Salesforce initially set out to create a sales-focused software app delivered in a revolutionary model: Software-as-a-Service (SaaS). Early versions of the app were modest. It was focused on only sales automation and forecasting. It did not support importing, storing or downloading files or attachments. But, as it grew in popularity, Salesforce grew more sophisticated. Now, it is the world’s leading, preeminent customer relationship management (CRM) service and supports a massive ecosystem including a broad set of internally developed and third-party developed applications.
Files and documents everywhere
Millions of files are uploaded to and exported from Salesforce daily. Administrators, users, executives, etc., interact with forms, templates, reports, email messages, logos, images, etc., for various use cases. Some examples of documents imported/exported from Salesforce include:
- Email templates (for example, to promote a new product that salespeople can customize for their customers).
- Email-to-Case files (Email-to-Case turns customer emails into cases for the support team).
- Documents imported from Salesforce communities.
Some of these files likely contain malicious content from either a malicious user or an unwitting user merely passing along an unvetted file. Further, these documents will usually bypass desktop or server-based virus detection applications. As a result, they represent a threat to the Salesforce instance.
It often comes as a surprise to learn that Salesforce does not include virus or malware scanning for file attachments, documents, URLs or QR codes. Salesforce, like most cloud-based application vendors, follows the Shared Responsibility Model. This model defines that customers are responsible for the security of their data. While Salesforce’s infrastructure security provides an extremely strong foundation, no built-in threat detection exists, as this is the customer’s responsibility. As such, customers must employ tools for malware and phishing attacks.
Users need to take this responsibility seriously. According to Infosecurity Magazine and Proofpoint’s 2024 State of the Phish report, over two-thirds (69%) of organizations experienced a successful ransomware incident in the past year. Malicious files were major contributors.
An example from the Salesforce Trailblazer Community
For example, consider this actual security incident reported to the Salesforce Trailblazer Community:
“We experienced a security breach on one of our Salesforce Orgs the other day, where we use(d) the Email to Case functionality. A file containing malware in a .JS format was attached to a case. A user clicked on it, assuming it is safe to do so, and it wiped out all of her personal files on that laptop, as well as all recently viewed public files.”
Sadly, this customer learned too late about the requirement to fully think through how to secure Salesforce.
Securing Salesforce is always a top priority
Securing and protecting sensitive customer data is critical for the more than 150,000 companies that rely on Salesforce. Salesforce provides industry-leading security for its platform and infrastructure but cannot control customer endpoints. Hence, it is the customer’s responsibility to ensure that those endpoints have up-to-date antivirus protection. As a result, the Salesforce security approach is based on a Shared Responsibility Model. Salesforce relies on third-party partners and vendors to complete and complement the security approach with document and file scanning.
WithSecure™ Cloud Protection for Salesforce
To stay ahead of bad actors, WithSecure Cloud Protection for Salesforce is singularly focused on complementing the Salesforce security stack by providing file and document protection. WithSecure uses advanced threat protection mechanisms and technologies, including AI and cloud sandboxing, to detect, quarantine and neutralize threats in real time. This past year, WithSecure Cloud Protection for Salesforce has forged ahead with industry-leading capabilities to stay ahead of bad actors, including:
- Detecting malicious URLs in files: WithSecure Cloud Protection for Salesforce detects and blocks malicious URLs hidden inside files uploaded to Salesforce.
- Detecting and blocking shortened URL threats: Shortened URLs can mask risky content while bypassing traditional security controls. WithSecure uncovers and blocks these threats, verifying every link, whether shortened for convenience or to mask something more sinister.
- URL protection across custom objects and fields: WithSecure supports URL Protection for Salesforce’s standard and customized objects and fields.
- Detecting malicious QR codes in files: WithSecure now includes QR code scanning to defend against quishing attacks across Salesforce. What is a quishing attack? In a quishing attack, bad actors create a QR code and link it to a malicious website. That QR code is then included in a piece of content, which users unwittingly click on.
- Enhanced files digital fingerprinting: WithSecure sharpens detection accuracy without impacting performance.
Additional Resources
- Learn more about WithSecure Cloud Protection for Salesforce in our newest video, 60 Seconds with WithSecure.
- Take a test drive and read user reviews on Salesforce AppExchange.
- Book a demo to see Cloud Protection for Salesforce live and learn how it can protect your Salesforce instance.