October is cyber security month and we are here to talk to you about the many ways in which HubSpot provides security, privacy and complete control over your data!
Let's start off by saying, HubSpot is trusted by over 100,000 customers in over 120 different countries.
The core tenets of HubSpot’s security program are to safeguard customer data and maintain customer trust. HubSpot uses a defense-in-depth approach to implement layers of security throughout their organisation.
HubSpot's security program is driven by compliance and regulatory requirements as well as industry best practices like the OWASP Top 10, the CIS Critical Security Controls and threat intelligence.
'HubSpot’s primary security focus is to safeguard our customers’ data. This is the reason that HubSpot has invested in the appropriate resources and controls to protect and service our customers. This investment includes the implementation of dedicated Corporate Security and Product Security teams. We are focused on defining new and refining existing controls, implementing and managing the HubSpot security framework as well as providing a support structure to facilitate effective risk management. Our Chief Information Security Officer oversees the implementation of security safeguards across HubSpot and its products.' - HubSpot Security Overview
Below are some HubSpot security features that we love.
Whether you’re using HubSpot products that are free or paid, feature-rich or lightweight, HubSpot works hard to maintain the privacy of data you entrust with it. Data you store in HubSpot products is yours, HubSpot have a security program in place to protect it, and use it only as permitted their Customer Terms of Service and Privacy Policy. HubSpot will never share your data with customers or sell it.
It’s more important than ever that your teams be mindful of data privacy, whether its GDPR compliance or a similar local regulation.
What is GDPR? The GDPR (General Data Protection Regulation) is an EU Regulation that significantly enhances the protection of the personal data of EU citizens and increases the obligations on organisations who collect or process personal data. You are expected to comply with GDPR regulations if you are a non-EU businesses who market their products to people in the EU or who monitor the behaviour of people in the EU.
Three main points to think about when it comes to GDPR are,
Consent- the customer needs to be unaware that they are consenting to processing of their personal data. They must also know exactly what they are consenting to and they must be informed in advance of their right to withdraw their consent at any time.
New rights for individuals- customers have the 'right to be forgotten' and the 'right to probability'. These two rights mean that users can request that any information stored about them should be deleted or that the information that has been collected should be shared with them.
Access requests- customers have the right to request access to their data free of charge. In some cases organisations can extend waiting periods or even deny access if they have clear refusal policies and procedures in place.
HubSpot has many product features that make GDPR compliance and similar regulations super easier than ever. from consent tracking, subscription settings, cookie tracking consent banners that are customisable, GDPR deletion and lawful basis to communicate.
Standard SAN SSL are provided through HubSpot and are free, they also automatically renew 30 days before expiration. To renew the certificate:
SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection.
Standard SSL Certificates protect your sensitive content, such as such as credit card information, usernames, passwords, and lead data on all HubSpot hosted content and gives your visitors peace of mind.
Standard SSL certificates can also increase your visibility within search results as you are seen as a much trusted website.
Single sign-on is an authentication scheme that allows a user to log in with a single ID and password. True single sign-on allows the user to log in once and access services without re-entering authentication factors.
Users can sign in to HubSpot using single sign-on credentials, making it easy for them to gain access but also enhances your security as you have control over who can and can't sign on.
With two-factor authentication enabled in HubSpot, users require a verification code or link from a second device, such as a mobile phone in order to log in. This intensifies the level of security as users have to provide two pieces of evidence before authentication is provided.
Two-factor authentication is easy to implement and requires little no effort for the users meaning it is not invasive and also proves that security it being provided.
You can manage the security of your HubSpot-hosted content by dictating how external visitors access your website for maximum protection.
You can customise the security settings for each domain and subdomain connected to HubSpot, including your website protocol (HTTP vs. HTTPS), TLS version, and your website security headers. Having this customisable feature enables you to have more control and security over each individual domain.
It's very simple to change and update your domain security settings in HubSpot. Just find website > domains & URLs in your settings sidebar, and click the edit drop down next to each domain.
Password-protected website pages and landing pages, give you the ability to control who can see the content on a specific page. You can require visitors to enter a password to access a landing page or website page. You can also edit the appearance of you password prompt page template to suit your requirements.
This option is available in the 'advanced options' settings tab in the website or landing page editor and check the 'require a password to view this page' box.
Very similar to password protected pages, but you could say a lot better. This feature restricts access to specific HubSpot hosted, web, landing and blog pages by requesting that visitors sign-in with a password and username.
Aside from security, this feature enables more personalisation to your customer. With the CMS Hub, you can leverage HubSpot lists to allow only specific customers to access a section of your site and create content that only these specific groups can access. You can also use this feature to give updates that only your current customers can see. With Memberships, your website becomes much more than just a lead generation tool.
This feature allows for you to permanently delete a contact within your HubSpot contact lists and prevents you for accidentally re-creating this contact in the future.
Under GDPR compliancy rules, companies need a lawful reason to use and process contact data and must keep records of consent and evidence of other lawful purposes of processing.
Within HubSpot there is a contact property 'legal basis for processing contact's data' that helps you collect, track, and store lawful basis of processing information via contract, legitimate interest, and/or consent for your HubSpot contacts.
With HubSpot you can capture a visitor’s consent for cookie tracking, and use different versions of the consent banner depending on a pages needs.
You can customise this by navigating to the privacy & consent tab in your settings and selecting cookies > default policy.
This feature allows the super admins in your account to able and disable the editing of specific properties and access options within your HubSpot account for your different team members. This not only enables control but can keep your team efficient and your data clean.
To assign roles for property editing access to different team members, navigate to properties > assign users & teams from the main settings sidebar.
Roles enable you to create permission sets for your team. Once you've created a role and specified certain permissions for it, you can then assign new and existing users the role to grant them the same permissions.
Super admins can create up to 100 roles and modify role permissions. Admins with permissions to add or edit users can only assign roles that they themselves have permissions for.
Being able to assign team members different roles, keeps your account clean and can restrict access to certain data that team members don't need to see. This is especially useful when segmenting client data based on which member of the team they may be associated with.
Teams in HubSpot allow you to organise your users into groups for organisational and reporting purposes. You can organise users on multiple levels based on team, region, business unit, brand, or any other dimension, to suit the way your business works.
Assets across HubSpot can be partitioned so that only specific teams and users can view and edit them. This can be useful if you want to keep your assets separated by department or team, and helps your team stay focused and organised.
This feature sort of ties user roles and hierarchical teams together by giving you to the ability to assign teams different permissions for your blog posts, site pages, emails, forms, CTAs, lists, or workflows based on role, region, business unit, brand or any other dimension, so they can only see and edit content relevant to them.
HubSpot admin tools allow you to manage your HubSpot account users, monitor their activity and permissions and customise your CRM platform with complete confidence.
Manage, monitor and customise you HubSpot account with the admin tools features.
This feature allows you to sync all your data with your integrated HubSpot apps. It helps make the process clean and easy, ensuring no data gets lost or miss-placed.
I know that was a long read but we had a lot to cover due to the huge amount HubSpot offers when it comes security, privacy and control!
Hopefully, if it was the security holding you back, you now have a much higher confidence in the features provided and want to give HubSpot a go!
You can book onto one of our education or non-profit specific HubSpot demos using the button below 👇