“Assume you have been breached.”
This is one of the many insights that Mark Belfanti, our Head of Cybersecurity, shared in our webinar, “Salesforce Platform Owners: What You Need to Know About Cybersecurity.”
The 30-minute webinar was packed with relevant tips that Salesforce practitioners can implement immediately.
Maurizio Marmotta, who runs our Salesforce recruitment practice at ThunderLabs, shared that the news of cyber attacks are threatening organisations, clients, leaders’ reputations, careers, and — probably the most overlooked — the staff.
Here are the key takeaways from the webinar:
1. Assume you have been breached.
There are two types of companies: Those that have been breached and know it, and those that have been breached and just don’t know it yet.
The truth is, breaches happen months after someone breaks into a network.
So make sure your organisation has a cybersecurity playbook. An organisation-wide cybersecurity manual that guides the team on the best actions to take when a cyber incident occurs. It’s an incident response plan as well as a business continuity plan.
2. The greatest threat comes from the inside
It could involve a current employee or contractor who has access to privileged accounts. Or a disgruntled former employee who leaked confidential data. Or just an intern who accidentally clicked a malware-loaded link.
Insider threats pose a significant cybersecurity risk to organisations. Information such as customer data, employee data, log-in credentials, financial records could be compromised.
3. Get control of your assets
Some points that Mark shared to mitigate the risk of cyber threats in your ecosystem:
- Know exactly who is accessing your application & data.
- Tightly control the identities that connect to your cloud.
- Turn on Multi-Factor Authentication
- Move to password-less/credential-less authentication.
4. Salesforce internal security
Mark shared these resources, which you can access at Salesforce.
- Salesforce Security
- Salesforce Security Guide
- Salesforce Security Centre
- Salesforce Shield
- Salesforce Security for Developers
5. Speak with your CISO
Lastly, communicate with your CISO. If your security department hasn’t spoken to you about protocols and practices when there’s a breach, go and talk to them about it.
CISOs are driven by boards. They’re driven by risk, outcomes, reputational damages, and financial impacts.