Hackers attack a computer in the United States every 39 seconds.
Cybercrime has quickly become today’s fastest-growing form of criminal activity. The shift to remote work during COVID-19 has accelerated digital growth — and businesses need to secure their digital office the same way they secure a physical office.
Ginni Rometty, executive chairman of IBM, says that “Data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry.” (Source: Forbes)
In a time when an increasing amount of business operations happen online, how do you keep one of your most important business assets — your data — safe?
Chaim Mazal, Vice President of Global Information Security at ActiveCampaign, recently hosted a webinar all about the importance of proper security measures for your business.
The above webinar and this article covers:
- Why security matters for businesses of all sizes
- 6 easy ways to better secure your business
- How ActiveCampaign protects your business and customer data
Why security matters for businesses of all sizes
Over 35,000 security breaches are reported annually, according to the U.S. Government Accountability Office. The most common types of security incidents are:
- Email/phishing scams
- Device/computer theft
- Unauthorized network users
It might feel like these breaches only happen to large companies — that’s what gets news coverage, after all. Equifax’s data breach resulted in huge financial losses, but also in an potentially more damaging loss: their reputation.
But the truth is, 43% of security breaches happen to small businesses. And if one happens to your business, it’s possible your business won’t survive the fallout.
- Security incidents cost businesses of all sizes $200,000 on average.
- Roughly 83% of business owners don’t have a contingency plan for dealing with security threats
But where do you start when you are looking for ways to keep your business safe?
6 easy ways to better secure your business
Here are 6 quick ways to stop common methods hackers use to gain access to your information:
- Use software with multi-factor authentication
- Beef up password security
- Keep track of your devices
- Set up automatic software updates
- Protect yourself from malware
- Educate everyone
1. Use software with multi-factor authentication
What is multi-factor authentication (MFA)? If you use a mobile phone, there’s a good chance you’re already using MFA. When you use your fingerprint to unlock your phone, that’s a type of multi-factor authentication. When a code is sent to your email address to enter into a website, that’s another example.
MFA forces hackers to need more than a password to access your data. Even if passwords are compromised, your data stays safe.
2. Beef up password security
One of the easiest ways to keep your data safe starts with passwords. People tend to use the same passwords across multiple platforms — and they often choose weak passwords. Weak passwords make you vulnerable to hackers, so it’s important to improve password security. One way to do this is with a trusted password management application.
What is a password manager? It’s an encrypted digital storehouse for all the login information you use for your accounts. You don’t have to remember your passwords (or a big no-no, write them down), and you aren’t using the same password for multiple accounts. Many password managers even include a password generator to create incredibly strong, unique passwords for an extra layer of security.
3. Keep track of your devices
Laptops and mobile devices have become the norm, running all aspects of a business, especially as more people operate remotely due to COVID-19. This means there’s a lot more opportunities for data to fall into the wrong hands, so it’s important to keep track of your devices.
You should track:
- What information you’re storing
- Where you store it
- Who has access to it
4. Set up automatic software updates
Hackers often investigate a network to see which version of software a business uses. That’s because it’s easier to exploit older versions of software. To avoid this potential threat, set up automatic software updates to run in the background or overnight so that the tools you use are always the latest version (which include the latest security measures). SaaS providers like ActiveCampaign update software automatically, so you don’t have to worry about keeping track of updates.
5. Protect yourself from malware
Malware — the collective name for malicious software attacks like viruses and spyware — can cause huge amounts of damage, without you even being aware it’s happening. How common are malware attacks? Known malware is downloaded every 81 seconds in enterprise organizations.
You can help protect your business from malware by:
- Turn on your firewall: Your router’s firewall provides a first line of protection.
- Security software: Choose software that protects against identity theft, suspicious websites, and hacking attempts.
- Protect emails: Anti Spam software protects against malicious emails like phishing attempts.
6. Educate everyone
Every 32 minutes, someone sends sensitive or private data outside of a company, according to a study by Check Point.
A united front about your business’s security is important. Everyone in your organization needs to understand and follow the security measures you put in place, or weak spots will start to form — which hackers will look to exploit.
It’s just as important that the software tools that you use to help run and grow your business take your security as seriously as you do. How does ActiveCampaign make sure your data is protected?
How ActiveCampaign protects your data
“Building a platform that customers trust is core to the vision of ActiveCampaign.” — Chaim Mazal, Vice President, Head of Global Information Security at ActiveCampaign.
Your customers won’t hand over their personal information to a business they don’t trust. And as a business owner, you shouldn’t either.
“To be ActiveCampaign’s customer, you have to know us, like us, and trust us,” says Chaim Mazal, Vice President of Global Information Security at ActiveCampaign. “You have to know we can serve your needs and grow with you. Without trust, you can’t create a relationship that lasts — that includes with the software solutions you choose.”
That’s why ActiveCampaign never stops working to improve the security, reliability, and performance of our platform. To do this, we are:
- Compliant. ActiveCampaign is heavily focused on GDPR, SOC 2, and HIPAA compliance. We constantly improve our security to go above and beyond compliance standards.
- Automated. Security scanning tools help our engineers incorporate security throughout our product development lifecycle. We build in-house tools to scan code, scan infrastructure, and automatically detect anomalous activity.
- Proactive. We continuously attempt to hack our own systems. Offensive engagement allows us to find and correct vulnerabilities faster than they can be exploited by malicious parties.
Security should start before the first line of code. That’s why we bake security into every stage of our software development lifecycle.
Your data is unique. Your privacy is valuable.
Learn More: Venture Harbor’s guide to Hipaa compliant email marketing.
Here’s a few of our recent security enhancements we use to protect them…
Multi-factor authentication for a more secure experience
Multi-factor authentication (MFA) gives you a more secure login method for your users and prevents unauthorized logins. When this option is enabled, users will be required to verify their username/password and a six-digit verification code generated by an authentication app on their mobile device.
Highly customizable session management
This security setting will log an ActiveCampaign user out if they are idle for a predetermined period of time. This setting is highly recommended because it provides an additional layer of security by preventing unauthorized account access.
A simple, secure password policy
Rather than require keyboard gymnastics with arbitrary rules, ActiveCampaign takes a simple approach to our password policy:
- Minimum 8 characters
- Nothing from the top 10,000 most common passwords list
These simple rules, combined with brute-force prevention measures and our multi-factor authentication feature, allow our users maximum flexibility while ensuring account security.
SOC2 audit and Pen Test for trust with transparency
A SOC 2 auditing report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. For security-conscious businesses, SOC 2 compliance is a requirement when considering a SaaS provider.
Penetration testing (or pen testing) is an exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a system. The goal of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of.
ActiveCampaign is committed to protecting and safeguarding your data with full transparency into security, privacy and compliance controls at ActiveCampaign. That’s why we make our latest available SOC 2 report and pen test summary available as part of our comprehensive security package.
“Completion of the SOC 2 audit and penetration testing shows our ongoing commitment to protect our customers’ data and their customers’ data — so that trust can be at the center of all the relationships we help facilitate,” Chaim explains.
You can request our security package here.
A cutting-edge team for cutting-edge security
We continue to build a team with world-class security skills. Our team includes experts with experience in compliance and privacy, risk, threat exposure management, application security, secure cloud and infrastructure, incident response, and red teaming.
“By building a world class security team with domain experts from all over the world, we can better serve both ActiveCampaign and our customers. That’s a win for everyone.” — Chaim Mazal, Vice President, Head of Global Information Security at ActiveCampaign.
Your customers are our customers
ActiveCampaign has a lot of upcoming security enhancements in the works. They include:
- User permissions improvements. Permissions are getting a complete revamp inside and out! Account admins will be able to select from suggested roles, or start from scratch to create your own unique roles. These roles, which currently can only be assigned to groups, will be able to be assigned to the individual user as well.
- Single sign on (SSO). SSO will allow users to use outside accounts (like Google, Facebook, or LinkedIn) to sign into their ActiveCampaign account. This means one less password for your password manager to remember. Use this service with our current multi-factor authentication service to keep your account incredibly secure.
- Security alert user analytics. Account admins will have the option to enable user analytic alerts for their users. These alerts monitor how your users are using their account — for example, the location of the IPs that they are regularly accessing their account from. If a deviation from these typical activities is observed the admin and user will be notified. If the activity is unexpected for that user, steps can be taken to secure the account, like:
- Logging out all sessions for that user
- Updating the user’s password
- Enabling multi-factor authentication for the user
Data protection is crucial for long-term business success. We’re so committed to your success, we guarantee it. We’re proud to be the only customer experience automation provider promising excellence in value, service, and trust — that’s why we created the ActiveCampaign Customer Success Commitment.
Our platform works as hard as you do to keep your customers’ trust. We do that by protecting your data, providing the stability you need, and helping you stay compliant.
“At the end of the day, what’s important to customers is what’s important to ActiveCampaign,” says Chaim. “Customers entrust us with their data, and we have an obligation to do everything within our power to secure that data—not only at a compliance level, but also to ensure we have complete control over all data transactions at all times.”