Salesforce security and compliance is a Shared Responsibility and you, the end-customer need skin in the game.'salesforce is a PaaS, and its compliance with regulations like HIPAA, PCI, HITRUST does not flow down to your compliance unless you (or your SI) configures the security controls correctly. 'It starts with anaccurate assessment of your current state to inform your actual risks and then prioritized daily, weekly, and monthly remediation plan to reduce risk. 'Well review some interesting statistics based on the Salesforce Security Risk Assessments RevCult completed in 2019 along with a checklist of actions you can take to complete your own assessment. 'We'll also discuss specific things you should be doing today to ensure your Salesforce security controls given current situation and rapid expansion of your remote workforce (eg. IP restrictions, user authorization, etc.)