5 steps to a secure Salesforce

Your data, your problem: Your responsibility for securing Salesforce

Salesforce is used by customer-facing teams in over 150,000 organizations around the world to collect customer data, run campaigns, and close deals. Given it’s a SaaS platform, it’s easy to sign up and start using Salesforce for marketing and revenue-generation activities. But this is often done without the oversight of the IT department or security team.

Salesforce environments fall outside the protection of traditional security solutions, like email or endpoint security. The result is that criminals can upload phishing links and malware into websites, forms, chats, support emails, and community portals created in Salesforce to compromise a network or steal data. Because these are not scanned by the traditional solutions, those files and links can put customer and commercial data at risk.

Don’t let one malicious file ruin your business. Follow these five steps to work more securely with Salesforce:

1. Talk to your Salesforce coworkers and your security team

Most SaaS software operates under the Shared Responsibility model. That means that, while Salesforce secures the platform itself, the activity that takes place within your Salesforce environment is your responsibility to secure—it’s not safeguarded by default. As a result, links and content that are uploaded aren’t scanned for harmful files.

Better to plan proactively for a secure Salesforce than to have to react to an attack. Ask yourself the following questions: Who in the business is most likely to support you in raising your security concerns with the necessary stakeholders—and help you implement a solution?

The IT department is clearly a good place to start. Is the chief information security officer aware of the security issues? Get them onboard or create a small taskforce and identify an internal sponsor.

Train your Salesforce team on good security practices. Cybercriminals are constantly evolving attack vectors and methods. It’s essential for every organization to keep its workforce up to date with the regular cybersecurity training and good practices.

2. Find out where you are today

Take a Salesforce health check. What are the risks of your current and upcoming Salesforce projects? Creating forms that capture user-generated data is a great way of capturing data about your customers and their needs. But it’s also an opportunity for cybercriminals to breach your systems.

What Salesforce products is your organization currently using or planning to use? What data will be uploaded—and how? Where will that be stored and what will be done with it? What’s the potential fallout—both from a business risk and an operational standpoint?

Our free risk assessment tool can help you run this health check. It takes just a few minutes to complete and will give you a high-level report of the risks you face for each Salesforce product.

3. Talk to the Salesforce security experts

WithSecure’s experts are ready to advise you on how to get started securing your data in Salesforce. We developed an effective solution to secure Salesforce by partnering with Salesforce itself. This began when we started using the platform as our own CRM back in 2015. As a security company, we wanted our environment to be secure, so we built a solution ourselves—with strategic and technical input from Salesforce.

Today, even Salesforce is using the WithSecure tooling to tackle the same problem in its own solution. Connect with one of our advisors now to discuss your concerns and understand how you can reduce your risks.

4. Use a tried-and-tested technology solution

Whatever solution you try, make sure it has an established track record for reliability. WithSecure™ Cloud Protection for Salesforce delivers just such a solution. It works seamlessly in the background. It runs scans of links and files in real time—or on demand—with no disruption to Salesforce activities. In addition, it has zero impact on any customizations in your Salesforce environment. The solution has been around for several years and is tested, tried, and works for customers in all industries.

WithSecure™ Cloud Protection for Salesforce solution is available directly within the Salesforce AppExchange. It can be installed easily and integrates natively with Salesforce. There are no deep integrations—you can have it up and running in minutes.

5. Enjoy peace of mind

With WithSecure™ Cloud Protection for Salesforce in place, you can focus on running campaigns, closing deals, and growing your customer base with confidence using the full capabilities of Salesforce. Sales and marketing teams can innovate and experiment with new campaign ideas safe in the knowledge that company and customer data is protected.