We’ve witnessed the largest workforce transformation in history when the world went remote almost overnight in March. As Salesforce’s Chief Trust Officer, I partner with teams across the company to ensure we seamlessly continue to deliver our service in this new environment while our global security team continues to protect customer data around the clock.
As many of you are now responsible for keeping work-from-home environments secure, here are some important steps you can take to protect yourself, your data, and your work.
Beware of COVID-19 phishing emails
Hackers are taking advantage of the heightened emotions during this time. Cybercriminals are targeting individuals and organisations throughout the globe. To help protect yourself, take time to review the details of your received emails, such as:
- Subject line: Is something off? For example, if you receive an email with a notice about a delivery you weren’t expecting, it could be a phishing attempt.
- Unrecognised email addresses: Do you know this person? Were you expecting anything from this person? If not, be wary.
- Attachments: Anything suspicious about the attachment? The name? The format? Do not click on these suspicious attachments.
- Credential requests: Is an email asking you to log in to something? Are they asking for your username, password, or other sensitive information? Do not give this information away unless you are sure the email is from a trusted sender.
- Content integrity: How does the message read? Is it poorly written? If so, it may be up to no good.
- Calls to action: Is the message requesting immediate, urgent attention? Are they asking for money? These types of emails are suspicious.
If you notice any of the above, do not reply or click the links within the email. Instead, forward the suspect email to your organisation’s security team, mark it as suspicious through your email provider (if possible), and then delete it.
Enable multi-factor authentication (MFA)
You may be more familiar with the concept of two-factor authentication, or 2FA. MFA and 2FA both protect against unauthorised access by requiring a user to provide multiple authentication factors to prove their identity. This second layer of security may come in the form of a hardware security key or temporary tokens, Touch ID (which requires you to use your fingerprint to authenticate your identity), or authentication apps like Salesforce Authenticator. Always check the security settings of the programs you use and enable MFA when it’s available.
Use a strong password
A different password on all your apps and devices — work, social, and personal — is a simple measure you can take to protect your account, especially if MFA is not available. Ensure each password includes a mix of letters, numbers, special characters, and contains at least eight to ten characters. Do not share your password with anyone. Use a password manager, like LastPass, to securely store all your passwords and make it easier to create and use unique passwords across apps and services.
Ensure a secure connection
Devices that connect to the internet, such as computers and phones, have varying levels of security controls. If your organisation provides a VPN (Virtual Private Network), use it consistently to make your internet connection more secure. You can also help keep foreign devices off your network by using the router’s administrator console to enable encryption (use WPA2 or WPA3) and updating your firmware when it’s necessary.
Secure your virtual meetings
The use of video conference platforms is at an all-time high. Take a moment to review your web conference platform’s security settings (Google Meet, Cisco WebEx) to help prevent gatecrashers from joining your meetings.
Use the platform’s built-in security features, such as waiting rooms, screen sharing permissions and participant notifications to manage activity to prevent unauthorised attendees. Be sure to create new meeting access codes and links for each meeting. Also, disable features on the platform that you don’t need — such as file transfer and recordings — to prevent unsolicited content and unauthorised sharing.
Secure your calls
Whether you are on the computer or on the phone, be aware of your surroundings and use headphones for work calls to minimise what others can hear. When using a landline, make sure others can not pick up the line on a different phone.
Secure your physical workspace
Prevent accidentally sending a sensitive email from your device by remembering to lock your screen when you walk away from your computer. If available, use a privacy screen for additional security.
Secure your data
Working from home can be a little chaotic at times, but especially in a pandemic. Be sure to store online work-related data like important files and emails in a secure location that is approved and accessible by your company.
Also, be sure to back up your data in the cloud so you can always retain it, even if your son spills his morning orange juice on your MacBook. If you have sensitive information in hard copy, keep it stored in a locked file. When you no longer need it, shred it immediately.
Keep devices patched
Your day-to-day schedule isn’t the only thing that needs a reboot – so do your devices. Reboot at least once a week and stay up-to-date with the latest versions of software and browsers. Through patching, aka version updates, your device automatically adds necessary new features, removes old ones, fixes performance issues and removes bugs, all of which helps keep hackers out.
Check out some additional Salesforce security resources here:
- Measures in place in response to Coronavirus (COVID-19)
- Salesforce Security Best Practices
- Salesforce Help: Protect Your Salesforce Organisation
For more advice and expert how-tos for leading your businesses or team through COVID-19, check out the ‘Leading through Change’ series.