesforce Certification vouchers. Restrictions apply. Learn how to participate and review the Official Rules by visiting the Trailhead Quests page. Security […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA