While many of us look forward to Halloween costumes and pumpkin picking in October, the Security team at Salesforce is excited to kick off our favorite month of the year by promoting digital security — otherwise known as National Cyber Security Awareness Month!
National Cyber Security Awareness Month (NCSAM) has been around since 2004 as a way to remind everyone who uses the internet (a.k.a. everyone in 2017) of the best ways to keep yourself and your data safe online. In honor of NCSAM, we’re here to answer the most common Salesforce security questions from our customers. To do this, we partnered with our support teams at Salesforce to understand which areas customers had the most questions about when it comes to securing their instance — keep reading, you may be surprised by the answers!
This is a great thing to implement, regardless if you’re an Administrator, salesperson, or other role — two-factor authentication (2FA) is one of the easiest things you can do to immediately enhance your personal and professional security. 2FA is a security process in which a user provides two authentication factors (like a password and a mobile phone) to verify their identity. 2FA provides an additional layer of security and makes it harder for attackers to gain access to a user’s accounts, because knowing your password alone is not enough to pass the authentication check.
From a user’s perspective, setting up 2FA is very quick and easy. Simply follow this Quick Pairing Video to onboard. Once enabled, 2FA adds minimal overhead, especially if trusted locations are enabled (see the next question for more info on that). From an Administrator’s perspective, enabling 2FA throughout the org takes a couple of minutes by creating a 2FA permission set and assigning that permission set to users, whether as groups or as individuals. Follow this video to begin setting up 2FA requirements for your org and users.
To enable the second part of 2FA, you can download and use the Salesforce Authenticator app to log in to your Salesforce org, whether you login on your desktop or mobile device. While Salesforce Authenticator is the flagship 2FA solution for protecting your Salesforce org, you can use other solutions, like Google Authenticator, for the same purpose.
Restricting users to logging in from only designated IP ranges adds an extra layer of advanced security by helping protect your data from unauthorized access and phishing attacks. Login IP ranges limit unauthorized access by requiring users to login to Salesforce from designated IP addresses, typically via your corporate network or VPN.
By using login IP ranges, Administrators can define a range of permitted IP addresses to control access to Salesforce, preventing anyone attempting to log in to Salesforce from outside the designated IP addresses from gaining access. This step is on the more advanced side and is only something employees with administrator level access can put into effect — but don’t worry, it’s easier than it sounds! This article will help get you started if this is something you’d like to set up for your instance.
Single sign-on (SSO) allows users to access authorized network resources in one super easy step. With SSO, usernames and passwords are validated against your corporate user database or other client app, making it simple and fast for users to log in.
There are plenty of benefits when it comes to implementing SSO. Users only need to memorize a single password to access network resources, external apps, and Salesforce, which reduces time spent resetting forgotten passwords and gives a powerful boost to your network’s security. If you’re interested in implementing SSO, this Trailhead module and setup guide will help you get started.
Want to know more about security?
While these questions didn’t make it into the top 3, customers also wanted to know how to deactivate a user and how to run Security Health Check. Answers to these questions and others can be found at trust.salesforce.com/security.