Don’t Get Hacked: Encryption Best Practices

Written by Heather Mueller on September 29, 2014

Posted in Form Hacks

Freaked out about all of these data breaches in the news? We understand– it’s easy to feel vulnerable to hackers. If you capture personal data online, you must encrypt it. Encryption protects your data and makes your company more credible in the eyes of consumers. Heck, even Google is factoring in encryption when ranking websites.

There are piles of encryption guides and best practices for the tech-savvy IT specialist. But how can the rest of us know if we’re doing everything possible to secure and protect the sensitive data we collect? No, you don’t need to stop collecting credit card numbers and require cash. (Your profits would tank!) Instead, let us help you evaluate your day-to-day online operations.

Best Practice #1: Understand what’s sensitive…and what’s not.
Forms that require social security numbers, credit card numbers, bank routing information, and other personal info absolutely needs extra protection. But a survey to uncover preferences between boxers and briefs? Probably not the time to add an extra layer of security.

Best Practice #2: Get to know your encryption options.
Secure Sockets Layer (SSL) is the most-used technology for protecting traffic of sensitive information between your browser and Internet servers. It’s also very powerful. Even the standard 128-bit SSL (Formstack uses 256-Bit) would take a trillion years to hack, by some accounts.

Database encryption protects data “at rest.” Formstack’s Encryption is so secure that if you lose your password there’s no way to access stored data. Not even our staff can get to it!

Email encryption can be used to secure sensitive data you email to yourself or others.

Formstack users are required to enable all three of the above options when collecting, sending, or storing sensitive data.

Best Practice #3: Ask vendors how they keep your data safe.
It’s not enough to encrypt data. These days, you have to encrypt it well. SSL, database, and email encryption can add a valuable layer of security to the critical data you collect and store, but only if the encryption is done correctly.Technology that worked a decade ago is easy to hack today, so make sure your vendors are using the most advanced methods possible. And unless your internal team includes cryptographic specialists with years of experience, avoid “home-brewed” solutions.

Best Practice #4: Back up your backups.
If your company stores a backup of sensitive data in another location (many do), be sure it’s encrypted in every environment.

Best Practice #5: When in doubt, encrypt.
If you find yourself questioning the sensitivity of data you’re handling, it’s always safest to enable encryption. Just be sure to secure your own access. (No taping passwords to the backs of staplers!)

Breathe easy with Formstack
Don’t worry: your data security is our highest priority here at Formstack. Want to try out our secure online form builder? Sign up for a free trial below!