Security Rules

Owned by Jodie Miners
Last updated: Jan 22, 2016
1 min read

My rules to help you use Salesforce securely. 

  • Save passwords in LastPass or similar
  • Have a separate user for Integrations. 
  • Use OAuth2 over basic authentication whenever possible. 
  • Give your Salesforce developer a separate login. PLEASE!
  • Do not enable System Admin privileges for all users. 
    • Yes, that means that all users will NOT be able to create workflows - but this is good. 
  • Check which apps are connecting to your Salesforce regularly. https://help.salesforce.com/htviewhelpdoc?err=1&id=connected_app_monitor.htm&siteLang=en_US
  • Have a good understanding of Permissions and know which data which users can see in your Org. 
  • Don't install random apps in production unless you know which third party services they are connecting to and why they are connecting to that service. 
  • Bakup your Salesforce regularly.