Security Rules
My rules to help you use Salesforce securely.
- Save passwords in LastPass or similar
- Have a separate user for Integrations.
- Use OAuth2 over basic authentication whenever possible.
- Give your Salesforce developer a separate login. PLEASE!
- Do not enable System Admin privileges for all users.
- Yes, that means that all users will NOT be able to create workflows - but this is good.
- Check which apps are connecting to your Salesforce regularly. https://help.salesforce.com/htviewhelpdoc?err=1&id=connected_app_monitor.htm&siteLang=en_US
- Have a good understanding of Permissions and know which data which users can see in your Org.
- Don't install random apps in production unless you know which third party services they are connecting to and why they are connecting to that service.
- Bakup your Salesforce regularly.
- Configuration - see MavensMate and Git for Non Developers
- Data - see Backup