Formstack Blog

What Security Standards Do You Need for Certain Forms?

When stories like Target’s recent security breach break, we’re all reminded just how much our personal data is stored and shared online. Chances are, if you’re creating forms, you’re asking someone else to trust you with personal information.

At Formstack, we want you to have the security tools necessary to be a rock solid collector of information. But how do you know exactly which security measures are appropriate for your form? Let’s take a look! (PS: a lot of this information can also be explored on the Security section of our Knowledge Base. Check it out!)

Limit Who Has Access
One great, off-the-bat way to protect your forms is to be selective about who has access to them in the first place. First, consider password protection. Only those given the password (one form has the same password for everyone) can get in.

When might this come in handy? Share a password with students to complete a course evaluation. This simple step helps protect your data from accidental or prankster respondents who stumble across the form. Only have the people whose input you desire have access to your forms.

Additionally, block the robots and spammers by adding the CAPTCHA letter and number combinations to each form. Respondents will be able to confirm their humanoid status and streamline your data intake.

Cover Your Bases
If your form is collecting any personal data including, but not limited to, name, address or credit card number, it’s a given you’ll need to enable SSL. This security authenticates and encrypts traffic between your browser and Internet service.

You’ll need to activate SSL whenever sensitive details are requested. Student applications, financial aid forms, and even online registration for Homecoming tickets will all benefit from SSL

Regardless if your website is unsecure, a Formstack form with SSL will still be secure. You also have the option to display a “Form Secured by Formstack” logo at the bottom of the form to reassure your audience.

Put That Data on Lockdown
There is some data, like social security and credit card numbers, that is simply no joke when it comes to sharing. Some respondents may be hesitant to give you this information online, and they are right to be cautious.

Sure. You could go back to paper forms for important processes like applying for financial aid, knowing you can physically shred the documents afterwards. But it’s simply not realistic. You need to be able to offer no doubts in the confidence of your forms to store private information… well, privately. To that end, Formstack offers Data Encryption, our most powerful security feature.

Data encryption involves public and private “keys” stored with your form. The public key encrypts stored data, while the private key decrypts that data. To use the private key, however, you will be required to enter a password. (I feel a little bit like I’m talking about a video game right now.)

You set this password when you set up your data encryption with your form. There’s one very important caveat to note here, though, and I cannot emphasis this point enough. That password is so secure that no one knows it but you. Literally. There’s no “can’t remember your password?” prompt because even at Formstack, we have no way to retrieve it. We could reset everything, but even then, you will have forever lost access to that data. (Imagine sad, “game over” video game sounds right now.)

Data encryption locks down your most sensitive of personal information. This feature is crucial for your form creation. So much so, in fact, that we require data encryption in our terms of service for those moments when you need to ask for information such as social security numbers.

Security Matters 
Whether you need to know a student’s dorm room number or their credit card expiration date, Formstack has the security features to protect the information appropriately. You will be able to offer your respondents a trust-worthy venue to share and store their data quickly and efficiently.