This article will examine two scenarios or cases in which Multi-factor Authentication (MFA) can help reduce security breaches in your Salesforce org. Multi-factor Authentication is a secure authentication method that requires users to verify their identity by providing two or more pieces of evidence (or factors) when logging in. One factor is something the user knows, such as their username and password, while other factors include something the user has, such as an authenticator app or security key. Implementing MFA helps to reduce the risk of security breaches for your organization.
Security breaches in any context can have numerous negative impacts. In Salesforce, the impacts are broad and can sometimes lead to colossal losses. Here are some of the effects of a security breach in Salesforce:
To prevent these problems, Salesforce Administrators should engage in specific activities, including employee training, regular security assessments, incident response planning, and, most importantly, implementing Multi-factor Authentication, or MFA.
Now, let’s get to the core of the article: Case Studies!
Phishing is an old method of fraud in the corporate space. Fraudsters send emails or other messages purporting to be from reputable companies or masquerading as reputable people. Their purpose is to induce the staff of their target company to reveal key information that can aid them in achieving their goal of defrauding the entire company. In the security context of Salesforce, the defrauder’s goal is to stage a take-over of the company’s Salesforce org and use the company’s data for malicious purposes. So, how does MFA protect your Salesforce org from phishers?
Imagine this - Emmanuel, a user in your Salesforce Org, has received an email from a strange email address. The email looks genuine and legitimate except for one thing: it contains a link that looks like login.salesforce.com/ and instructs him to input his Salesforce credentials. This link leads to a dummy website created by scammers to deceive unsuspecting Salesforce users. Ideally, Emmanuel is supposed to contact you - assuming you have trained him and other staff for situations like this - but he does not. Instead, he clicks the link and inputs his credentials.
Does this mean the scammers or hackers now have his credentials and can access his Salesforce account? Well, in a normal sense, yes. But not when you have implemented the MFA. In this case, your Multi-factor Authentication comes to the rescue.
In this situation, the MFA stops the stranger from entering your org by asking for details that are only visible to Salesforce and the hacked user. Multi-factor authentication requires two or more pieces of evidence when users log in - something they know, like their username and password, and something they have, like an authenticator app or security key. In this case, the hackers already know the username and password, but they can never know the security key or code from the Salesforce Authenticator app. Before they get that, you, as an administrator, must have mitigated the situation by changing their password using the authentication details or deactivating the user and reporting to Salesforce immediately.
Let’s twist the scenario a bit - Emmanuel is a Sales Rep who actively uses the Salesforce Mobile App. He spends 70% of his time at work in the field, trying to sell your company’s products, convert leads, or take inventory of a new customer. Essentially, his work involves going out of the company a lot, and as such, he relies on his Salesforce Mobile app to carry on with his tasks. As an intelligent Salesforce administrator, you can define a list of IP addresses from which users can log in without receiving a login challenge for verification of their identity - in other words, without having to carry out the demands of MFA every time they log in. This can be done through the Trusted IP Ranges setting in Salesforce. You can set this up via Trusted IP Ranges in the setup interface.
With the Trusted IP Ranges, Emmanuel does not have to bother about MFA. But what happens when he is far out in the field, away from the trust IP Ranges? Then, an MFA can be put in place to ensure that he inputs new codes every time he logs in. While this might be uncomfortable, it helps to protect your org from being invaded by a stranger in case Emmanuel’s phone gets missing.
Provided that Emmanuel contacts you, the Salesforce Administrator, as quickly as possible, possibly before the stranger makes any move, the situation will be controlled, and access to the org can be limited by simply deactivating or freezing the user. Simple. MFA is a compulsory security requirement in Salesforce, and this article looks into some of its use cases. Kindly review other articles to gain more insights into implementing MFA in Salesforce.
In addition to implementing MFA, the Salesforce Administrator must ensure that they train the users in their org. Employee training is one of the most essential functions of every Salesforce Administrator. The administrator must teach the users how to spot a scam email and immediately report it to them. The faster the report gets to the administrator, the easier it is to salvage the situation.
