featured image with security astro

Be a Security-Minded Admin

By

Understanding the basics of security is critically important to being an #AwesomeAdmin. As a steward of valuable data, you have the opportunity to be an important asset to your company by managing it with security in mind. Increasing your own cybersecurity knowledge allows you to play a role in not only safeguarding your company’s data but also helping your company meet security compliance requirements like the GDPR and CCPA. As an admin, you should work closely with IT to understand and maintain your company’s security standards.

The security-minded admin understands that security is “never done.” A security-minded Salesforce Admin knows that locking down user access with Multi-Factor Authentication (MFA) is the best way to safeguard their data from unauthorized account access. These admins also know what to do in the event of suspicious activity in their Salesforce implementation (knowing the internal procedure for escalating suspicious activity, emails, etc. and also understanding that this can be escalated to security@salesforce.com).

Being a security-minded admin is not as hard as it may seem. It means understanding the key principles of security and being able to apply them to your Salesforce implementation.

Know the basics of org security

1. Set up Multi-Factor Authentication (MFA) to protect access to your org.

MFA, also known as two-factor authentication, is the most effective way to protect your users’ accounts from common security threats like phishing, account takeover, and credential stuffing. As a security-minded admin, you can amplify your org’s security by requiring a second level of authentication for every user login. You can also require MFA when a user meets certain criteria, such as attempting to view reports or access a connected app. MFA verifies that a user is who they say they are, before they gain access to your Salesforce data.

2. Set login IP ranges and trusted IP ranges to protect where users can access your org.

Admins can control login access at the profile level by specifying a range of allowed IP addresses. If a user from an unidentified IP tries to log in, they will be denied. To control access at the org level, set trusted IP ranges. Unknown users logging in from non-trusted IPs are challenged to verify their identity — this is also commonly known as IP “whitelisting.” These restrictions help protect your Salesforce data from unauthorized access and phishing attacks.

3. Use permission sets to increase security inside your org.

Following the Principle of Least Privilege, give users the lowest level of user rights (access to read/write data) that they need to do their job. Salesforce helps you implement this with permission set groups so that you can easily customize the access given to users.

For additional security, you can activate session-based permission sets. This allows the user to have certain permissions only during a predefined session type (like when a user authenticates into your environment, for example).

4. Run Salesforce Health Check after every release.

Measure the security health of your org with Health Check. Admins can even create custom baselines to align security settings with the unique needs of the business. Be sure to run Health Check after every release to ensure your security score hasn’t changed.

5. Stay up-to-date on security.

Find the most up-to-date security resources and information on Salesforce’s security site.

Find more admin-related security resources available to you

Check out our resource page: admin.salesforce.com/security

Tips To Increase MFA Adoption in a Multi-Cloud Environment

You may have seen the announcement we recently made that beginning on February 1, 2022, Salesforce will start requiring all customers to implement multi-factor authentication (MFA). If so, you already know that MFA is one of the easiest, most effective ways to help prevent unauthorized account access and safeguard your Salesforce data. And in case […]

READ MORE

Remove Security Risks From Your Org With a User Audit

The right level of user access is critical to security, and as an #AwesomeAdmin, you play a key role in strengthening the security of your org. With many of us working from home these days, hackers are increasing their efforts with phishing attacks targeting user credentials. The cybersecurity threat landscape is always evolving to include […]

READ MORE

Metrics and Insights to Help You Boost Login Security

As you’ve probably heard, Trust is our #1 value here at Salesforce. We take your data security seriously. That’s why we encourage admins to implement multi-factor authentication (MFA) for your org logins. Multi-factor authentication (MFA) is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing, and account […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA