Recently I heard about two companies who got Hacked (one a Multi Billion dollar Corp, the other about $150 Million). Neither one has gone public so I am keeping this on the low down. One got hacked due to a malicious email with ransom ware. Not sure how the other was breached. Both companies systems were down for an extended period of time, one for a week the other for several weeks. They were both able to sort of function but they both were seriously impacted financially. How long could you or your company run without email, your ERP-MRP, and Finance/Accounting Software?
I am no expert on overall Cyber Security, my focus is on basic security and Salesforce CRM Security. The first step is to not depend on one single method to keep Hackers – Cyber Thieves out. They have gotten much more sophisticated and are global in scope. These are organized criminal gangs raking in big bucks through Ransom Ware that locks up your computer systems and they will black mail you for the key to unlock it. Even after paying some won’t even give you the key.
Being prepared with a disaster recovery plan and have ongoing training of Everyone who has Any Computer access. Often the basics will be a good start on keeping cyber thieves and hackers out of your systems. If you don’t know who sent you the email don’t open it. Hover over it with your mouse and if they sender doesn’t match the sender that shows in the hover just delete it or put it in your spam folder. Some companies have a tool where you forward it to a special mailbox where their security team deals with it. A common ploy is to call you and try to get your folks to go to their website to show you what they want, it is a ploy as soon as you get on their site Malicious Software loads on to your computer.
Train folks on creating Strong Long Passwords, that are changed 3 -4 times a year. An easy way to create a long strong easy to remember password is ask the person to use: their Grand parents (Gran Nona) street name, plus last 4 digits of their childhood phone # (1234), then an aunt or uncles (Bob) street name. Example: Main1234Pennsylvania, then write on a yellow sticky, a code word for it, Nona, Home#, Unk Bob, easy to remember but anyone finding that sticky would not have a clue what it meant.
Internal data Theft & Data breaches are far more common than external. Layer your security. Even if their account gets hacked many times only that persons data will be compromised. When an employee leaves lock them out ASAP, one of my clients had a former employee accessing Salesforce for 6 months after termination! Limit what users can see and do. In Salesforce through the use of Profiles we can control the Objects that they have access to, all they way down to each and every field. Next through Roles and Hierarchies we can control what actual Data they can see or not see. Limit what they can do, should they have Read – Write Access or Read Only. Limit their access to working hours. Keep their access limited to their own company computer when logged in at the company office.
Backup your data, just because it is on the cloud doesn’t mean it can’t be lost. I can’t tell you how many of my customers don’t do backups of Salesforce. There are two reasons. First on the off chance Salesforce gets hacked. Second if your people accidentally or maliciously delete data. There are two ways to do it. The first is using Salesforce’s Backup under Data Management, this will back up the whole instance. The Second is to create reports with all data on key objects like Accounts, Contacts, Leads, Opportunities. You can also use the Data Loader to extract your data. Decide the maximum amount of data you could afford to loose, 1 day, 1 week, 1 month. Then back up at least that often, store the data in 2 different places. With memory devices so cheap these days it is great insurance against Cyber Thief’s & Hackers.
Obviously use a strong security software, providing anti virus protection and a firewall. I have used these for years. I find that anti virus is not enough, a good firewall keeps a lot more junk out. The cloud is safe but your computer is the access point and if that gets compromised your cloud data is venerable.
By taking some basic precautions we can take a data breach from being a crippling disaster to being a solvable annoying business problem.
I don’t suppose any of this has happen to your business on the off chance it has it may be worth a short phone conversation.