5 Steps to Securing Your Salesforce Data in a Remote Era
Very few of us work full-time from corporate offices since Covid-19, after lockdowns forced almost everyone to work from home for so long, some of us will never return. A Gartner CFO survey revealed that approximately 74% of companies expect some employees to become permanently remote, and 17% of these companies estimate that these full-time remote workers could make up 20% of the workforce (1).
This shift will undoubtedly bring an array of business benefits as well as challenges for the companies that embrace a remote working setup. One area of concern for IT leaders in this new world is the security of their data. Platforms like Salesforce (the largest CRM in the world by market share) are used by a wide range of businesses across all industry sectors and verticals and therefore contain an array of valuable and sensitive data.
We recently published an article on seven tips for ensuring data security in Salesforce to give a basic overview of the issues Salesforce admins need to be aware of. However, in the context of remote work, here are five key things to keep in mind.
1. IP range restrictions
As a Salesforce customer you always retain responsibility for everything that you upload to the platform, as well as managing the security of devices and identifies that you use to access the platform.
2. Login hours
Similarly, the times that certain users can access your platform can be restricted using the Login Hours section of their profiles. This could be restricted to only business hours so that suspicious attempts to login in the middle of the night are automatically blocked.
3. 2FA (Two-factor authentication)
Salesforce says that two-factor authentication is the most effective way of protecting users accounts. It can be easily enabled for users at a profile level by changing the level of security required at login to “High Assurance” but it needs to be configured in your org’s session settings first.
4. Prioritize user access controls
Salesforce provides a range of tools for setting up rules and systems to ensure that it is not easy for unauthorized people to access your data. This might sound simple but given the number of users that some organizations need to allow access, getting the right permissions in place requires some careful planning. It is also important that legitimately authorized users are able to easily access the records they need without being overly inconvenienced.
Salesforce Data Protection 101 – What is Salesforce security model?
Data security is a top priority for Salesforce and its users, both for economic and regulatory reasons. The Salesforce data security model allows for a great deal of flexibility and customization to ensure your organization's security.Read more
5. Ensure continuous visibility
Visibility is a hot topic in cyber security right now, and in the context of Salesforce it means being able to monitor the activity of all your users and detect any potentially malicious activity.
Salesforce Shield (Salesforce’s own security tools) helps with this by providing enhancements that elevate the basic encryption of files. This means an extra layer of protection for files that your employees upload to the cloud, so that if this data falls into the wrong hands, it is harder to make use of.
To complement Salesforce Shield, WithSecure’s Cloud Protection solution for Salesforce provides real time protection from viruses, trojans and ransomware and scans all content that is uploaded into the cloud. It provides continuous visibility of who uploaded or downloaded what, where and when they uploaded/downloaded it.
5 ways WithSecure Cloud Protection works to complement Salesforce Shield
Here are five ways that WithSecure Cloud Protection for Salesforce complements Shield.Learn more
 Gartner, CFO Actions in Response to COVID-19, April 2020.