9 Salesforce Best Practices to Prevent Common Security Risks

CodeScan-9 Salesforce Best Practices to Prevent Common Security Risks

9 Salesforce Best Practices to Prevent Common Security Risks_CodeScanSalesforce best practices provide a road map to secure behaviors that will help teams avoid data security issues when uniformly followed.

Why It Matters: Security breaches threaten system data, regulatory compliance, and a company’s ability to serve its customers. Recovery can be lengthy and incredibly costly.

  • Ransomware attacks cost US companies $159.4 million in 2021.
  • Cybercrime is projected to cost the world $10.5 trillion annually by 2025.
  • The ability to prevent data loss or system breaches saves organizations time and money, and preserves the trust of their clients.

1. Enable Two-Factor Authentication

Login screens are the first line of defense against unwanted visitors to your Salesforce environment. Strong passwords have been a constant best practice since the beginning of the internet, and it still stands today. However, there’s another step that can be taken to make user accounts even stronger.

Two-factor authentication adds a layer of coverage to make the login process more secure.

Utilize a two-factor authentication application to add a second verification process such as an emailed code. This makes it far more difficult for a hacker to break into a user’s account.

2. Frequently Check Permission Settings

9 Salesforce Best Practices to Prevent Common Security Risks_CodeScan

Human error is the leading cause of data problems. It can be very easy for a user to accidentally delete the wrong piece of information and break unseen connections in Salesforce. And while user error can’t be eliminated, these problems can be contained by ensuring that the only data team members can access is what they need to perform their duties.

Verifying correct permission settings with an automated scanner enables release managers to find any roles that have incorrect access settings.

Generic settings lead to overexposed data. Configure permissions for each team member when they first start working on your team or any time a team member switches to a new role.

3. Encrypt Sensitive Data

Multiple layers of security offer the most coverage. This is the idea of two-factor authentication, but even that second layer isn’t foolproof. There are some types of data that are more sensitive than others. Data security regulations are in place to ensure the proper protection of data like financial, medical, and personally identifiable information.

Encrypting sensitive data ensures that even if a hacker gets past your initial layers of security, they still won’t be able to make sense of your protected data.

Encrypted data requires a key to access it. Anybody who isn’t approved to access this information won’t have this key and will be kept from viewing the data.

4. Leverage Automation Whenever Possible

9 Salesforce Best Practices to Prevent Common Security Risks_CodeScanWe mentioned the unavoidability of human error. This vulnerability can be addressed in multiple ways, one of which is to make use of automated DevSecOps tools whenever possible. Taking time-consuming, repetitive tasks out of the hands of your team members speeds along projects, reduces errors, and enables your team to focus on more pressing matters.

Automated DevSecOps tools maintain high levels of consistency, while manual processes are likely to result in errors.

Minimizing errors also reduces Salesforce code security vulnerabilities. Preventing data breaches starts with ensuring high-quality development practices, and automation is an essential aspect of achieving this.

5. Archive Unused Data

Data cleanliness makes it much easier to protect essential system data. This includes addressing data sets that have stayed in your environment for a long time. Sometimes, this older data needs to be kept on hand for compliance or other business reasons.

Moving unused but essential data out of the main Salesforce environment and into off-site storage offers a series of benefits, including making it easier to protect active, important data.

An abundance of unneeded data hides currently critical information. It becomes more difficult to identify, find, and protect this data. Archiving unused data maintains a clean Salesforce environment and streamlines the process of enacting a proper data governance strategy.

6. Prioritize High-Quality Code

9 Salesforce Best Practices to Prevent Common Security Risks_CodeScanThe code that makes up your updates and applications can either support or hinder your data security strategy. Bad code creates misfires and buggy applications while strong code forms an impenetrable barrier against Salesforce cybersecurity vulnerabilities.

Utilizing a static code analysis tool is an essential aspect of a comprehensive DevSecOps strategy because it guarantees errors are detected and rectified early in the development pipeline.

Streamlined processes, a reduction in redundant work, and higher release velocity are all benefits of static code analysis tools. Preventing data security issues are a major advantage, but not the only one.

7. Establish Multiple Layers of Testing

It can be tempting to prioritize speed when developing a new update or application. Being first to market with a new capability is a great feeling that establishes your organization as a leader in your industry—but only if the application functions as intended. Any failures will reduce the application’s efficacy and open the potential for data security issues.

Instituting multiple layers of testing enables team members to fix issues as soon as they are found while also minimizing the chance of a bug making it into a live environment.

Errors that make it through production open your system to costly downtime and security vulnerabilities. Prevent this by testing DevSecOps projects at multiple stages.

8. Schedule Frequent Backups

A holistic data security strategy needs to prepare for worst-case scenarios. Data loss is both a symptom and a cause of security risks—failing to retain critical system data can lead to falling out of compliance with regulatory requirements while also knocking your system offline until records are restored.

Establish a strategy of making repeated backup snapshots and ensure the ability to quickly restore data from the backup repository.

Automated tools should be leveraged to ensure a frequent schedule of backups is maintained. This needs to be paired with a reliable data recovery tool.

9. Shift Security Considerations Left in the Development Pipeline

9 Salesforce Best Practices to Prevent Common Security Risks_CodeScan

Data security is a constant concern. User errors, system outages, and cybercriminals don’t work on a particular timeline. The application development life cycle needs to keep security in mind at every stage to avoid a costly slip-up that can expose a potentially harmful vulnerability.

Shifting security considerations left means imbuing every stage—from planning through production—of the DevOps pipeline with an eye toward secure development.

A change in approach such as this—known as DevSecOps—will require a new mindset for team members. Initial training is essential to get everyone on the same page, but training shouldn’t stop there. Continuous training to keep teams abreast of current Salesforce best practices prevents costly mistakes and gives your organization the best chance at remaining secure.

Next Step…

Preventing security risks becomes a lot easier when your pool of data remains high quality. But how do you use the same tools that protect your data to help make it stronger?

Check out our blog, “How to Address Salesforce Data Issues with DevSecOps Tools,” to learn everything you need to know.


DevOps is the practice of combining the efforts of your development and operations teams. The goal is to open lines of communication and streamline operations. Confusion becomes much less likely when everyone’s on the same page. Constant communication reduces lost time resulting from unanswered questions and delayed responses. DevSecOps takes this idea a step further by incorporating security considerations within every stage of the application development life cycle. Previously, security wasn’t considered until the end of the process, but DevSecOps moves security to the front of the line with the goal of producing stable, secure updates and applications.

Many find it surprising to learn that your own employees are the biggest threat to your Salesforce data. Cybercriminals get a lot of attention—and for good reason—but seemingly simple accidents result in more instances of data loss. Lost time and corrupted functionality—even data exposures—result from these mistakes. Consistent training goes a long way to address this problem, but human error can never truly be eliminated. A policy scanner automates the verification of safe and secure processes along with proper permission settings. Automation ensures nothing slips between the cracks and knocks out important system data.

Everyone’s Salesforce environment is unique. Customizations, add-ons , and connected applications create a series of potential entry points for bad actors. Take, for instance, the Home Depot breach of 2014. A hacker got into a vendor’s network and was then able to gain access to Home Depot’s environment. This type of piggy-backing is a frequent tactic for hackers to get into larger networks—exploiting the relaxed security settings of a smaller company to bypass the security strategy of a larger company. Salesforce users introduce vulnerabilities to their environments through their own actions so data security strategies need to be implemented to cover this additional potential for becoming compromised.

Develop high quality, secure code!

Setting Up and Using CodeScan Effectively
Setting up and CodeScan in your salesforce org

Running CodeScan on your Salesforce Org is a great first step towards quality code, but maintaining that quality is a Read more

Estimating ROI with CodeScan
Estimate ROI using static code analysis tool CodeScan

Every Software Development Professional knows the following fact: the later bugs are found, the more expensive they are to fix. Read more

SFDX Tutorial | Setting Up CodeScan
CodeScan with Salesforce DX

Salesforce DX is a new focus on source-driven, collaborative development. The Salesforce CLI (Command Line Interface) easily integrates into your Read more

CodeScan and Visual Studio Team Services
continuous integration visual studio

Visual Studio Continuous IntegrationVisual Studio Team Services (VSTS) is a quick and powerful tool to set up continuous integration and Read more