In the digital world, we live in today where people know their rights of privacy and security and where competitors fear leaks of their information, data security is a must. Data includes communication, transactions, infrastructure, knowledge, and even organizations up and incoming project plans, all these being the key assets for an individual or organization is must to be protected ad saved from falling in the wrong hands. It is in the best interest of each and everyone to keep their data safe.
The practice of protecting data from theft, corruption, or unauthorized access through the entire lifecycle of data is known as data security. It includes the deployment of technologies and tools that enhance an organization’s visibility into where its data resides.
Data Security Ensures:
Easy access to data that is required for business anytime anywhere.
Retains data integrity.
Safety and protection from a data breach.
Failure to safeguard data might lead to data breaches and circulation of data to the hands of the wrong people.
Now you must be wondering how do you ensure that your data is safe? Well, here are some tips you can follow to ensure safety:
Salesforce Health Check:
Salesforce health check is an easy way that you can use to check, identify, and secure potential fragilities in your security settings, all this from a single page, easy enough right. Here is how the Salesforce health check works, after the assessment has been made you are presented with a summary score of how your organization measures against the security baseline (Salesforce baseline for instance). To calculate the risks a proprietary formula has followed those measures how well your security settings meet not only the Salesforce baseline but also your custom baseline. The score is increased when settings meet or excel baseline compliance raise the score, whereas, setting at risk lowers your scores.
Other settings health checks might include are:
- Minimum password complexity Forced
- logouts on session timeout
- Forced logouts on session timeout
- Clickjack protection
- Along with this, you can also set up a custom baseline, but do remember that the baseline followed by Salesforce is industry-leading, and its standards are always up to date which means it continuously adapts to new threats and changes according to them.
Two Factor Authentication:
It is also referred to as two-step verification or dual-factor verification sometimes. Using this process user provides two authentication factors and is done to secure credentials and restrict unauthorized access. It provides a higher level of security and relies on a password and a second authentication factor both of which are provided by the user, the second factor is usually a security code or a biometric factor. Two-factor authentication adds an accessory layer of security making it harder for attackers to gain access.
There are two ways you can roll out two-factor authentication:
There are two ways you can roll out two-factor authentication:
The second being a criteria-based trigger to TFA for instance requiring TFA only when the user accesses a connected app.
An IP address can also be restricted which means the admin has control over restrictions on which IP addresses have access to Salesforce or at what time.
Consider a team of 6 people performing the same job and you don’t want them to access each other’s data, you can assign them the same role, which hands them the same restrictions and privileges. However, their manager/supervisor would have a different role assigned to them and they would have access to the data of all their team members.
Setting a role-based hierarchy like this allows users to only access data that is “below” them.
Role Hierarchy:
It is good practice to have a role hierarchy in place within your organization in addition to the field- and object-level security. A good architecture role hierarchy can add a layer of security by obfuscating data based on a user’s role.
A job order lets administrators award peruse and compose admittance to information dependent on their situation inside their specialty or the business. Job progression decides the reports, records, and dashboards that can be seen and altered by clients.
Your role hierarchy will likely look similar to your organization’s hierarchy, but it doesn’t have to match precisely.
Virus Scanner:
There is an argument for maneuvering away from hosting your data in different systems and integrating it with one comprehensive tool like Salesforce. But why not add an extra layer of security with Salesforce, which comes in the form of a third-party virus scanner app.
Clickjack Protection:
Clickjack is a method used by hackers to deceive users to tap on a button, banner link, or ad. So how is it harmful, it causes the user to believe the page he is surfing on is authentic while the page itself being a counterfeit, with scammers waiting for the user to input information they desire or need? What does click jack protection do? It fends off such ads, pages, buttons, or links and prevents them from appearing on your Salesforce page, which ultimately makes your data more secure and protected.
Salesforce Shield:
It is a security of tools that help build trust among admins and developers. It involves shield platform encryption, event monitoring, and field audit trial. Shield platform encryption:
Shield platform encryption allows you to encrypt your data across all your salesforces apps. Encrypting data at rest adds a layer of protection and helps in meeting internal as well as external data compliance policies while keeping critical app functionality.
Event monitoring:
It gives you detailed access to performance, data usage, and security on all of your Salesforce apps. It enables to see who and from where is accessing the critical business data.
Field audit trial:
It lets you know and have an idea about the state and value of your data for any date, at any given time. It can be used for customer service, internal governance, regulatory compliance, or an audit. It helps companies to create a forensic level data audit trail with up to 10 years of history, this is due to it being built on a big data backend for enormous scalability.
API Security:
It is the assurance of the uprightness of APIs. It is important because businesses use APIs to connect services and transfer data. If APIs are broken or hacked they are behind crucial data breaches. They exhibit sensitive information for public consumption. Most common API security practices include:
- Use of signatures and encryptions:
Encrypting your data is the first step along with a requirement of signatures to certify that the right user is decrypting and altering your data.
- Identify your vulnerabilities:
keeping up with your APIs, drivers and operating systems is essential, you must know how everything works and then identify weak spots that could be a gateway to break into your APIs.
Placement of quotas on how often your API can be called and then track its usage over history. The more the API is called the more it indicates that your API is being abused.
- API GATEWAYS:
APIs can leave you vulnerable to threats like:
- Dos Attacks
- Code Injections
- Fraud Logins
- Unsecured cardholder info
- Replay attacks
- Exposed data in URl keys
A couple of steps that can be taken are:
- Enable your app whitelisting and don’t allow the user to connect apps, this will prevent the user from creating vulnerabilities.
- Designate an integration user for an API that accesses Salesforce instance and throws data back and forth meaning. You can set user permission to “API only”, ensuring that the integration can’t access your information in any other way possible and restricts API from modifying data it shouldn’t be nearby. Users should only be granted permission to use a minimum amount of data that is required to do their job.
- Working on the above-mentioned step does not mean that you can take your eyes off. Keep conducting regular audits to the home on any suspicious activities.
Use Of Custom Login Flows:
- Now that it has already been discussed to restrict access to Salesforce outside of specific IP addresses and set business hours, however, in some circumstances, users may very well need to access your instance from different locations at different times.
- Salesforce offers a feature that helps safeguard against illegitimate logins, while still giving your authorized users access even under unusual conditions.
- Custom login flows allow you to place additional authentication steps if a user’s login attempts are in some way unusual.
User Access Controls:
There are several default user access settings and requirements in Salesforce that you can and should use to tighten up and bolster your instance security, especially at present times when more users are working from home.
Here are a couple of ways you can up your advanced shielding game without impinging on client experience.
Length:
Default settings prefer 8 minimum characters; however, security experts recommend at least 15 characters.
Complexity:
When considering security, the length of the password tends to be more important than complexity, now throw in numbers and special charters in the mix and your password is now stronger than before.
Expiration:
The default password expiration setting of salesforces is 90 days, which is roughly the number of days required to crack the average password. You can also shorten this period; if you choose to do so, you should also turn on Salesforce’s Enforce password history setting so the user can’t reuse the same one over and over. Salesforce will then remember a user’s three previous passwords. You can amend this number if needed.
Password Hints:
You can likewise keep clients from setting their real secret phrase as their secret word hint (subsequently uncovering their secret phrase to any individual who requests to see the secret word hint). As a matter of course, Salesforce does not keep clients from adding their secret phrase to their security question, so it ought to be made a point to turn on the Cannot Contain Password setting.
Autocomplete:
We have all been saved from forgotten password nightmares by a web page’s autocomplete form, but when your Salesforce data is in the mix, you don’t want your users to have that option. Ensure you incapacitate storing and autocomplete on your Salesforce login page cx.