3 steps to build a strong security culture

3 Steps for Admins To Build a Strong Security Culture

By

As a Salesforce Admin, you play a crucial role in maintaining the security of your company’s valuable data. In fact, security is one of the five admin core responsibilities

New technologies like GenAI and Salesforce’s Agentforce bring increased value to admins, but also new security challenges. Following security best practices is more important than ever as these tools continue to advance and positively impact that way we work. 

As the day-to-day owner of Salesforce, overseeing security can be a large task, and it isn’t something admins need to take on alone. We encourage admins to work with their stakeholders, IT, and security teams to help safeguard Salesforce data by creating a culture of security at their companies. 

The first step to building a culture of security is by following security best practices. Make sure to prioritize the following things when it comes to security.

  • Enforce MFA for all user logins.
  • Limit your users’ access using permission sets and permission set groups.
  • Monitor security using Health Check and other dashboards.
  • Always follow security and configuration best practices recommended by Salesforce.

Investing in your company’s security isn’t just about configuring the product correctly—it’s also about people. Getting users to avoid clicking on and report phishing emails that target Salesforce credentials, for example, can save your company from a security breach. Admins can only control so much; the hardest part is getting your users and stakeholders to follow security best practices. 

So, how can admins create a culture of security at their companies to ensure security best practices are followed by everyone with a Salesforce login? 

Step 1: Understand what types of risks your organization faces

First, you’ll need to understand what specific challenges your company faces when it comes to security. Almost all admins should be concerned about misconfiguration, data loss, and phishing emails, among other things. 

The best way to gain a comprehensive understanding of this for your unique environment is to run a threat model to understand security needs for your implementation. Once you understand the risks, work to address risks based on priority (think biggest impact plus lowest effort).

Step 2: Get stakeholders to adopt secure behaviors

The next step is to identify who your most important stakeholders are. For Salesforce Admins concerned with security, stakeholders within your company will typically be the IT team, the security team or security leader, the operations team, etc. 

Once you’ve identified these individuals or teams, build a strong business case for them by creating a plan that clearly addresses existing security risks, calling out necessary resources. Remember that strong relationships are essential to stakeholder management.

Step 3: Encourage users to adopt secure behaviors

The last piece of the security culture puzzle is your users. Understanding your user audience(s) is an essential component of success with this audience. It’s up to you to understand:

  • What are your users’ needs and incentives to adopt secure behaviors?
  • How can you best reach them? 
  • What channels do they typically get information from?

Understanding that your stakeholders and users are audiences that have different needs and incentives is the key to building a security culture. But once they’re on board, it will become second nature!

If this seems like a lot and you’re wondering how this translates into an actual program, not to fear—we created a template for you! You can use the template below to build a Security Culture Program at your organization. 

Template to guide your organization to create a Security Culture Program including identifying your audience and priorities, creating content, generating engagement, and measuring your program’s effectiveness.

If you’re looking for more specific tips on how to secure your Salesforce data, see the below resources to understand how to manage security of your org.

Resources

Protect data With Private Connect for Data Cloud

Enhance Agentforce Data Security With Private Connect for Data Cloud

In today’s digital landscape, ensuring the security of customer data is one of the top priorities for Salesforce Admins. With the increasing frequency of security breaches, the need for robust protection of sensitive information is more critical than ever. Exposing services to the public internet inherently opens up vulnerabilities that can lead to unauthorized access, […]

READ MORE
Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE