Are you providing your internal users with annual security compliance training? Do your Salesforce end-users have formal training and documentation on best practices like naming conventions, Chatter etiquette, and more? How skilled and experienced is your Salesforce team? If you're not sure, or the answer to these questions is no, you may be putting your business at risk.

Annual security compliance training is a cornerstone of a robust security posture. It's not just a box to check; it's a proactive measure that empowers your internal users to become your first line of defense. Baselining with the recent ShinyHunter attacks, the ShinyHunter attacks focused on targeting Salesforce administration teams via phishing/vishing, and then authorized into production orgs when a Salesforce admin approved the installation of a faulty connected application.

By regularly educating employees on topics like phishing scams, password hygiene, and data handling, you significantly reduce the risk of a data breach. Training provides a consistent, documented process for ensuring everyone understands their role in protecting sensitive information.

For your Salesforce Admins, the recent cybersecurity attacks should ensure you focus on social engineering, processes for user authentication, and how to report events to your cybersecurity team that require an investigation.

Effective Salesforce use goes beyond basic functionality, it requires a shared understanding of best practices. Formal training and documentation on topics like naming conventions, Chatter etiquette, and overall communication standards are vital for maintaining a clean, organized, and searchable Salesforce org.

Standardized naming conventions for accounts, contacts, and opportunities are crucial for accurate reporting and easy searching. This includes guidelines on how to handle duplicates and ensure consistency across the entire database.

Implementing data entry standards ensures your CRM becomes a single source of truth. This means everyone in the organization is working with the same, reliable information. Without such standards, you risk having conflicting data, which leads to miscommunications, inaccurate forecasts, and a poor customer experience.

Use the company’s full legal name as it appears on official documents as a top-most parent. For example, use Alphabet Inc. instead of “Google”, and establish an account hierarchy for the company’s legal business subsidiaries.

Consider consistency in abbrieviations. Ensure common suffixes such as Co., Inc., LLC, and LLP. have the proper consistent use of periods, otherwise you may have your reporting skewed if you have duplicate Alphabet Inc. records that are spelled as Alphabet Inc.

Ensure you have a policy for linking parent and child accounts, which is essential for your internal users to understand corporate structures, and prevent duplicates for subsidiaries.

Use the full first and last names of individuals that work at accounts. Avoid nicknames or shortened versions.

Standardize job titles to enable better segmentation and targeted outreach. Decide whether or not your end users should enter “Vice President, Sales” or “VP, Sales”, otherwise you will have split segments and results.

If a contact has multiple roles, the primary role should be the one that is most relevant to the business, all other roles should be captured in a separate field or section.

Establishing clear rules for who owns which records and how to transfer ownership is vital for team accountability and preventing data silos. Do you know which records have teams working them, when there is a primary owner, and when ownership should change?

A good baseline for the primary owner is the main point of contact for a specific record. For an account, this is typically the account manager. For an opportunity, it's the sales representative responsible for closing the deal.

Define clear rules for transferring ownership. This prevents confusion and ensures a smooth handover when an employee leaves, a territory is realigned, or a deal is passed from a sales development representative (SDR) to an account executive (AE).

Define rules for data accuracy and the responsibilities of a record owner. The record owner should be ultimately responsible for ensuring the data associated with that record is accurate and up-to-date. This includes updating contact information, logging activities, and moving opportunities through the correct stages.

In some cases, a record may have a team of owners. Define the roles and responsibilities for each team member to avoid redundancy and ensure all tasks are covered. For example, a sales team may have an AE as the primary owner, with a sales engineer as a co-owner for technical aspects of the deal.

Training should cover when to use Chatter, who to tag, and what information is appropriate to share, preventing it from becoming a disorganized stream of irrelevant posts. This will also assist in ensuring users understand what information is appropriate to share in a chatter post.

Use the @ symbol to mention a specific person or group. This sends a direct notification and is the most effective way to get someone's attention. For example, "@John Smith, can you please review the attached proposal?"

In your annual training, ensure Chatter for work-related conversations directly tied to the record or group. For general chatter or personal conversations, use a different platform. Keep posts concise and to the point.

It's good practice to acknowledge a message directed at you, even with a simple "Got it" or "Thanks." This lets the sender know you've seen their message and ensures the conversation doesn't stall.

Use # to categorize conversations. This makes it easier to search for relevant information later. For example, use #Q3PipelineReview for all conversations related to a specific quarterly review. Create a list of approved and common hashtags for your organization.

Avoid uploading large files directly to Chatter. Instead, upload them to a centralized document repository like Google Drive or SharePoint and share a link in the Chatter post. This saves storage space and keeps the platform running smoothly. The file will then often be run through your security team’s virus scan policies, which I doubt your Salesforce org has a package built in to handle that.

Prioritize your business by training end-users on Salesforce best practices. This includes annual security compliance, standardized naming conventions for data entry, clear record ownership, and Chatter etiquette. Proper training mitigates risk and ensures data integrity. Next week's blog will cover team and vendor assessments.