Viruses, Malware, and Ransomware… Is Your Salesforce Data Actually Secure?

As you’re reading this blog, it is possible that a hacker might be trying to steal the sensitive information on the Salesforce org of your business, planning to encrypt it to threaten you to leak the data unless you pay a hefty ransom. 

Imagine the drastic hit that your sales will take if you can’t access your opportunities, accounts, contacts, campaigns, and more! You’ll feel just like a hostage, worrying about the devastating loss that the company will face, both in terms of reputation and revenue.

According to Symantec, 2015 was a year of nine mega-breaches that led to the loss of half a billion personal records. We always talk about technology improving constantly, then why are businesses still vulnerable to such cyber attacks? Is it the responsibility of businesses to look for ways to prevent their data as hackers are trying more and more to breach the security barriers? Or should we rely on Salesforce to provide more reliable ways to secure data?

The Back Door for Cyberattacks

It’s no news that Salesforce is the #1 CRM globally used by businesses across multiple industry sectors. The CRM has millions of users, integrated through a platform or “community”, interacting with each other to address different business areas like marketing, sales, and customer service. 

Despite being such a popular and trusted CRM, Salesforce does NOT offer its users prevention from scanning attachments, files, or document uploads for malicious content or viruses. 

And that’s not by any mistake. In fact, it’s an intentional design made by Salesforce as no virus-infected code gets executed on the system, just remains stored on the database, waiting for someone to download and execute. 

Salesforce simply relies on its partners to fill in the gaps in terms of functionalities or security. 

Scanning of malicious content is not a core competency of Salesforce, creating world class business solutions is, thus Salesforce chose to focus on creating more business value for their customers than diverting resources to create and support a malicious file scanning solution.

You can not trust Salesforce blindly with full data recovery, not just for scanning viruses. Although Salesforce retired its previous backup settings in 2020 and reintroduced the data recovery features in March 2021, you can only use it as a last resort measure. 

The current Salesforce data recovery service does not offer complete data backup and recovery assistance. This service has many limitations that are to be considered, according to Security Boulevard. Some of these limitations are:

• Salesforce doesn’t guarantee successfully restoring 100% of your data.
• The files that you receive after the recovery process will not include metadata.
• The process of recovering the data can take approximately 6-8 weeks.
• You’ll get the retrieved data in the form of CSV files, which you must manually upload back to Salesforce.
• This data recovery service will cost you $10,000.

So, in short, a manual, time-taking, and costly process, that doesn’t even guarantee full recovery. That’s not what we call reassuring.

The Threat of Cyber Attacks on Salesforce

Sadly, cyberattacks are becoming a more and more common thing. Since the pandemic hit, there has been a 600% increase in cybercrime cases, affecting businesses from nearly every industry sector. And the consequences of these cyberattacks could be severe, ranging from losing sensitive business data to crippling the entire business architecture. 

Not just the loss of data, but cyberattacks also lead to a significant financial impact, causing yearly damages that could sum up to billions. In 2022, the average cost of a single data breach reached a record high of $4.35 million according to IBM.

A CRM platform like Salesforce has millions of users working with high-quality and verified data, including financial information, business details, and other sensitive information. That’s something that makes Salesforce a magnet for hackers. As a business gets hacked, there are always chances that the data held by it will leak, which will not just erode customers’ trust but also cause a loss of millions to the company. 

Cyberattacks on Salesforce can occur due to different threat vectors that you might access on a daily basis. Some of the most vectors are:

• Emails: You might have integrated your Salesforce account with your email management application for better productivity and case management, but you never know when you will end up downloading an attachment within Salesforce that contains any malware.
• Digital Experiences (Communities): It’s common for Salesforce users to share files over Digital Experiences, but if a user’s desktop scanner is not up-to-date, they might upload virus-affected articles, manuals, applications, etc. Sensitive Salesforce data may become accessible to anyone online due to a misconfigured Salesforce Digital Experience site. Objects containing sensitive data, such as customer lists, support cases, and employee email addresses, can be queried by anonymous users.
  Learn more about Misconfigured Salesforce Digital Experiences for Recon and Data Theft. 

• Live Chat: Users uploading files on chat in real time can also be a gateway for malicious attacks. 
• API Integration: You can also get a virus to the system while uploading files to Salesforce via external or partner sites. 
• Email-to-Case: Even if you add a random scanner to your email, that might not be as effective as you think. 
• Insecure Coding Techniques: Since object and field level checks are insufficient to prevent SOQL injection, a different approach to SOQL query security is required. A vulnerability subtype known as “blind SOQL injection” allows information contained in a record to be discovered, usually through a veiled signal in the query result.

A Salesforce CTA, Matt Meyers from EzProtect will be demonstrating in a session at CactusForce exactly how an attacker could hack a Salesforce digital experience to steal customer data, you can join this session to learn more about the security in Salesforce.

Salesforce’s Take on CyberSecurity

It is believed that a majority of cases of cyberattacks have happened since the pandemic hit. But even before the quarantines and COVID-19 lockdowns, employees have been bringing their laptops home and working on external networks over the weekend. From using a compromised home network to attackers accessing recycled passwords, numerous reasons could have been causing cyberattacks.

Greg Poirier, an expert in business security technology and Founder of Salesforce Partner CloudKettle, said, “That security issue is not new. What is new is that the volume of attacks and resources, and efforts going into security attacks on at-home employees has increased significantly. What’s happening is people are working way harder in the last year to exploit it. And that’s what makes it more important.”

Considering the situation of increasing cyberattacks, Salesforce also made it mandatory for all customers to use Multi-Factor Authentication to access different Salesforce products, starting from February 1, 2022.

Any CISO will tell you that there is more need to focus on enterprise security than ever, and sometimes businesses fail to prioritize MFA. As the digital world is becoming more connected and complex, no company can risk missing out on MFA and other essential security measures to safeguard data. 

Over the last few years, it has been witnessed that many companies, mainly large enterprises, have been using “connected” multi-cloud-based solutions to offer you a unified view across different segments of the business. Because of this shift, cybercriminals have started using a new attack vector, data warehouses. Due to this shift, organizations are actively increasing their security protocols and solutions, like Salesforce Shield and Mulesoft’s API Manager, which could protect their data from some common attacks.

What You Can Do To Secure Your Data

Everything we’ve covered so far brings us to the question, what can be done to secure our data?

When your sensitive business data is at risk, you just can’t risk missing out on anything. Although you never know when things could take a nasty turn for you in terms of cybersecurity, it is always essential to be ready on your part. 

So, let’s talk about some measures you can take to increase the security of your data on Salesforce.

1. Event Monitoring

You can activate an automatic system in your Salesforce org that will notify you about risky actions like insecure settings or weak passwords. If anything like this goes wrong, Salesforce will notify you and your cybersecurity personnel to fix the problem as soon as possible. 

2. Authentication

Salesforce offers a helpful authentication feature that can be useful. Whenever a user adds his credentials for the login, Salesforce creates a session cookie for it. Salesforce uses an encoded session ID instead of storing the credential information. So, if anyone tries to hack cookies from the browser, they won’t be able to get access to the authentication data of the user.

3. Virus Scanning Tools

As we know, Salesforce doesn’t scan any document you upload for viruses or malicious content; you need an additional tool that will help you scan the files you upload to your org. EzProtect is a reliable tool that will scan your files for malware, viruses, ransomware, or any other threats that can be embedded in the code and can’t be easily detected by random desktop scanners. 

Learn more about the facts you must do now to protect your salesforce data from hackers.

Salesforce has been transformative for your business, but you can only keep making the most of it as long as it’s secure. So, take your first step towards securing your Salesforce data using EzProtect to scan your files for malicious content or threats. 

Want to know more about our solution? Check out our website and learn how EzProtect is just the right tool for you.

Ready to talk? Book a FREE Salesforce security assessment to see if you are at risk, or better yet, come visit us at our booth at CactusForce.