The 12 Days of Salesforce for 2024 (Day Eleven: Security & Compliance)
TL;DR: Here is my list of things you should be considering as you reboot your business for 2024, focusing on Salesforce generally and Security and Compliance specifically.
Here’s the first post in this series, along with the idea that you can save $150K annually. https://medium.com/@kmcafeesf/the-12-days-of-salesforce-for-2024-day-one-dd8051e0adee
Day Eleven (of Twelve): Security and Compliance Enhancements
What you should consider: Strengthen security measures and ensure compliance with industry standards, reducing the risk of data breaches and associated costs.
What you should evaluate: Evaluate potential cost savings associated with avoiding data breaches and non-compliance penalties.
Annualized cost savings (est. based on 30 users): $15,000.
How I would approach Day Eleven and Security and Compliance:
What would a customer data breach cost you? $1M in damages? All of your customers? Your brand?
Whatever you think the cost is, you’re probably a bit light.
Try $165 per record light. And that’s an assessment of the literal costs, not damage to your brand, your reputation, or your customers’ trust in you.
Think Myspace, Yahoo!, Über, Facebook… they’ve all suffered brand damage from breaches. And some weren’t recognized for years.
So it’s worth your time to reinforce security measures. Start with yourself. How is your password management system? (Post-its? Ugh.) Yes, Apple and Google can manage your passwords, but is your master password a lame duck? D0nk3ysE4tH4y, don’t they?
But seriously, customers want you to enforce security uniformly; this is critical because the weakest link can cause damage to the system.
Measures
Do you have 2FA required? Do you know what 2FA is? Or MFA? Okay, sure, there should be a grace period for 2/MFA, but that ended in 2022. Use it and use it now.
Do you have the proper permissions for your customers who access your portals? Are you sure? Is everyone on the portal authenticated?
What about penetration testing or Red Team testing or social engineering? I doubt you use them all, but you should consider the impact of hardening your systems and expectations.
Responses
Take breaches seriously. Everyone with anything of value will eventually become a target of the malicious. Cynical or not, don’t remain ignorant.
Be aware of issues, and when they arise, deal with them in a way that makes the rest of your reasonable customers see you handle the issue and harden your future systems.
Compliance
While hackers constitute the unknown and unpredictable, compliance issues are usually avoidable. GDPR, HIPAA, the SEC, Regulatory compliance, etc., are known. There are rules and guidelines to prevent problems, and there are some good reasons the rules exist.
While I wouldn’t want to deal with customer distrust in any circumstance, I certainly wouldn’t want a government agency perma-reserving a conference room on my floor.
Find an expert who understands the systems, the guidelines, and the right questions to ask.
The Bottom Line
If you want to have nice things, then work on keeping them safe, secure, and within the guardrails of the regulations. If you don’t know how to do that, find someone who can. Maybe a consultant?
This is a part of the 12 Days of Salesforce for 2024 series. Here are links to the other initiatives you should consider, and as always, please reach out to me if you’d like some counsel or my approach via my team at Rule Six Consulting LLC.
Day One: Automation of Repetitive Tasks
Day Two: Data Cleanup & Deduplication
Day Three: Analytics & Reporting
Day Six: User Training & Adoption
Day Seven: Mobile Optimization
Day Eight: Artifical Intelligence
Day Nine: Communities and Portals
Day Eleven: Security & Compliance
Day Twelve (Hooray!): Improvement Cycles & Feedback
I appreciate you spending some time thinking about these topics with me, and I welcome feedback and additions.
