How to Perform a Salesforce Instance Security Health Check

Cyberattacks are becoming rampant day by day and the data breach cases have escalated over 15 million in the 3rd quarter of 2022 alone. These statistics are not only shocking but also a big threat to the confidentiality of any organization’s data. As a Salesforce Instance carries all kinds of sensitive information about your organization, customers, and partners. Any vulnerability in the system can put your data and files in danger. Therefore, it is high time to invest in a Security Health Check.

Like your regular body checkups, Salesforce also needs to stay efficient and perform at its best. With a Security Health Check, you can know the health score of your Salesforce Org The better the score, the lower the risk of security concerns. But what exactly is Security Health Check and how to perform it on Salesforce Instance? Learn all the details about it by diving deeper into this blog.

What is a Security Health Check and Do You Need It?

From easy customization to countless third-party apps, Salesforce offers many things that an organization depends on. But with all facilities, the spectrum of security control also widens. Fortunately, Salesforce has come up with a native solution called Health Check, which keeps the security of your Org intact.

In simple words, a Health Check identifies all vulnerabilities of your Salesforce Instance and analyzes the efficacy of the system. It rates the overall health of your Org and provides score from 0 to 100. Moreover, it will give you recommendations to enhance your score. However, if you think your Instance doesn’t need a security check, here are some scenarios when going for a Health Check becomes necessary.

  • Long-term Gap after Salesforce Implementation: If your Salesforce has been implemented over the past six months or your business has already evolved a lot, then you need a security check.

  • Changing Security Needs: There is no denying that organizations change with time. Likewise, security needs change too. By fixing the vulnerabilities in the security settings, you will lower the risk of a breach.

  • Having Complex Data: Be it marketing or sales, most organizations use Salesforce as their go-to tool. But as they grow, the complexity of the data shoots up, as do the chances of error. With a regular security health check, you can eradicate the possibilities of vulnerability.

  • Low Operating Efficiency: Not getting the results from Salesforce as you expected? Then, you should evaluate whether you are leveraging the capabilities of Salesforce correctly. Every now and then, Salesforce releases new features, and a complete health check will ensure all functionalities remain up-to-date. It is best if you do a security health check every three to four months.

  • Data leaks in your Salesforce Digital Experiences: Poor coding practices, and/or improperly configured settings could lead to opening your Salesforce Digital Experiences to attacks.

Matt Meyers, a Salesforce CTA from EzProtect will be demonstrating in a session at Cactusforce exactly how an attacker could hack a Salesforce.digital experience to steal customer data 

 

Benefits of Performing a Security Health Check for Salesforce Instance

It is imperative that your business growth aligns with the Salesforce Org and the data stored in it. Salesforce administrators have to make sure the complexity in settings should not give room for errors or challenges. This is where periodic Health Checks act as a helping hand.

More benefits of doing security Health Check of Salesforce Instance include:

  • The overall security of your Instance starts improving with Health Check. You can identify which settings are necessary and make changes quickly.

  • With the report of Health Check, pinpointing the vulnerabilities is easier.

  • It keeps the custom applications safe by securing the Org on which the app runs.

  • Regular security checking helps streamlining new technology deployments.

  • Health Check boosts the system efficiency, thus increasing the ROI.

  • Productivity and the user adoption rate increases largely with security checks.

Methods to Perform a Security Health Check for Salesforce Instance

When it comes to the Health Check tool, Salesforce gives administrators complete control. They can analyze the health of their Salesforce instance by simply scanning the security settings. After finding out all the vulnerabilities and risks, they can resolve all the issues in just one go. Want to know more about it? Keep reading to learn the easy steps for performing a Salesforce Instance security Health Check.

Step 1: Create a Custom Baseline

You may already find various risk level recommendations in the Salesforce Baseline Standard option. But if you want to create a new customized baseline for a security check, the solution allows up to five baselines. For any industry that is highly regulated, meeting the compliance requirement is a must, and here, a custom baseline helps you a lot.

Follow the process to create a customized baseline

  1. The first step begins with exporting the baseline. Go to the Baseline Controls menu and click on the Export Baseline option.

  2. The administrators now have to use the text editor for editing the XML file. In this process, they can make adjustments in the category of risks to customize the scoring pattern. However, you cannot modify certain restricted value options.

Also, keep in mind not to delete or add risk categories, quotation marks, or names, as these can result in the import failing.

  1. After saving the file, you have to import it, and the guidelines to import Baseline are similar to the export ones. But here you have to click on the Import Baseline.

  2. A dialog box pops up on the screen after importing the file, and here you have to name the baseline. It allows special characters and spaces as well.

  3. Now provide an API name for the baseline, but it should not have special characters or spaces, and your custom baseline is ready.

  4. If you set your new Baseline as default, the Baseline will appear in the dropdown menu after the completion of import stage.

Step 2: Run the Health Check Scan

Now that you have opted for the custom baseline, go to the Salesforce Org and log in. Then, click on the setup menu in the Security Settings and there you search for Quick Find box. Once you get the box, choose Health Check. In every section, you can find an Edit link that allows you to make changes in the settings and set it to the standard value.

Step 3: Know the Score and Status

After running the Health Check, a health score is produced on the screen, which provides recommendations about the Instance’s vulnerabilities. It showcases the score on the basis of percentage. If the score is

  • Less than 55 percent: Very Poor

  • Between 55 and 59 percent: Poor

  • Between 70 and 79 percent: Good

  • Between 80 and 90 percent: Very Good

  • From 90 to 100 percent: Excellent

The baseline also provides certain values describing the amount of risks your system possesses. It has four categories representing High, Low, and Medium risk as well as Informational Security Settings.

Step 4: Flags and Recommendations to Look for

Along with the categories of risk, it shows Critical, Complaint, and Warning signals to prioritize items that need to be fixed first. If there is any violation of restrictions, the tool will display a high-risk vulnerability flag. Hence, you will look into the risk quickly and mitigate it. Some other flags that the Health Check app may include are:

  • Setting the complexity of the password

  • Clickjack protection

  • Forced logout after session timeout

You can also see some recommendations like Session Settings, Password Policies, and Network Access.

Step 5: Fixing Risks

Once you run the Health Check scan, all your issues come up on the screen. You just need to click the "Fix Risk" option to modify all the settings to the suggested value. However, do not change all settings at once as you may accidentally delete important ones. First, test it in the sandbox and then make changes individually.

Best Practices to Improve Salesforce Instance Data Security

  1. Turn On the Private Button for External Access: Keep the default settings restrictive and provide access to the necessary ones.

  2. Data Backup is a must: A backup of the system’s data helps in restoring all important information in case of an attack. This also prevents financial loss when there is downtime.

  3. Go for the File Upload and Download feature: Salesforce has designed an amazing security setting called File Upload and Download, which restricts the user’s access to upload or download risky files.

  4. Try Salesforce Sandbox: For verifying untested codes and experimenting with various variables, Sandbox is the right environment.

  5. Choose XSS and Clickjack Protection: Enabling Cross-Site Scripting or XSS and Clickjack protection prevents users from accessing malicious scripts or links.

  6. Update Your System to the Latest Version: Every technology evolves, and so does Salesforce. With regular updates, the chances of attack from new malware or threats diminish.

A security health check is not something to be taken lightly. The main goal of performing a health check more often is to identify risks in Salesforce Instance and resolve them faster. Everyone wants a high ROI, and it is only possible with a highly efficient system, which a Health Check can provide. In short, follow best practices and fix the gaps or vulnerabilities in your Salesforce Instance to get the best results.

Salesforce doesn’t scan files uploaded for viruses. Even with all the proactive protections that Health Check provides, you are still open to attack if you allow users to upload files in Salesforce.

Salesforce Digital Experiences are especially vulnerable since most times, user whom you do not trust or control their devices are free to upload files. Those files are then passed along to your internal teams and, at times even worse, your customers and partner.

EzProtect helps to close the gap, giving you peace of mind that you are protected from viruses and other threats in Salesforce.

If you are concerned about your data being exposed or unsafe, Book a FREE Salesforce security assessment, to see if you are at risk, or better yet, come visit us at our booth at Cactusforce.

SponsorsMarisa Hambleton