SlideShare a Scribd company logo

NYC Admin Zone: Build Your Security Superpowers

Download as PPT, PDF
Salesforce Admins, profile picture
Salesforce Admins

This document provides security best practices for administrators including establishing strong password security, enabling two-factor authentication, educating users to prevent phishing, and implementing login IP ranges. It recommends using passwords with a minimum of 12 characters from different character sets, regularly changing passwords, and never sharing or reusing passwords. Two-factor authentication provides an extra layer of security beyond a password. Login IP ranges allow designating trusted IP addresses that can access Salesforce accounts. The document stresses the importance of educating users to identify phishing attempts and report any suspicious emails.

Technology
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Build Your Security Superpowers: Security Best Practices for Admins Devanshu Patel Sr. Security Engagement Manager
Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Why are we here?
Security is a partnership with our customers. Setting Security Controls will improve your org’s health. Users are on the front line.
When it comes to you and Salesforce…
Security Superpowers Password Security Two Factor Authentication Phishing Prevention Login IP Ranges
Password Sharing = ​Security Risk ​Loss of access control ​Compromise will be blamed on the account owner ​Effective insider threat technique You Own Your Password Ownership has rights and responsibilities
OPPWAD Other People’s Passwords Are Dangerous! ​Never share your Salesforce account password with anyone ​Do not accept Salesforce credentials from anyone ​If someone gives you their Salesforce credentials, report it to security@salesforce.com
Password Security Password security is the first line of defense. ​Use strong passwords • Preferably minimum 12 characters and three character types (upper, lower, numeric, symbols) ​Regularly change passwords ​Never reuse passwords on other accounts ​Never share passwords (OPPWAD) ​Deactivate passwords when people leave
Weak Passwords Can Be Hacked ​Weak passwords (under 8 characters or real words) are easy prey ​Password cracking software can break them easily
Strong Passwords Can Be Compromised Social engineering Weak Security Questions
How Two Factor Authentication Works +
Why Two Factor Authentication Is Secure Provides an extra layer of security beyond a password. Protects account access even if the user’s password is compromised.
Salesforce Authenticator Protects account access even if the user’s password is compromised Significantly reduces vulnerability Great resource: www.twofactorauth.org
Login IP Ranges ​Available to all customers ​Only access Salesforce from a designated set of IP Ranges. Two levels: ​Org-level Trusted IP Ranges (permissive) ​Profile-level Login IP Ranges (restrictive) Enterprise, Unlimited, Performance, Developer: Manage Users | Profiles Contact Mgr, Group, Professional: Security Controls | Session Settings For more info, search Help & Training
Recommendation  Org-wide Trusted IP Ranges → all users in your organization  Profile- based login IP range restrictions → employees with access to lots of data or sensitive materials (Admins, Developers)  Profile- based login IP range restrictions --> users connecting from the same locations.
Phishing ​Educate your Salesforce users! ​If your users get a “Salesforce” e-mail, have them reach out to you or your security team to double check that it is legitimate ​If you are not sure about a ”Salesforce" e-mail, ask us, by forwarding to security@salesforce.com
Phishing Superpowers ​Hover over links to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Look for typos/grammatical errors. ​Beware Clickbait! • Using emotion to entice you to click immediately • Fear (Your account will be closed) • Reward (First 100 users get a free eye exam!)
Phishing Spoof ​Hover over links to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Does Salesforce send receipts in this manner? Are you normally a recipient? ​Look for typos/grammatical errors. ​Beware Clickbait!
Real Salesforce E-Mail Look for: Legitimate @salesforce.com or @exacttarget.com address Links go to www.salesforce.com or App Stores (hover with your mouse) Call to action not overly aggressive
Phishing Takeaways ​Hover over links and sender address to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Look for typos/grammatical errors. ​Beware Clickbait! • Using emotion to entice you to click immediately • Fear (Your account will be closed) • Reward (First 100 users get a free eye exam!) ​Have users e-mail admin/security ​Admin/Security can e-mail security@salesforce.com
● Deactivate users as soon as possible ● Deactivation removes login access while preserving historical activity and records ● Sometimes users cannot be deactivated: assign new user or reassign approval responsibility first ● Know your IT department’s termination process User Deactivation Best practice: Freeze users first! From Setup, click Manage Users | Users. Click Edit next to a user’s name. Deselect the Active checkbox and then click Save.
Security Superpowers Password Security Two Factor Authentication Phishing Login IP Ranges
Thank you

More Related Content

PDF
Securing Your Salesforce Deployment with Two Factor Authentication
Salesforce Developers
 
PDF
Secure Salesforce: Secret Storage in Your Salesforce Instance
Salesforce Developers
 
PDF
Secure Your Salesforce Org with Two-Factor Authentication
Salesforce Admins
 
PPTX
Integrating The Cloud - How to integrate Salesforce
Roy Gilad
 
PDF
Secure Salesforce: External App Integrations
Salesforce Developers
 
PDF
Salesforce Identity: Identity Management Made Easy
Salesforce Developers
 
PDF
Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Developers
 
PPT
Security and Your Salesforce Org
Salesforce Admins
 
Securing Your Salesforce Deployment with Two Factor Authentication
Salesforce Developers
 
Secure Salesforce: Secret Storage in Your Salesforce Instance
Salesforce Developers
 
Secure Your Salesforce Org with Two-Factor Authentication
Salesforce Admins
 
Integrating The Cloud - How to integrate Salesforce
Roy Gilad
 
Secure Salesforce: External App Integrations
Salesforce Developers
 
Salesforce Identity: Identity Management Made Easy
Salesforce Developers
 
Salesforce Identity: Don't Treat Your Customers Like Your Employees
Salesforce Developers
 
Security and Your Salesforce Org
Salesforce Admins
 

Similar to NYC Admin Zone: Build Your Security Superpowers (20)

PDF
How to Become a Security-Minded Admin
Salesforce Admins
 
PDF
Sensibilisation à la Sécurité Salesforce
Paris Salesforce Developer Group
 
PPTX
Securing Your Salesforce Org: The Human Factor
F Pindar
 
PDF
Salesforce New Jersey User Group - Security Awareness
InternetCreations
 
PDF
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
Salesforce Admins
 
PPTX
How to be a SalesFIERCE Salesforce Admin
Jared Miller
 
PDF
Secure Salesforce: Org Access Controls
Salesforce Developers
 
PPTX
How to be a Security Minded Admin by Chris Zullo
Salesforce Admins
 
PDF
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Salesforce Admins
 
PPTX
Top 5 User Problems Admins Solve by Colleen Burnsed & Meagan Diegalman
Salesforce Admins
 
PDF
SalesforceA Webinar
Salesforce Admins
 
PDF
[Delivering Salesforce secure access to remote workforce
Anna Loughnan Colquhoun
 
PDF
Setting up Security in Your Salesforce Instance
Salesforce Developers
 
PDF
Essential Habits for Salesforce Admins: Security
Salesforce Admins
 
PDF
10 Easy Steps to Mastering Org Security
Salesforce Admins
 
PDF
Getting started with Salesforce security
Salesforce Admins
 
PDF
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Paris Salesforce Developer Group
 
POTX
OAuth for Non Developers in Salesforce
Peter Chittum
 
PPTX
Security Boundaries in Apex
Salesforce Developers
 
PDF
Five Developer Tips Every Admin Needs To Know
Salesforce Developers
 
How to Become a Security-Minded Admin
Salesforce Admins
 
Sensibilisation à la Sécurité Salesforce
Paris Salesforce Developer Group
 
Securing Your Salesforce Org: The Human Factor
F Pindar
 
Salesforce New Jersey User Group - Security Awareness
InternetCreations
 
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
Salesforce Admins
 
How to be a SalesFIERCE Salesforce Admin
Jared Miller
 
Secure Salesforce: Org Access Controls
Salesforce Developers
 
How to be a Security Minded Admin by Chris Zullo
Salesforce Admins
 
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Salesforce Admins
 
Top 5 User Problems Admins Solve by Colleen Burnsed & Meagan Diegalman
Salesforce Admins
 
SalesforceA Webinar
Salesforce Admins
 
[Delivering Salesforce secure access to remote workforce
Anna Loughnan Colquhoun
 
Setting up Security in Your Salesforce Instance
Salesforce Developers
 
Essential Habits for Salesforce Admins: Security
Salesforce Admins
 
10 Easy Steps to Mastering Org Security
Salesforce Admins
 
Getting started with Salesforce security
Salesforce Admins
 
Introducing salesforce shield - Paris Salesforce Developer Group - Oct 15
Paris Salesforce Developer Group
 
OAuth for Non Developers in Salesforce
Peter Chittum
 
Security Boundaries in Apex
Salesforce Developers
 
Five Developer Tips Every Admin Needs To Know
Salesforce Developers
 
Ad

More from Salesforce Admins (20)

PDF
Admin Best Practices: Dashboards for Every Admin
Salesforce Admins
 
PDF
Admin Best Practices: Building Useful Formulas
Salesforce Admins
 
PDF
Admin Best Practices: 3 Steps to Seamless Deployments
Salesforce Admins
 
PDF
Awesome Admins Automate: Integrate Flow with AI and Chatbots
Salesforce Admins
 
PDF
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
Salesforce Admins
 
PDF
Admin Best Practices: Introducing Einstein Recommendation Builder
Salesforce Admins
 
PDF
Essential Habits for New Admins
Salesforce Admins
 
PDF
Essential Habits for Salesforce Admins: Actionable Analytics
Salesforce Admins
 
PDF
Essential Habits for Salesforce Admins: Data Management
Salesforce Admins
 
PDF
Essential Habits for Salesforce Admins: User Management
Salesforce Admins
 
PPTX
Admin Best Practices: Explore the Power of Data with Tableau
Salesforce Admins
 
PPTX
Essential Habits for New Admins
Salesforce Admins
 
PDF
Admin trailhead Live: Leverage Einstein Search to Increase Productivity
Salesforce Admins
 
PDF
Admin Best Practices: Reports & Dashboards
Salesforce Admins
 
PDF
Trailhead Live: Essential Habits & Core Admin Responsibilities
Salesforce Admins
 
PDF
Build AI-Powered Predictions with Einstein Prediction Builder
Salesforce Admins
 
PDF
Trailhead Live: Build an Awesome Team of Admins
Salesforce Admins
 
PDF
Semper Salesforce: Become a Salesforce Military Champion
Salesforce Admins
 
PDF
Best Practices and Tools for Backing Up Salesforce Data
Salesforce Admins
 
PDF
WT19: An Amazing Lightning Transition in Review
Salesforce Admins
 
Admin Best Practices: Dashboards for Every Admin
Salesforce Admins
 
Admin Best Practices: Building Useful Formulas
Salesforce Admins
 
Admin Best Practices: 3 Steps to Seamless Deployments
Salesforce Admins
 
Awesome Admins Automate: Integrate Flow with AI and Chatbots
Salesforce Admins
 
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
Salesforce Admins
 
Admin Best Practices: Introducing Einstein Recommendation Builder
Salesforce Admins
 
Essential Habits for New Admins
Salesforce Admins
 
Essential Habits for Salesforce Admins: Actionable Analytics
Salesforce Admins
 
Essential Habits for Salesforce Admins: Data Management
Salesforce Admins
 
Essential Habits for Salesforce Admins: User Management
Salesforce Admins
 
Admin Best Practices: Explore the Power of Data with Tableau
Salesforce Admins
 
Essential Habits for New Admins
Salesforce Admins
 
Admin trailhead Live: Leverage Einstein Search to Increase Productivity
Salesforce Admins
 
Admin Best Practices: Reports & Dashboards
Salesforce Admins
 
Trailhead Live: Essential Habits & Core Admin Responsibilities
Salesforce Admins
 
Build AI-Powered Predictions with Einstein Prediction Builder
Salesforce Admins
 
Trailhead Live: Build an Awesome Team of Admins
Salesforce Admins
 
Semper Salesforce: Become a Salesforce Military Champion
Salesforce Admins
 
Best Practices and Tools for Backing Up Salesforce Data
Salesforce Admins
 
WT19: An Amazing Lightning Transition in Review
Salesforce Admins
 
Ad

Recently uploaded (20)

PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Teaching material agriculture food technology
LiaRayya
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

NYC Admin Zone: Build Your Security Superpowers

  • 1. Build Your Security Superpowers: Security Best Practices for Admins Devanshu Patel Sr. Security Engagement Manager
  • 2. Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 3. Why are we here?
  • 4. Security is a partnership with our customers. Setting Security Controls will improve your org’s health. Users are on the front line.
  • 5. When it comes to you and Salesforce…
  • 6. Security Superpowers Password Security Two Factor Authentication Phishing Prevention Login IP Ranges
  • 7. Password Sharing = ​Security Risk ​Loss of access control ​Compromise will be blamed on the account owner ​Effective insider threat technique You Own Your Password Ownership has rights and responsibilities
  • 8. OPPWAD Other People’s Passwords Are Dangerous! ​Never share your Salesforce account password with anyone ​Do not accept Salesforce credentials from anyone ​If someone gives you their Salesforce credentials, report it to security@salesforce.com
  • 9. Password Security Password security is the first line of defense. ​Use strong passwords • Preferably minimum 12 characters and three character types (upper, lower, numeric, symbols) ​Regularly change passwords ​Never reuse passwords on other accounts ​Never share passwords (OPPWAD) ​Deactivate passwords when people leave
  • 10. Weak Passwords Can Be Hacked ​Weak passwords (under 8 characters or real words) are easy prey ​Password cracking software can break them easily
  • 11. Strong Passwords Can Be Compromised Social engineering Weak Security Questions
  • 12. How Two Factor Authentication Works +
  • 13. Why Two Factor Authentication Is Secure Provides an extra layer of security beyond a password. Protects account access even if the user’s password is compromised.
  • 14. Salesforce Authenticator Protects account access even if the user’s password is compromised Significantly reduces vulnerability Great resource: www.twofactorauth.org
  • 15. Login IP Ranges ​Available to all customers ​Only access Salesforce from a designated set of IP Ranges. Two levels: ​Org-level Trusted IP Ranges (permissive) ​Profile-level Login IP Ranges (restrictive) Enterprise, Unlimited, Performance, Developer: Manage Users | Profiles Contact Mgr, Group, Professional: Security Controls | Session Settings For more info, search Help & Training
  • 16. Recommendation  Org-wide Trusted IP Ranges → all users in your organization  Profile- based login IP range restrictions → employees with access to lots of data or sensitive materials (Admins, Developers)  Profile- based login IP range restrictions --> users connecting from the same locations.
  • 17. Phishing ​Educate your Salesforce users! ​If your users get a “Salesforce” e-mail, have them reach out to you or your security team to double check that it is legitimate ​If you are not sure about a ”Salesforce" e-mail, ask us, by forwarding to security@salesforce.com
  • 18. Phishing Superpowers ​Hover over links to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Look for typos/grammatical errors. ​Beware Clickbait! • Using emotion to entice you to click immediately • Fear (Your account will be closed) • Reward (First 100 users get a free eye exam!)
  • 19. Phishing Spoof ​Hover over links to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Does Salesforce send receipts in this manner? Are you normally a recipient? ​Look for typos/grammatical errors. ​Beware Clickbait!
  • 20. Real Salesforce E-Mail Look for: Legitimate @salesforce.com or @exacttarget.com address Links go to www.salesforce.com or App Stores (hover with your mouse) Call to action not overly aggressive
  • 21. Phishing Takeaways ​Hover over links and sender address to validate. ​Does the e-mail context make sense? ​Does the e-mail sender make sense? ​Look for typos/grammatical errors. ​Beware Clickbait! • Using emotion to entice you to click immediately • Fear (Your account will be closed) • Reward (First 100 users get a free eye exam!) ​Have users e-mail admin/security ​Admin/Security can e-mail security@salesforce.com
  • 22. ● Deactivate users as soon as possible ● Deactivation removes login access while preserving historical activity and records ● Sometimes users cannot be deactivated: assign new user or reassign approval responsibility first ● Know your IT department’s termination process User Deactivation Best practice: Freeze users first! From Setup, click Manage Users | Users. Click Edit next to a user’s name. Deselect the Active checkbox and then click Save.
  • 23. Security Superpowers Password Security Two Factor Authentication Phishing Login IP Ranges

Editor's Notes

  • #3: Key Takeaway:We are a publicly traded company. Please make your buying decisions only on the products commercially available from Salesforce.com. Talk Track: Before I begin, just a quick note that when considering future developments, whether by us or with any other solution provider, you should always base your purchasing decisions on what is currently available.
  • #16: https://docs.google.com/a/salesforce.com/document/d/14JpvFkQQWgGoOS991S9QUDxdPCEpTIE_b607FqzrcAQ/edit
  • #23: http://www.buttonclickadmin.com/users-may-come-go-records-must-live/ - blog post on user deactivation