October is Cybersecurity Awareness Month - Make Sure It's Full of Treats, Not Tricks!

Best practices for keeping your data safe in Salesforce and beyond

There's a crispness in the air at our headquarters in NYC that can only mean one thing, it’s October. However, what can truly send a chill down your spine is having your data exposed to cyber threats! 

October is also known as Cybersecurity Awareness Month! With all the advances in technology, the volume of data we share, and remote work, the threats facing your data are greater than ever before.  Now is the time to review your cyber policies, (and maybe your cyber insurance), to ensure that all your technologies, including Salesforce, adhere to today’s best practices so your data is safe.   

Enable Multi-Factor Authentication (MFA): 

Since February 1, 2022, Salesforce has required all customers to use MFA to access Salesforce products. A cumbersome but important transition for all our customers to assist in keeping their data secure. MFA should be enabled for all your applications, regardless of it being required by the platform itself. It provides an additional layer of authentication and alerts you if someone is trying to access your accounts without your knowledge. Just think of it as a digital guardian watching over your online presence. 

Keep Your Passwords Safe and Secure 

The minimum requirements for Salesforce passwords are that they must contain at least eight characters, including one alphabetic character and one number. Additionally, create Password Policies that include options such as when passwords expire and how long before a previous password can be reused. 

However, the most secure password is one that you don't even know! Consider using a password manager that generates complex passwords for you and stores them securely. Avoid using passwords that are easy to guess or can be deduced from information you share online, such as on social media. 

 Manage What Data Users Can Access  

Not all users are created alike in Salesforce and many other apps in your business. Ensure that everyone has access to data that’s necessary to do their jobs. This will help streamline their views, deliver the right information for key decisions, and help keep your data secure. It can be a balancing act between limiting access to data, thereby limiting risk of stolen or misused data, versus the convenience of data access for your users. 

 Regularly Update Applications – Cloud-based and Local 

Salesforce creates updates several times a year, and these can be set to deploy automatically or manually. For other applications, updates are like the silver bullets of the cybersecurity world. They include patches designed to fix bugs and enhance security. By regularly updating your applications, you're fortifying your defenses against cyber threats and ensuring your digital castle remains secure. 

 Recognize and Report Phishing/Vishing Attempts: 

Phishing and vishing (voice phishing) attempts are common tactics cybercriminals use to trick individuals into revealing sensitive information. Be on the lookout for these signs:

• Odd email addresses 

• Poor grammar in messages 

• Off-branding or inconsistencies 

• Suspicious attachments or links 

• Requests for unusual actions, like purchasing multiple gift cards 

Some emails from Salesforce include very long links, and some email clients will mark them as spam. If you have initiated a password reset, be on the lookout for that email, however, if you haven’t then beware. If you are suspicious of an email that looks like it was sent from Salesforce, forward a copy as an attachment to security@salesforce.com. 

It's essential to remain vigilant to protect your data. Verify any communications you feel may be illegitimate through alternative means, such as a phone call or an in-person conversation. Learn to recognize the signs of a phishing email or vishing phone call and remember that being overly cautious can help keep those cybercriminals at bay. 

Don't let this October turn into a horror story due to a data breach. With diligence, you can be cyber-smart and keep yourself safe online. October may be cybersecurity awareness month, but by staying informed and implementing best practices, you can navigate the digital realm with confidence and enjoy a safer online experience all year long.