Blog: 7 Most Common Mistakes That Put Your Org at Risk

Posted by Pete Thurston
Pete Thurston”

Are you using Salesforce in the most secure way? Security is not a “set it and forget it” thing. We conduct Salesforce Security Risk Assessments for a number of clients and tend to see recurring themes that expose companies’ data. Here are the 7 most common mistakes we see with Salesforce Security:



1. Not Knowing Who Can See What

Salesforce Security Comic 1

  • Not understanding how roles should be determined and configured.

  • Not knowing your user. As companies scale, it's hard for admins to really know their Salesforce users and who can/should see what data, across the enterprise.





2. Moving Too Fast

Salesforce Security Comic 2

    • It’s easy to forget security settings when creating new objects and fields.  Be present when adding new features. An extra 7 seconds per field to really reflect on every action will go a long way and prevent nasty future surprises.







3. Everyone’s an Admin

  • Falling into the trap of sharing everything with everyone is an easy way to expose sensitive information.

  • This can be an easy mistake when people are asking for more permissions to do their job. 

Salesforce Security Comic 3

4. Insecure Integrations

Salesforce Security Comic 4

  • Developers can publicly expose endpoints.  It's important to identify all the various types of integrations and make sure they are constantly being reviewed in your organization.

  • Duplicating encrypted info in other systems that are secure.









5. Replying Too Much on the “Health Check”

Salesforce Security Comic 5

  • There’s a lot the Health Check can’t check because it based on Salesforce's “baseline”. It can’t see beyond the health check objectives such as secure integration and users’ accessibility.

  • The Health Check can be a false positive if you're looking at the score without considering other risks that aren't included in the Health Check.
  • You need to determine the baseline specific to your company's security posture. 



6. Lack of Data Loss Prevention

Salesforce Security Comic 6

  • Most of your users having the ability and flexibility to delete data.

  • Common mistakes include... not tracking history on fields, not having a secure backup solution that allows you to restore old data, and a lack of "checks and balances" for exporting data.







7. Bought Shield But Not Implemented
(A False Security Blanket)

Salesforce Security Comic 7

  • Not realizing that just because you bought Shield does not mean it's "on" or implemented. 

  • Failing to understand that encrypting everything not a best practice.

  • Neglect the ongoing maintenance of Shield that's related to Salesforce releases (3x a year) and changing/adding new data to your org. 






Learn about our Security Risk Assessment which addresses these common mistakes, and more!

Topics: Salesforce Security & Privacy, webinar, Security and Governance

Subscribe to the Blog