Look, I get it. Security for platforms where you store your data can be intimidating. And scary. And sometimes, it seems like you’re never going to know where to start. It can be tempting to avoid the whole mess, not to bother at all, and to go on with your life. After all, what’s the worst that could happen?
Or, maybe you’re coming at it from the opposite perspective: no matter what you do to try and secure your accounts, you’ll never be as good as the hackers are, so why bother?
No matter where you’re coming from, I have bad news and good news.
To return to my earlier question, what’s the worst that can happen? Pretty bad.
But what can you do to avert it? (Yes, even in the face of all of those talented hackers out there.) Actually, a lot. That’s the good news. And that’s why I want to encourage you to take just a few minutes today, maybe while you drink your morning coffee, to do security. Not to read think-pieces about it, or get lectured by some stranger on the internet. Just to cut to the chase and do it. It’s that easy.
Note: In the following tips I use your HubSpot account as an example, but you can apply this advice to most, if not all, other important internet accounts, and should definitely consider doing so.
Step One: Keep Yourself Safe
Just like they say on airplanes, you have to put on your own oxygen mask before you can help anybody else. The easiest thing you can do today is secure your own user account, and luckily for you, that’s also one of the quickest and most effective steps you can take.
Two-Factor Authentication (2FA)
If you haven’t already, take a minute (maybe two, max) to set up 2FA for your HubSpot user account. Make sure to save a copy of your backup codes and set up a secondary method to make sure that you won’t need help getting back into your account if you lose track of your phone. Given the choice, an authenticator app like Google Authenticator is a more secure option than text messages, but any 2FA is better than none! Use whatever works best for you.
2FA is the absolute best thing you can do today to make sure that your online accounts stay safe: it’s 99% effective against the most common types of attacks. And, it’s an option all over the internet, not just on HubSpot. Once you set it up for your HubSpot account, consider checking for the option on other sites you use, like your bank website, or email account.
You should set up 2FA for your HubSpot account even if you regularly sign in with Google or single sign-on. That way, even if someone gets their hands on your HubSpot password, you can keep this simple extra layer of security there to protect it.
Total time: Two minutes.
Next, take a dive into the exciting world of password management. Are you still using the same password for HubSpot that you use for the Yahoo account you made to play fantasy football in high school? Is that password “Password123!”? Do you know how many other people have used Password123! before? Bad news, friend. Take it from the folks over at HaveIBeenPwned.com:
It’s probably time for a change. Sharing passwords (or password variations) between multiple websites exponentially increases the amount of damage that password getting out into the world can do, especially since you likely already share usernames and email addresses between those sites, too. Using a password manager takes all the difficult work out of choosing a different password for every site you use by automatically generating passwords that are difficult to guess, and means you don’t have to remember each of those different passwords every time you want to log in.
The best part? Most web browsers now include a built-in password manager, so you don’t even have to do the hard work of comparison shopping for one (though you can, don’t let me tell you how to live your life). Safari, Chrome, and Firefox now have various password management solutions included natively. If you want to do that comparison shopping after all, you can also consider third-party password managers and storage solutions, such as 1Password or LastPass.
Start using a password manager and change your passwords as you use your accounts. Focus on the most valuable accounts first, like your personal banking, credit card, PayPal, email, and any systems where you might store personal information about your customers or contacts (like HubSpot).
Password managers can also store notes or other pieces of information you want saved, meaning you can use them to store important things like your two-factor authentication recovery codes, security question answers, or other info you want to keep safe.
Total time: Two minutes to set one up in your browser. Maybe ten to shop around.
Sign Up for HaveIBeenPwned Email Alerts
That lovely screenshot I included in the previous section? It’s from an indispensable site for the modern internet: HaveIBeenPwned. In less than a minute, you can enter your email address and sign up for email alerts if that address shows up in a data breach. If you get an alert like this, don’t panic! Simply change your passwords and set up 2FA on any sites where you may have used those credentials.
Total time: One minute. Maybe. If you round up.
Step Two: Keep Everyone Else Safe
Are you in charge of access policies for some of your team’s accounts? Good news: most providers have some features that can help you both ensure that your users are keeping their accounts secure, and monitor for out-of-the-ordinary access or activity. You can do each of these things in the blink of an eye, and your account will be infinitely safer than it was before. Let’s start with an old friend from a few paragraphs ago:
This one is even easier than setting up 2FA for yourself. Let’s use your HubSpot account as an example. Using this feature, you can enforce that everyone who logs into your account with their HubSpot credentials has to use 2FA. You’re the boss, so you just have to flip a toggle. That’s it. Enforcing 2FA protects every user on your account quickly, and many providers offer this as an easy option, or even enforce it automatically. I don’t even want to give this one an estimated time, but it’ll mess with the whole format of this article if I don’t, so:
Total time: Ten seconds. Really.
Familiarize Yourself with Account History Logs
This one is more of an ongoing activity, but it’s important to stay informed about what’s happening in your account. As is the case with many platforms, all HubSpot accounts have access to Log In History and Security Activity reports. These reports allow you to see when your users have been logging in, as well as where and how they’re doing so, and keep track of what notable actions they may have taken while logged in. You should familiarize yourself with these logs, and consider regularly reviewing them for unauthorized activity.
Total time: Five minutes.
Bonus Round: The Wide World of Single Sign-on (SSO)
HubSpot Enterprise customers can integrate their accounts with SSO providers, like Microsoft Azure AD, OneLogin, Google, or Okta, via SAML. This allows you to force your HubSpot users to authenticate with your SSO provider in order to log into your HubSpot account. Via the SSO provider, you can then enforce all sorts of security or access policies which your users will interact with as normal when they log into HubSpot.
Total time: Getting an SSO provider and access policies set up will probably take longer than a cup of coffee. If you’ve already got one, integrating them with your service provider can usually be done in as little as five or ten minutes.
Step Three: Know You’re on the Right Track
Seriously, that’s it. Ten minutes, maybe twenty if you really need to find the perfect password manager, and you’re infinitely safer than before. These steps cover some of the most important things you can do as a user in any platform, not just HubSpot, today. That’s how easy security can be, and how quickly you can do it. It can seem overwhelming, but you don’t have to be a certified security expert to keep yourself safe. Some simple steps, a few monitoring tools, and you can become your office’s resident account security advocate. Maybe you’ll even score some more free coffee for your trouble.
Want to work for a place that treats growth opportunities and inclusivity just as seriously as we treat security? Check out our open positions and apply.