9 min read  | HubSpot

HubSpot Cyber Security: Best Practices to Safeguard Your Data

The escalating frequency of cyber-attacks, as reported in the media, and their devastating impact on businesses and their clients are impossible to ignore.  

A recent study conducted by our friends at Kordia revealed that 55% of companies surveyed had experienced a cyber-attack, and 28% pinpointed the source of the attack as a third-party supplier.   

As businesses expand and adapt, their reliance on third-party tools to boost efficiency has increased. This necessity has made tools like HubSpot essential for coordinating and optimising sales, marketing, and service operations.  

However, with this heightened dependence on digital platforms, the significance of cyber security must consistently be a priority. 

In this article, we delve into the optimal practices that can be adopted to ensure your HubSpot account is secured against potential threats, such as unauthorised access, data loss, internal data theft, and other prospective cyber-attacks. 

Limit User Access and Permissions 

Not every employee requires access to all sections of your HubSpot account. Restricting user access based on roles and responsibilities helps lower the risk of accidental or intentional data leaks. Role-based access control (RBAC) should ensure employees only have access to the information and tools necessary for their role. This minimises the risk of data theft and secures sensitive information from being misused. 

HubSpot offers excellent tools to streamline this process, including teams and permission sets 

We recommend setting aside time to review user access regularly and implement processes to remove access to employees when they depart. 

Monitor User Activity Regularly 

Frequently monitoring user activity can help identify irregular behaviour that may signal a security threat. HubSpot has some excellent tools to facilitate this.  

For instance, you can review recent login activity, observe recent events that might be concerning, and scrutinise what data has been exported from your CRM.  

We recommend reviewing these reports regularly.  

Utilise HubSpot's Security Centre   

​​Within HubSpot's Security Centre, you'll find a thorough checklist of security parameters, providing an insight into the robustness of your account's security against potential threats. This centre grants you a security score, and if there's a need to bolster any security aspects, readily available links in the scoring criteria can help mitigate these risks. Once the required improvements have been made, the score can be recalculated, displaying the enhanced security standing of your account. 

Disable HubSpot Employee Access 

Occasionally, you may require assistance from HubSpot Support with your account. This often leads to HubSpot staff accessing your account to evaluate the situation and offer support.  

We recommend restricting HubSpot employee access in the security settings if you don't frequently rely on HubSpot Support.  

Restrict Logins to Trusted IP Addresses 

Super administrators can confine access to the HubSpot account to only trusted IP addresses. This ensures a blockade on logins from VPNs outside your network or from public or personal computers connected to unsecured Wi-Fi networks. Thus, even if ill-intentioned individuals somehow obtain valid login credentials, they will be barred from accessing the account if they are outside the allowed IP range. 

Secure Your Linked Apps 

HubSpot enables integration with many other applications, like Gmail, Slack, and Salesforce, to mention a few. While this boosts functionality and convenience, it could also create potential vulnerabilities if these connected applications are not secured. Ensure that all linked applications adhere to the same rigorous security measures as your HubSpot account. 

Have a Security Sign-In Policy

Despite the growing sophistication of security technology, robust, unique passwords remain essential. HubSpot fortifies account security by not only adopting default password standards but also cross-checking new passwords against publicly leaked ones, alerting users if their selected password is a security risk. 

In addition to a strong password, using two-factor authentication (2FA), which requires a secondary verification method, makes unauthorised access difficult even if a password is compromised.  

If you have an Enterprise plan, HubSpot's Single Sign-On (SSO) offers a centralised control over user access and simplifies the login process, thereby enhancing both security and efficiency. 

Employee Training 

Lastly, but no less importantly, educate your employees. Numerous security breaches occur due to human error or oversight. Regularly providing your staff with training about the significance of cybersecurity and their role can notably decrease your risk. They should be mindful of common threats like phishing attacks and understand the importance of reporting suspicious activities. 

In Closing 

The benefits of digital transformation are immense, but it's crucial to approach it with a security-first mindset. Adopting a comprehensive approach to HubSpot security can help shield your sensitive data against threats.  

Remember, a single security incident can have devastating consequences, so it's always better to err on the side of caution. By implementing these best practices, you're protecting your business and fostering trust with your clients, reassuring them that their data is safely guarded. 

With cybersecurity, vigilance and proactive measures are the keys to success. It's a continuous journey that evolves with changing threats and technology. The above practices form a solid foundation for securing your HubSpot account, but staying informed about the latest security trends and threats in the digital landscape is crucial.