Could Mr Robot Hack Your Salesforce?
By: Matthew Botos - The Jason Bourne of Salesforce Consulting
Mr Robot attacks his victims at the heart of their digital lives: their email account. Salesforce uses your company email account to send password resets, verification codes for new devices, and security tokens for injecting new code. With access to your email, Mr Robot can now do all of those things from anywhere in the world.
How to stay safe: Enable Salesforce's 2-Factor Authentication, which uses verification codes sent to your phone to secure new logins.
Internet of Things
A megamanical CEO pushing a dramatic vision of the future is both Marc Benioff's Dreamforce keynote and Mr Robot plot. The Internet of Things promises every thermostat and industrial device phoning home to your Salesforce CRM system. It also opens up millions of new attacks targeting both your data and denial of service.
How to stay safe: Design for Salesforce as an API-first platform, regulating a variety of devices and external users to very limited data access. A smart Nest thermostat only needs to create a single new temperate record every hour for itself, but never tamper with other records or financial data.
The Insider Threat
1% of your Salesforce users are 75% of the security risk; a Mr Robot inside your company can wreak far more havoc than external hackers. With broad trusted access to data shared by default, he can delete, encrypt, or steal the crucial information that keeps your competitive business running.
How to stay safe: Build your Salesforce security model with a detailed, need-to-know security matrix. By using a mix of Salesforce profiles, roles, and dynamic sharing rules, you can give your team the right data to collaboratively do their jobs while protecting you from the abuse of an insider threat.