Security Rules

My rules to help you use Salesforce securely. 

• Save passwords in LastPass or similar

• Have a separate user for Integrations. 

• Use OAuth2 over basic authentication whenever possible. 

• Give your Salesforce developer a separate login. PLEASE!

• Do not enable System Admin privileges for all users. 

  • Yes, that means that all users will NOT be able to create workflows - but this is good. 

• Check which apps are connecting to your Salesforce regularly. https://help.salesforce.com/htviewhelpdoc?err=1&id=connected_app_monitor.htm&siteLang=en_US

• Have a good understanding of Permissions and know which data which users can see in your Org. 

• Don't install random apps in production unless you know which third party services they are connecting to and why they are connecting to that service. 

• Bakup your Salesforce regularly. 

  • Configuration - see MavensMate and Git for Non Developers 

  • Data - see Backup