As organizations ramp up remote working in the wake of the global pandemic, hackers are exploiting cloud security negligence and naivety to attack systems, with Salesforce a key target. Here, we give you the smarts to stay safe...
Organizations have moved impressively fast to keep operations up and running during the Covid crisis, largely thanks to their increased use of remote working and cloud-based collaboration tools. For many, market-leading SaaS platform Salesforce has been a key enabler, allowing teams to share information, documents, files and messages with colleagues and partners wherever they may be. We’ve seen a marked increase in companies relaxing controls so remote workers are able to upload documents and other files to Salesforce.
But the explosion of collaborative activity on the platform has opened a can of worms from a security perspective. As our report on the attack landscape for the first half of 2020 notes: “Even more data is now physically held or accessible outside an organization’s own borders. Teleworkers are more likely to be working from less secure devices and networks, and have less access to IT security teams.”
Know your responsibilities
Because of organizations’ laser focus on keeping their operations up and running, many have taken their eye off the ball when it comes to keeping systems safe from attack. Since leading cloud providers like Salesforce display a raft of security certifications and accreditations, many organizations assume they can leave security in the hands of their suppliers. But when you sign up to a cloud service, you typically also sign up to what’s known as a ‘shared responsibility model’ of security.
What this means in the case of Salesforce is that the cloud provider guarantees to maintain various aspects of system and application security – such as authenticating users and devices, and enforcing your access rules. But it’s your responsibility to secure data, files and links uploaded or shared on the platform, whether by your own staff, external partners and customers – or indeed by hackers masquerading as legitimate users.
Attackers may, for example, have taken control of a remote worker’s poorly-secured smartphone or laptop by enticing them to click on a link or attachment in a phishing email. We’ve certainly seen a significant rise in this type of attack since the advent of the pandemic, often using official-looking Government or Covid-themed messages to trick users into opening and sharing dangerous files and links.
Don’t underestimate the risks
These types of threat can often successfully bypass in-house security, bringing down systems and compromising your sensitive data (not to mention that of customers who’ve trusted you to store theirs). And if you don’t secure Salesforce effectively, you greatly increase the risk that such threats will result in financial and reputational damage to your business.
If you fail to uphold your end of the shared responsibility model, you also increasingly risk fines and prosecutions under legislation like the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other regulation coming down the pipe in various jurisdictions.
The easiest way to stay safe
To protect Salesforce effectively from your side, you need to mitigate the risks posed by files, links and emails uploaded to, or downloaded from, the platform. And you need to be able to do it quickly and easily, without impeding functionalityContinue reading