It was 5.40pm and my phone was ringing. I didn’t know it at the time but this was going to be one of “those calls”, I’d had one last year too. My friend had just left the bank after being grilled by them for 5 hours. The day previously someone had entered the bank, confirmed their identity and proceeded to clear out all her bank accounts and investments. The bank had thought that the thief had come back to finish off the job, thinking it was her they grilled her for 5 hours. The bank, in the end, managed to recover about half of her money but the rest had gone.

We had a chat and it came to me quite quickly that over the past month or so, someone had been slowly gathering information on her (hindsight is a terrible thing). Her phone went missing for a day only to reappear, the strange phone calls from “Microsoft Support”. All of which may have rung alarm bells for someone who had been trained in CyberSecurity but unfortunately she hadn’t, but that isn’t surprising. Only 15% of employees are trained in CyberSecurity.

Experts are saying British businesses are not doing enough to protect themselves. Cyber attacks are exacting a heavy toll on British businesses. Research company Cebr last year reported £34bn of increase IT expenditure and lost revenue due to CyberSecurity. The UK Government found boards of half of FTSE 350 companies only hear about cyber incidents only on an occasional basis or when something goes wrong.

Salesforce has a whole host of security measures in place to stop or reduce the risk of hacking, and rightly so. Security is incredibly important to them, one hack or perceived hack to ruin Salesforce overnight. But security isn’t full proof and the damage can sometimes harm a companies reputation maybe more than the actual attack. TalkTalk a UK cell phone company was hacked last year and lost 156,000 customer credit card and account details. Last week they announced, a year after the attack they had lost 101,000 customers and their profits had more than halved as a direct result of the hack.

A recent report of UK companies showed that nearly half (46%) of small business owners have no employee responsible for data security and more alarming 27% have no process or policy at all. But it’s not just isolated to small companies. Last year saw a conservative estimate of 487,731,758 records (based on public information) of data leaks from companies like Hyatt, Hilton HHonors, Costa Coffee, Mumsnet, 56 Deans Street clinic (that leaked 780 HIV patients and the NHS Trust was fined last week £180k) and JD Wetherspoon nearly 700,000 personal details were stolen.

Employees are now the weakest link in CyberSecurity

Now hackers have changed tack. As dedicated IT security hardware and software has increased in companies, hackers are now turning to the next weakest link. Employees! Several years ago a book opened up this world to the public; it was “The Art of Deception” it documented how social engineering techniques could be used to extract information from employees. All it takes is one small slip up from an employee to set off a chain reaction which could result in a cyber attack.

According to the PWC Global State of Information Security Survey, 2015, employees remain the most cited source of security compromise (over 55%), and incidents attributed to business partners also climbed 22 percent.

At last week’s London Salesforce WorldTour I demonstrated how a small release of information could ultimately result in an employee trusting a hacker and providing information. Here are some of the ways:

  1. Exploiting Public Information: Job boards have a wealth of information on a company, what technologies are used in a company as well as names of internal departments this can be invaluable to a hacker to gain an internal knowledge of a company.
  2. Phishing Emails: The hacker uses official-looking emails based on the public information to get the user to fill out an online form. The form may only just ask for the employee’s name and username and nothing more. Giving just your username isn’t a problem is it?
  3. Social Engineering: The hacker users the information they have received to convince a different employee that they are an employee to build trust with their target. With the information collected, they ask the target employee to confirm “their identity” by looking up their username on the internal network to verify that they are an employee. Now the trust is built with the employee they can continue with the next phase of the attack which again could be a very small step in a much larger plan of attack.

Get the skills to protect yourself online

Screen Shot 2016-05-24 at 11.26.26But it’s down administrators and developers to protect their system from their employees? Not anymore! Attacks are becoming more sophisticated. In my opinion, EVERYONE who uses the Internet should get at least basic CyberSecurity training to protect themselves online as well as ability to protect their company!

One of the best free online courses I’ve seen online has been created in collaboration with GCHQ (British intelligence) and is accredited by the Insitute of information Security Professionals (IISP). It’s a FREE 8-week course that gives you the skills to protect yourself online, no strings attached. I mentioned this at a recent user group and several people are now doing the course and loving it.

FREE CyberSecurity course

Take the User Authentication Salesforce Trailhead

identity_user_authentication Take the User Authentication trailhead on Salesforce Trailhead. This is a great module that introduces you to two-factor authentication in Salesforce. It goes on the premise that you can’t login to Salesforce without something you know (your Salesforce Password) and something you have (your mobile/cell phone).

User Authentication Trailhead Module


My Top Security Tips

  1. Switch off notifications on your cell-phone lock screen; Hackers realise that people are using their phones as 2-Factor Authentication. Google, Salesforce, PayPal, etc. all can send text messages with a code in them to your phone before you can login in Salesforce. This is a great extra security measure. But if you allow notifications to appear on your lock-screen sometimes the hacker doesn’t even need to know the code to your phone as the 2-factor auth code is displayed on the phone without needing to be unlocked.
  2. If you haven’t taken CyberSecurity training do it; Even if you “think you know it” do it! I guarantee you will learn something to help protect yourself as hackers are becoming ever more sophisticated and are constantly adapting.
  3. Learn about switching on two-factor authentication & IP Restrictions on your Salesforce org; Checkout the Salesforce module above.
  4. Tell others; Without getting the word out, more people could lose their life savings to hackers. Please share or tell others about the free online training.
Administration, General

This month’s Admin user group was hosted by Slalom a US consultancy that has just created an office in London. Thanks Slalom for a great venue overlooking the Thames!

London Salesforce Admin User Group at Slalom

London Salesforce Admin User Group at Slalom

First we had Andy talking about Slalom. Slalom is a US based consultancy that has only recently moved over to the EU with their first office in London. First up was Matt with his Chatter talk. Have to say it was really interesting! How do you get analytics on who has viewed chatter groups or feeds and surface chatter analytics as a global VisualForce action, kinda neat.

Then we had Matt with his Chatter talk “I didn’t know chatter could do that”.

Matt Morris Kicking us off with "I didn't know chatter could do that"

Matt Morris Kicking us off with “I didn’t know chatter could do that”

Have to say it was really interesting! How do you get analytics on who has viewed chatter groups or feeds? Then with the analytics you have gained how do you visualise that to all your users? via a global VisualForce action of course :) kinda neat. I’ve actually been working on a chatter project myself recently had have come up with similar limitations.



Read More


Join the conversation on LinkedIn

David Giller from Brainiate. Online or In Person?

David Giller from Brainiate. Online or In Person?

When David Giller from Brainate asked “Salesforce Training… Online or In Person?” on LinkedIn I couldn’t stop myself from replying.


I very much believe training is just one part of being at brilliant at your job: Read More


Trailhead has released some rather nautical Trailheads so that you can navigate the differentiators that drive Salesforce’s success: our core values, innovative technology, and vibrant ecosystem.


Salesforce Success Model

Learn who Salesforce is and our vision for driving customer success.

Go to Module Read More

General, News

I am TOTALLY overjoyed to see eight new EU Salesforce MVPs!! Especially as several of them I mentored! I still remember when all the EU MVPs rocked up to the Salesforce London big Cloudforce event. There were just 4 of us, now 26 of us (I think). We’ve also added Italy & Israel to the countries that now have a Salesforce MVP in them. I’m also relieved that I was renewed this year as well. I’m now a 5x or 6x Salesforce MVP… I’ve lost count :)

The Salesforce MVP Programme is a programme run by Salesforce to award people in the community for their Accessibility, Expertise, Responsiveness, Leadership & Advocacy in Salesforce. If you want to learn about how Salesforce awards and MVP they have recently created a blog about the whole process!

And now for the new MVPs:

Mohamed El Moussaoui

Mohamed El Moussaoui

Mohamed El Moussaoui – France   
Mohamed & Fabien run the Paris Dev user group. They were both over from France for London’s Calling a couple of weeks ago and I was REALLY hoping this year would be the year they made MVP. They run the Paris user group for quite a while and they are both great guys!!



Fabien Taillon

Fabien Taillon – France   
Fabien did a talk at London’s Calling when he was over and its well worth a watch! “Style your application with Lightning Experience Look & Feel using SLDS


Read More

Administration, Development, General

Missed London’s Calling? Checkout the video above! But this is how it all started…

It all really kicked off just before Dreamforce 2015 with Jodi Wagner, Simon Goodyear, Louise Lockie, Kerry Townsend & several bottles of Champagne. We were sitting around the table and the conversation turned to something I think we had all been mulling over for some time. The creation of an event for the Salesforce community, BY the Salesforce community. An event where we could learn from community experts in Salesforce who had been at the coal face. An event that wasn’t a Sales event, but an event for Salesforce Admins & Developers designed to help us learn from each other and find out about new Apps in the Salesforce ecosystem whilst have fun doing it! :) Needless to say, Will Coleman turned up and more Champagne was drunk and then…

London's Calling Napkin

London’s Calling Napkin

London’s Calling was born… Our first rough sketch of the event (on the back of a napkin) consisted of a two-day event, this quickly reduced down to one day. Let’s “start small” and see what happens, hey no one may turn up!

Read More

Administration, Development, General

Brent Downey has created a brilliant post on Salesforce’s new “Duplicate Management” tool. But one of the obvious features that is missing is being able to change the columns that the user sees when the Duplicate Management finds a match. For example, if you are matching on (e.g.) the contact name and city, when you find matching records only the contact name and city are displayed in the matching table, and there is no option to change this, which can be a real pain! I want to see the company name, address, etc. So I can tell if an actual duplicate or not. But there is a solution that I mentioned in my “Data Tips, Tricks & Strategy” session at Dreamforce 2015.

Fake your Matching rule

Brent did a great post on how to setup Duplicate Management, but I’m just going to focus on the matching rule. Based on my example above if I wanted to create a matching rule to match contacts with a similar First Name and Last Name I would create a matching rule that looks like the following:

First Matching Rules

Duplicate Management > Matching Rule; Matching on Contact First name & Last name

Read More

Development, News

NOTE: The competition has now ended but Trailhead is still just as cool :)

Trailhead has just launched some new modules on Trailhead. I’ve just completed the ‘Battle Station’ module and if you also complete it before 31st Dec, you will be entered into a draw to win either Playstation 4’s, Sphero Robots or Remote Controlled quadcopters!

Trailhead is a FANTASTIC way to learn Salesforce. We have at work ‘Trailhead Tuesday’s‘ where we sit down at lunch and battle to get as many badges as we can in a calendar month! It’s been going really well. Check them out!

Build a Battle Station App

This is a project rather than a module as its a bit more involved than just a module. But if you do this before 31st you can win prizes!

Build a Battle Station App

Do the Project now Read More

General, News
FCA signals steps for Cloud computing in UK Financial Services

No fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules

-   UK Financial Conduct Authority   -

An interesting thing happened last month. The UKs Financial Conduct Authority (FCA) produced a document proposing new guidance for the financial services using third party cloud computing solutions.


The Financial Conduct Authority (FCA) is a financial regulatory body in the United Kingdom, but operates independently of the UK government, and is financed by charging fees to members of the financial services industry. The FCA regulates financial firms providing services to consumers and maintains the integrity of the UK’s financial markets. It focuses on the regulation of conduct by both retail and wholesale financial services firms.


What I find interesting is how FCA has embraced cloud computing using Salesforce extensively in its operations. It can only be a good thing that the UK regulator for the financial services industry is paving the way for cloud-based services. I do sometimes get frustrated with companies who don’t have brilliant physical/logical security around their internal information assets, and then say having an internal solution makes it “more secure”. The majority of successful hacks come from within the company not from external.

Ransomware, insider threats… companies not prepared

A recent report showed that nearly half (46%) of small business owners have no employee responsible for data security and more alarming that 27% have no process or policies at all. But even larger companies This year has been a tough year for security with just this week yet another attack. JD Wetherspoon was hit by a cyber attack releasing over 650k of customers records.

Cloud computing setup correctly (or even in some cases out of the box) could be more secure than some companies internal systems. Just the basic fact that you could, in theory, lock your entire IT and development team out of your production environment and have the deployment of changes & administration function a business function and not an IT one. This makes Cloud Computing at a reduced risk of internal attack, and when the majority of hacks are internal, this has to be a good thing. Just talk to the CIA, if Snowden (an IT admin) hadn’t had full admin privileges when he didn’t need them things could have been very different.

YouTube Preview Image

Read more at:



This event was on 5th Feb 2016 and has ended. Watch out for next year!

Well, it all started at Dreamforce with a group of us sitting around a table a pub discussing a big community event for the UK. An event where Salesforce developers, admins & technical architects, etc could all come together and collaborate. The opportunity to learn from each other on topics we all find interesting or challenging to solve. To inspire and most of all have some fun,

So enter “London’s Calling“. We’ve found an amazing venue SkillsMatter CodeNode, which is dedicated for technology events. So on the 5th Feb 2016, we will take it over for one day only! So what’s going to happen?

  • Opening address from Eric Kuhl; For those who don’t know Erica I think she was the 6th employee to join Salesforce, and she now heads up more or less all community activities at Salesforce.
  • Loads of sessions from community members; We are going to have a load of sessions for admins, devs & business leaders with several tracks of talks to choose from.
  • Keynote from Peter Coffee; You’ve probably seen him talking at the Dreamforce keynotes but when you go to his talks you realise he’s 20 years ahead of everyone. Can’t wait for this!!
  • Non-Profit: We have to charge for the event to pay for the venue, food etc but we’re not making any money out of this event. It’s by the community for the community. If a load more people come than we expect all profits will either be given to charity and/or kept for the next community event.
  • Plus loads more… Demo Jam, Sponsor Expo floor, amazing lunch & after event party!!

So sound interesting? Super Early Bird tickets ON SALE Grab yours now before they all go!

Find out more / Book Early Bird Tickets

If you are interested in being a speaker please let us know (if you do talk your ticket will be refunded).

If you are interested in Sponsoring, let us know too!


Subscribe via Email

Enter your email address to subscribe and receive notifications of new posts by email.

Follow me on Twitter