Ways To Keep Your SalesForce Instance Secure

Many organizations/company's have a set it and forget it mentality when it comes to security in systems.  They often set the security permissions based on the functionality available in a system at the time (of implementation) and then forget it!

Well, as we all know, that isn't a good practice as new ways to "hack" are always evolving.  

So, I thought it was a good time to review some of the ways you can keep your SalesForce Instance secure.   They include:

• Password Policies (located under Setup>Security Controls>Password Policies) - within this section you can set how long a user's password works for before it should be changed.  For example you could force a password change every 30 days.  This is useful to ensure user's are constantly updating their passwords, and by proxy, ensuring that old computer's they may have used don't continue to have login access
• Session Settings (located under Setup>Security Controls>Session Settings) - within this section you can set how long a user's logon works for after logging in.  For example, should they have to re-login every 2 hours to prove they are still using SalesForce
• Network Access (located under Setup>Security Controls>Network) - within this section you can specify if only certain IP address ranges can login.  For example, you could make it so that only logins from the Office IP addresses work and not one from a user's home.

There is many other ways you can improve your security, but many of them start simply with user education.  Educating the user's why they shouldn't write down their passwords, why they should log off, and why they should be careful what links they click on in emails are some of the most basic, and important steps you can take.