IT Hub

Case Studies: How MFA Reduces Security Breaches in Salesforce

Reco Security Experts
June 25, 2024
June 25, 2024

Case Studies: The Impact of MFA in Reducing Security Breaches in Salesforce

This article will examine two scenarios or cases in which Multi-factor Authentication (MFA) can help reduce security breaches in your Salesforce org. Multi-factor Authentication is a secure authentication method that requires users to verify their identity by providing two or more pieces of evidence (or factors) when logging in. One factor is something the user knows, such as their username and password, while other factors include something the user has, such as an authenticator app or security key. Implementing MFA helps to reduce the risk of security breaches for your organization.

Impacts of Security Breaches in Salesforce

Security breaches in any context can have numerous negative impacts. In Salesforce, the impacts are broad and can sometimes lead to colossal losses. Here are some of the effects of a security breach in Salesforce:

  1. Data Loss and Compromise: Unauthorized access to your Salesforce org can result in losing and compromising crucial data. Data is the foundation of every business, and its protection and security should be a top priority. Beyond the risk of exposing the sensitive data of customers and the company, a security breach could endanger your company and its consumers, as their data could fall into the wrong hands.
  2. Legal Consequences and Regulatory Fines: Companies that use Salesforce in the European Union are subject to the General Data Protection Regulation (GDPR), as companies in other parts of the world are subject to different regulatory requirements. Using the GDPR, for instance, will attract heavy fines due to security breaches caused by the carelessness of the Data Protection Officer.
  3. Reputation Damage: A security breach can damage your company’s reputation. Your company will no longer be regarded as credible, and trust is critical for business growth. When your business is no longer trustworthy, old customers will leave, and new customers will take over. 
  4. Financial Loss: Mitigating a security breach may be financially costly. In addition to the heavy fines a company might pay, compensating customers’ losses and conducting forensic investigations are other ways financial loss might occur. 
  5. Intellectual Property Theft: Every serious company has a property that distinguishes it from its competitors. A security breach can result in the theft of such Property and lead to competitive damage. Intellectual Property such as product designs, trade secrets, and many more can be stolen!

To prevent these problems, Salesforce Administrators should engage in specific activities, including employee training, regular security assessments, incident response planning, and, most importantly, implementing Multi-factor Authentication, or MFA.

Now, let’s get to the core of the article: Case Studies!

Case Study 1: Phishing Schemes by Scammers

Phishing is an old method of fraud in the corporate space. Fraudsters send emails or other messages purporting to be from reputable companies or masquerading as reputable people. Their purpose is to induce the staff of their target company to reveal key information that can aid them in achieving their goal of defrauding the entire company. In the security context of Salesforce, the defrauder’s goal is to stage a take-over of the company’s Salesforce org and use the company’s data for malicious purposes. So, how does MFA protect your Salesforce org from phishers?

Imagine this - Emmanuel, a user in your Salesforce Org, has received an email from a strange email address. The email looks genuine and legitimate except for one thing: it contains a link that looks like login.salesforce.com/ and instructs him to input his Salesforce credentials. This link leads to a dummy website created by scammers to deceive unsuspecting Salesforce users. Ideally, Emmanuel is supposed to contact you - assuming you have trained him and other staff for situations like this - but he does not. Instead, he clicks the link and inputs his credentials.

Does this mean the scammers or hackers now have his credentials and can access his Salesforce account? Well, in a normal sense, yes. But not when you have implemented the MFA. In this case, your Multi-factor Authentication comes to the rescue.

In this situation, the MFA stops the stranger from entering your org by asking for details that are only visible to Salesforce and the hacked user. Multi-factor authentication requires two or more pieces of evidence when users log in - something they know, like their username and password, and something they have, like an authenticator app or security key. In this case, the hackers already know the username and password, but they can never know the security key or code from the Salesforce Authenticator app. Before they get that, you, as an administrator, must have mitigated the situation by changing their password using the authentication details or deactivating the user and reporting to Salesforce immediately.


Case Study 2: Loss or Misplacement of Mobile Device

Let’s twist the scenario a bit - Emmanuel is a Sales Rep who actively uses the Salesforce Mobile App. He spends 70% of his time at work in the field, trying to sell your company’s products, convert leads, or take inventory of a new customer. Essentially, his work involves going out of the company a lot, and as such, he relies on his Salesforce Mobile app to carry on with his tasks. As an intelligent Salesforce administrator, you can define a list of IP addresses from which users can log in without receiving a login challenge for verification of their identity - in other words, without having to carry out the demands of MFA every time they log in. This can be done through the Trusted IP Ranges setting in Salesforce. You can set this up via Trusted IP Ranges in the setup interface.

With the Trusted IP Ranges, Emmanuel does not have to bother about MFA. But what happens when he is far out in the field, away from the trust IP Ranges? Then, an MFA can be put in place to ensure that he inputs new codes every time he logs in. While this might be uncomfortable, it helps to protect your org from being invaded by a stranger in case Emmanuel’s phone gets missing. 

Provided that Emmanuel contacts you, the Salesforce Administrator, as quickly as possible, possibly before the stranger makes any move, the situation will be controlled, and access to the org can be limited by simply deactivating or freezing the user. Simple. MFA is a compulsory security requirement in Salesforce, and this article looks into some of its use cases. Kindly review other articles to gain more insights into implementing MFA in Salesforce.


In addition to implementing MFA, the Salesforce Administrator must ensure that they train the users in their org. Employee training is one of the most essential functions of every Salesforce Administrator. The administrator must teach the users how to spot a scam email and immediately report it to them. The faster the report gets to the administrator, the easier it is to salvage the situation.

Explore More
See more articles from our Hub