Nobody doubts the importance of data security, But it can be difficult to justify spending time and effort working on it. After all, the best data security is often one that your users never interact with, and which your management never sees a direct benefit from. Salesforce takes security very, very seriously, but even their efforts can be undermined by a weak setup on your end.
So how can you beef up the security on your own end of things? For this article, I’d like to focus on simple steps you can take to make your system more secure. Don’t assume that the options I list here are the only ones available; Salesforce gives you the ability to implement some pretty serious security. But these are some quick and simple things that you can do to start making sure your data stays where you want it.
Password Requirements
A strong password policy is your company’s first line of defense against unwanted intrusions into your data. It’s also one of the more annoying facets of system security for your users. Few and far between are the users that actually enjoy having to come up with a new jumble of letters, numbers, and symbols every few months. But it’s important to have a strong and universal policy here. Your org’s password policies are found in the Setup menu, under Security Controls > Password Policies. I personally recommend 90 day expirations, an eight-character minimum with letters, numbers, and special characters required, and a five-password history.
Login Hours and Login IP Restrictions
These are a couple of options that can be set at the Profile level. The first one is pretty self explanatory; Salesforce gives you the ability to restrict what times of day (and for which days of the week) a user with a given profile is able to log into Salesforce. IP Restrictions work in much the same way; every computer on the internet has an IP address, and you can restrict users with certain profiles to only be able to login from certain IP address ranges. If you’re not sure what IP address ranges your company has, your company’s network administrator should be able to help you out. These options tend to work best for internal staff. Your inside sales team, for example, probably isn’t going to be logging into Salesforce from anywhere but your company, and probably isn’t going to need access outside of business hours.
Report Export Restrictions
Security isn’t just about keeping unwanted individuals from getting into your system. It’s also about controlling how data can get back out of your system. Nobody wants to think that they can’t trust their employees, but security and trust are often at odds with one another. A user with the ability to export data from a report can quickly and easily take large amounts of data from your system and put it out into the wild. Thankfully, you can help mitigate this vulnerability without completely removing access to Salesforce’s reporting functionality. The ability to export reports is a Profile-level user permission. Simply uncheck the box, and users with that profile won’t be given the option to export reports from your system.
And Much, Much More
These are just a few of the options and choices Salesforce gives you to help keep your system and your data secure. From password and login security to features like single sign-on or two-factor authentication, there are a massive number of ways to manage access on the platform. Got questions about which specific security option might be best for you? Feel free to leave a question in the comments, or get in touch with us via e-mail or social media.
Image credit: “Locks for Sale” by Flickr user ShannonPatrick17, used under Creative Commons license CC BY 2.0
