logo

Best Practices for Managing Salesforce Data Security and Compliance

It shouldn’t be a shock to point out that data breaches carry a huge reputational risk — one that almost always impacts the bottom line. As we can see from any number of recent, highly publicized incidents, not taking data security seriously can result in serious consequences. 

Often, when reviewing data security protocols, cloud-based enterprise systems like Salesforce tend to be overlooked. After all, one of the main benefits of cloud-based software is that you don’t have to worry about security, right? That’s true, to an extent — Salesforce does have a world-class SecOps team monitoring security around the clock. But it doesn’t mean you’re in the clear when it comes to protecting critical information housed on the platform. While Salesforce offers an excellent baseline for data protection, customizations, integrations and the behavior of your team all create the potential for risk. To preserve and enhance the base that Salesforce provides, you need to be proactive.

In this post, we’ll get you started on data security in Salesforce with three best practices for mitigating risk on the platform.

1. Develop Onboarding and Offboarding Policies

Onboarding and offboarding is more than just training presentations and signing documents — it’s a critical time for data security. Studies find that 88% of IT employees would consider stealing sensitive data if they were fired — and nearly 90% of employees are capable of accessing sensitive data long after they’ve been dismissed. Ensure your HR and IT departments are collaborating to manage user roles and access privileges when an employee starts or ends their tenure with your organization. Implementing a formal process for onboarding/offboarding will make it easier for your team to ensure employees have the access they need to be successful in their role — and that your business is protected from any security threats in the process.

2. Invest in Staff Training

Cybersecurity is not the sole responsibility of your IT team. Everyone at your organization needs to be aware of best practices for identifying cyber threats that can have a harmful impact on your business. Take passwords, for example; it’s easy to take short-cuts, like reusing the same password — so implementing password policies or using a password management application can help to avoid security risks.

Even the most secure systems need to be used properly to be effective — and employees are sometimes the biggest threat to your systems. Investing in staff training about how to protect sensitive data in Salesforce should be high on your priority list.

3. Review and Restrict Admin, Full and View Access

Salesforce’s roles, profiles and permission sets are highly flexible — but if not managed properly, that flexibility can be a huge threat to the safety of your data. Of course, only a small group of authorized personnel should be able to view and edit business-critical information. But in the modern world of working from home and dealing with staff absences, you may be tempted to grant some employees access that’s broader than it needs to be. 

If you don’t have time for a comprehensive access review, start by making sure only Admins have the System Administrator profile. Then, work towards implementing the principle of least privilege — restricting employees’ access rights to the minimum required to do their job.

Making data protection a top priority will be critical to the success of your organization. Start by following these three best practices and you will quickly be in a much better position in terms of overall security and compliance. 

As VP of Sales and Marketing, Paul is responsible for driving growth of of the Infrastructure and Applications products in the Netwrix portfolio. His main areas of focus are security and compliance for NetSuite, Salesforce and Network Infrastructure. He is passionate about Go To Market Strategies and driving positive outcomes for customers. Previously, Paul served as the VP of Sales and Marketing at Strongpoint where he ran Go To Market functions before it was acquired by Netwrix. Paul holds a Bachelor of Arts degree and a Masters in Business Administration from McMaster University in Hamilton, Ontario, Canada.