Most organizations assume that passing the Salesforce Health Check means their environment is secure. The attackers who targeted hundreds of organizations between late 2024 and mid-2026 knew otherwise.

The threat groups ShinyHunters (tracked as UNC6040) and Scattered Spider did not find a zero-day vulnerability or deploy exotic malware. They looked for overly permissive guest user configurations in Salesforce Experience Cloud, exploited human trust through social engineering and voice phishing, and walked through doors that had been left open. ShinyHunters claimed to have compromised between 300 and 400 organizations, including FedEx, Google, Cisco, and Toyota. Their September 2025 compromise of Instructure’s Salesforce environment gave them the organizational familiarity they later used to breach Canvas LMS. By early May 2026, Canvas’s login page had been replaced by a ransomware message, disrupting nearly 9,000 schools during final exam season.

These attacks share a common thread: they weren't enabled by zero-day vulnerabilities or exotic malware, but by security gaps that organizations can proactively identify and remediate through regular Salesforce security assessments. They exploited misconfigurations, human trust, and overlooked settings that security teams had the power to fix.

Why Standard Checks Miss the Real Risks

Kenway Consulting helps organizations evaluate their Salesforce security posture, identify vulnerabilities, and implement Salesforce security best practices to reduce risk and improve resilience.

This blog outlines key Salesforce security best practices organizations can use to strengthen their security posture, reduce risk, and better protect sensitive data.

Kenway’s Recommended Action Plan for Salesforce & Security Improvements

1. Conduct a Salesforce Security Assessment

Effective Salesforce security goes well beyond the native Security Health Check and should include a comprehensive review of user access, authentication, data security, integrations, and governance practices. Kenway recommends reviewing security practices across the following domains. This will identify vulnerabilities and ways to mitigate risk.

2. Remediate Salesforce Security Risks Using Native Features

After identifying vulnerabilities, organizations should address gaps using Salesforce's native security capabilities. Reviewing user access, permissions, authentication settings, and sharing models can significantly improve your Salesforce security posture without requiring additional investments.

3. Extend Salesforce Security with Advanced Security Tools

Organizations with advanced security or compliance requirements can further strengthen their Salesforce environment with tools such as Salesforce Shield, Security Center, Data Mask, and backup and recovery solutions. These capabilities provide additional visibility, protection, and resilience beyond standard platform controls.

Salesforce Security Assessment Package

Kenway Consulting has developed a Salesforce Security Assessment Package with the following deliverables and outputs:

1. Salesforce Security Assessment Framework

Kenway has developed a comprehensive Salesforce security assessment framework based on 12 domains covering the full spectrum of Salesforce security risks, from identity controls and access governance to application security and integration architecture.

2. Salesforce Security Assessment Workbook

Detailed analysis of 83 security parameters across 12 Salesforce security domains:

1. Health Check
2. Identity & Access Management – Authentication
3. User Access & Elevated Permissions
4. Sharing Model & Data Visibility
5. Salesforce Shield (if applicable)
6. Data Security & Backup Strategy
7. Sandbox Governance & Sensitive Data
8. Application Security – Custom Code
9. AppExchange Applications
10. Integration Security
11. Email Security
12. User Onboarding / Offboarding

Evidence-based findings for each security parameter help organizations identify vulnerabilities, strengthen their Salesforce security posture, and prioritize remediation efforts.

• Salesforce Baseline Security Standard
• OWASP Top 10
• NIST SP 800-53
• HIPAA Security Rule (45 CFR §164.312)
• CIS Controls v8
• Salesforce AppExchange Security Review Standards
• Kenway Consulting Security Best Practice

3. Prioritized Remediation Roadmap

Each remediation item is prioritized using a consistent scoring model to support sequencing and improve Salesforce security risk management.

1. Impact: Security or business consequence if the specific finding is exploited
2. Effort: Estimated implementation complexity
3. Likelihood: Probability that the risk will manifest if left unactioned

Our prioritized roadmap will identify quick wins (High Impact, Low Effort) and estimated durations for project planning.

What a Stronger Security Posture Looks Like

Organizations that complete a thorough Salesforce security assessment and remediation cycle gain more than a cleaner Health Check score. They gain a clear, evidence-based understanding of their environment: which users have what access, how data flows through integrations, what custom code is doing, and where their recovery strategy stands.

When a new threat surfaces, those teams can evaluate it against a documented baseline. They can brief leadership with confidence and respond quickly because they already know their environment. That knowledge is what separates organizations that prevent breaches from those that merely respond to them.

Learn more about Kenway’s Salesforce Security Assessment and connect with our team to evaluate your security posture.