Aug 31, 2020 10:33 AM - edited Sep 10, 2020 1:31 PM
This week, we have one of the Product Managers on HubSpot’s Security team available to answer your (or your IT team’s) questions on all things security.
Ryan DiPetta’s team helps keep our customers' accounts safe from bad actors. The Security Team builds features like two-factor authentication & single sign-on and implements automated protections to secure HubSpot login.
Ryan ( @rad ) is happy to answer questions about how to keep your employee's accounts secure, what kinds of threats we see at HubSpot, and the kinds of threats you might see, too. He’s also excited to hear your general questions about security best practices when it comes to doing business online.
Sep 3, 2020 3:57 PM
Sep 4, 2020 10:03 AM
Hi Ryan! Thank you for all you and your team have done to keep HubSpot secure. What new security features should we expect in the near future? Restricting and opening access to granular platform features (e.g. individual lists and select emails) rather than general permissions for lists and emails for different team members would be huge.
Sep 4, 2020 11:42 AM
Sep 4, 2020 5:13 PM
Hey Skyler! Good question. Hadar's already touched on the user permissions piece, but my team handles security of our user login system, so I can give you a bit of info about things we're currently exploring.
Our big focus lately (as you may've seen from some recent emails & our Adapt marketing content last week!) has been on getting more adoption of two-factor authentication. Right now around the industry there's been a big uptick in fraudulent activity, & we want to make sure to encourage our customers to be as safe as possible. We're working to add better protections to our login system so that we intelligently catch potentially fraudulent login attempts at the door so the bad folks can't get into your HubSpot account, as well. Between this & a big push on 2FA, we're hoping to provide more security options to our customers. That could include things like support for physical security keys for HubSpot login, as well. Enabling required two-factor authentication is the best way to make sure HubSpot accounts stay protected, so we want to make sure that experience is easy & friendly for our users, even if they're not always super technical people; security should be easy to understand & not intimidating!
Further into the future, there are some other important improvements we're considering for account security: adding more events to our Security Activity History log, allowing you to set allowed login IP ranges for your HubSpot account, & other things along those lines. We're always keen to hear more feedback about the security features that matter to users, too, so if there are big things you'd love to see us tackle, I'm happy to hear about them & let you know if they're problems we're thinking about.