Every 11 seconds, businesses come under ransomware attacks. And by 2031, the frequency might increase to every 2 seconds. 

As far back as 2018 Insurance Information Institute discovered that 10% of small enterprises suffered at least one cyber incident, with annual losses accounting for, on average, $188,400. 

‘They have my data!’ people scream in the background, and melancholic music begins. But no worries, cause the sheriff is already in da building. 

Swiper, no swiping.jpg

Today we will take a look at the cybersecurity problems and how to address them with Salesforce. Now take your seats cause this article is dedicated to all who’s ever been hacked (or fear this). 

The cybersecurity challenges you may face 

Before you start fighting, better understand the nature of what you’re dealing with. People and systems can fool us in many different ways, and we’ll discuss the most common and dangerous ones. 

Phishing and malware

Malware is a general term to define any dangerous software that can damage or destroy your device system, data, or network.  


And phishing is basically a model of stealing or damaging your data by email. The messages may look pretty harmless and not raise suspicion, but they either trick you into revealing information or attack your device with malware. 

Some attackers call people to steal sensitive data like passwords or PIN codes or send messages directly to their phones, which is also a type of phishing. 


Also known as piggybacking, tailgating is physically chasing after a person to get into a place attacker is not allowed to. For example, they can hold the door when some of your personnel are entering the office, and in such way sneak in. 

But how does it affect your cybersecurity? With tailgating, attackers may access protected data or infect your company computers with viruses. 

Exploiting public Information

The information you post on your social media might be pretty enough for hackers to hack you. If they know your employees’ phone numbers or emails, they can simply guess their passwords and access all corporate data. 

Some attackers may manipulate people to reveal needed company information threatening to spread the sensitive personal data they found with the help of social media. 


Dumpster Diving

Sure, you’re imagining a bum who is exploring a dump. But we’ll change this picture a little bit: in cybersecurity, a dumpster diver is a hacker who gets valuable, sensitive information from your system trash. It can be your passwords, payment details, pictures with important data - whatever. So while your trash bin is full, you’re in danger. 

Physical dumpster diving is actually also pretty common. Some attackers may search for corporate data diving into the heaps of papers you left outside your office or even find some passwords from the diary your employee threw away a week ago. 


How does Salesforce help you prevent data security issues?

For those companies that use Salesforce-based software, this topic is kind of hot. And it’s no surprise as the safety of corporate data depends on the platform it’s stored on. So, let’s find out how Salesforce protects your data. 

Secure Socket Layer (SSL) 🔓

The first thing that keeps your corporate data safe is the Secure Socket Layer. It’s a protocol that ensures the privacy and security of Internet connections. So, anytime you or your clients access the platform, SSL protects data using authentication and encryption (encoding information to make it invisible and unreachable to hackers). 

Salesforce security token 🔐

Salesforce security token is a key you can use together with your password to add an extra security layer. It’s a case-sensitive alphanumeric code that is entered either in the same field as your password or in a separate one. Let’s say it’s one more password you can use, and if a Salesforce user account is compromised, it won’t let attackers access the data. 

You can always reset your security token through the ‘My personal information’ item in case of loss. Moreover, when you reset your Salesforce password, the security token will be reset automatically and sent to your email address. 

Salesforce Cookie Policy 🍪

In case you’ve ever wondered what data Salesforce cookies record and if they collect any confidential information like your username or password, there is good news for you. Salesforce uses cookies only to record encrypted authentication information of your session, and it doesn’t include your personal data. 

Firewall 🔥

A firewall is a pretty common type of security system for cloud-based platforms. It monitors all incoming and outgoing network traffic and filters it under the policies established by a company. Thus, a firewall blocks any malicious data that can damage your system. 


Salesforce shield 🛡

Simply said, a Salesforce shield is a set of particular tools you can use to better your Salesforce-based software security. There are three of them: 

Shield Platform Encryption, which helps you encrypt your sensitive data, meet internal and external data compliance policies and manage encrypted data permissions

Real-Time Event Monitoring, to keep abreast of your software performance, security, and data usage

Field Audit Trail, so that you can archive all performance data and analyze it anytime later 

Salesforce authenticator 🛂

Multi-factor authentication (MFA) is another option for those who want to enhance their system security. MFA protects data by requiring extra user verification methods, such as phone numbers, email, or social media. So, anytime you enter a code from the message to log in or press the ‘Yes, it’s me’ button on your Google account, you use multi-factor authentication. 

Using Salesforce MFA makes it much more difficult for hackers to reach your data and harm your organization, and starting from the first of February 2022, MFA is mandatory for all users when accessing any Salesforce product. 

Salesforce has also developed a special application to ease multi-factor authentication for their clients - Salesforce authenticator. Anytime someone tries to access your account, the app sends a push notification you have to respond to approve that it was you.

By the way, if you have a few organizations in Salesforce and feel like logging in to all of them is quite a challenge (especially with all of those long secure passwords) - you can try the Salesforce Login extension for Chrome. It will automate this process and still protect your data with a pin code. 

Salesforce Login.jpg

Salesforce Security Health Check 💊

With Salesforce Security Health Check, you can easily detect and solve all possible issues with your security system. It automatically finds a failure, reports it, and suggests a solution. You have a security health score, which indicates the overall protection level. If it’s low, the system will always explain to you why and how to change it. 

Salesforce Security Health check.jpgSalesforce Security Health Check

Salesforce Trust 💞

Salesforce Trust is a website where you can find information about all Salesforce services performance, security, compliance, the history of incidents and maintenance, and even the systems' scheduled maintenance. So, if you or your clients have difficulties with platform usage, you can check Salesforce Trust and find out which services might be having problems right now. 

This website was built to bring transparency and trust into relationships both between Salesforce and your organization, and you and the client. So, it’s one more tool you can use to ensure your and your customer's data is safe.

Saleforce Security Trust Status.jpgSalesforce Trust status 

How can you improve your data protection and security?

Even though Salesforce is well-versed in securing data, businesses should also contribute to their protection level's growth. 

Monitor your organization’s security 👀

You won’t go far if you just rely on the system and don’t take control of the process. Salesforce gives you more than enough tools to monitor an organisation's security level, so simply use them. Weekly or monthly checkups will let you understand the overall security posture, determine threats and react in time. They say it’s better safe than sorry, right? 

Control permissions 👌

Set clear rules about which employees can access sensitive data. Always stay on top of updates, and if the worker is no longer on your team, don’t forget to delete their account and all permissions you gave them. 

Educate your staff 📚

Studying is the most important part of success. And cybersecurity education for your team is crucial if you want to prevent cyberattacks. So, provide your employees with important insights about cybersecurity and teach them: 

👍What threats they may face

👍How to deal with each of them

👍What tools they can use to protect corporate and their private data

And don’t forget to ensure they actually use those tools! 😉


Salesforce is a great platform for developing protected software. With all those services and security layers, you can rest assured that no data breaches will appear. But you still need to understand how they work. We hope this article helped you sort things out a little bit, and if there are still any questions - feel free to talk to us🖖