For years now, you’ve known that Salesforce does not include inherent virus scanning to fend off malware, ransomware, and other malicious attacks, but you haven’t addressed it because it’s “too big” of an issue.

You tell yourself that the network gateway virus scanning application is sufficient. You may have even met with the network security team to discuss it, and they’ve reassured you that the network security will protect all content entering the environment(s). But something’s nagging at you…

You’ve come to understand more about the different ways in which content (attachments, URLs, etc.) may enter a Salesforce environment (communities, sites, etc.), and you realize the network gateway does not apply here. All it takes is for a corrupt PDF file to be uploaded to the Salesforce environment and opened to unleash ransomware throughout your organization, or worse, a partner organization.

You tell yourself you’re overreacting and you’re probably worried about nothing. After all, there haven’t been reports of significant attacks that bring down fortune 500 organizations – they’re mostly small businesses and your security team has assured you that your organization is protected. Unfortunately, this is incorrect, and continuing with this philosophy will not only cost you your job, but your company millions of dollars in fees and penalties

Why are they wrong? Because Salesforce behaves like a repository for files/content. It’s like a tunnel directly bypassing the network. Virus scanners installed on networks and on-prem servers cannot access Salesforce to scan incoming content.

Salesforce provides direct access to environments from multiple entry points, such as website forms, that do not touch the network gateway where the virus scanning software is installed. This means members of the public may submit files and content with malicious code (URLs) that will enter the Salesforce environment directly without being scanned. Often times, these files and/or content are forwarded to other organizations your company is working with (financial institutions for example), which they will open and unwittingly unleash the virus. This creates a huge corporate liability for you and your organization.

  • Salesforce Communities is another vulnerability example as they can be limited to internal employees, but also members outside of the organization – essentially open to the public where the above issue applies.
  • And let’s not forget email-to-case for customer support. Emails being sent to support staff within the organization which are being forwarded to a Salesforce email address. Depending on the type of email server setup (on-prem vs. MSOffice 365 or Google) built-in virus scanners vary on scanning frequency and updates and often times miss recently developed viruses.
  • And lastly, think about corporate relationships with partner organizations, etc. and the number of users who may share access to parts of your Salesforce environments. Again, they are accessing directly without going through the network gateway where security software is installed.

There are dozens of examples why network virus scanners fail due to delayed updates, remote employees not updating native software, lack of connection to the network via VPN, but the core issue here is, network security and Salesforce admin professionals do not understand how Salesforce works and how to properly apply security to the environments.

Need some context? Viruses help hackers steal your company’s data.

The global cost of cybercrime was estimated to reach $2 Trillion (USD) in 2019, triple the amount from 2015, and global ransomware damage costs are predicted to hit $11.5 Billion for 2019/$20 Billion by 2021. This is compared to $5 Billion in 2017)[2].

In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. The impacted organizations included:

  • 113 state and municipal governments and agencies.
  • 764 healthcare providers.
  • 89 universities, colleges, and school districts, with operations at up to 1,233 individual schools potentially affected.

Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes, cost these eight companies a total of nearly $280 million and counting[1]:

  • Uber: $148 million
  • Yahoo: $85 million
  • Tesco Bank: $21 million
  • Anthem: $16 million
  • Equifax and Facebook: $650,000
  • The University of Texas MD Anderson Cancer Center: $4.3 million
  • Fresenius Medical Care North America: $3.5 million
  • $650 million possible upcoming penalties

See a trend here? Resolve to do something about it in 2020. Connect EZProtect® — the industry’s first and leading virus scanner for Salesforce. It’s simple and fully customizable and includes an API with the ability to not only scan your Salesforce environments in real-time but other connected cloud-based applications (Mulesoft for example) with a centralized user interface.

It’s your corporation’s responsibility to do everything it can to protect against malicious content, and we’d like to be sure you continue to have a job, so please consider pulling your Salesforce architects/implementation consultants, and network security teams together to address this head-on this year.

This is new territory with no training provided by Salesforce, so we (Adaptus) are leading the way to help educate and continue to evolve the best solution on the market. Set up a date/time to discuss and we’ll help you get the ball rolling.

Happy New Year.

[1] The State of Ransomware in the US: Report and Statistics 2019


[3] Steve Morgan, October 19, 2018, CyberSecurity Ventures

EZAssign Version 1.31 Pre-Release for Customers Attending Dreamforce this week? Look for EZAssign and EZProtect in the Developer Lounges!