We are working on a new Best Practices Guide that will outline steps that you can take to keep your account secure. This guide is coming soon. For now please review these key best practices below:
- Use SSL on all your forms and workflows for secure transmission of data
- Use encryption at the field level for sensitive data to protect it at rest
- When using a Secured Workflow, we recommend using the Notification Approval Mode to approve new users prior to granting access
- Disable Direct Edit Mode Access
- Enable PDF Encryption and Attachment Directory security if you are storing sensitive files or PDFS
- Restrict access by IP
- Setup a scheduled trigger action to run x days after the form is submitted and delete data that is no longer needed
- Never share your account password
- Never send ANY sensitive information via email, use LogiDecrypt or a workflow or sub-user account to access the data over SSL
- Store your Private Key on a USB drive away from your computer. Consider storing it in a fireproof safe.
- Change your password every 90 days (automatically enforced)
- Use a strong password (automatically enforced)
- Use Account Security > IP restrictions to restrict access to your account when possible (to your home or work)
- When collecting credit cards, use a real time processing gateway partner (like Stripe or Authorize.net) to process the payment and avoid storing the card
- Never collect the CV2 card number. It is against PCI compliance to EVER record that number
- When using Respondent Update Mode, ensure the “Enforce Password Strength” option is enabled.
- Monitor sub-user and workflow session logs for any unusual activity