Today we have five tips to help you keep your Infusionsoft data secure. There are many threats to your data: hackers that want to steal your customer data, employees that make mistakes, poorly coded integrations, and software vulnerabilities. These simple steps will help protect your business and your data.
Keep your software up-to-date
There are many plugins for WordPress and other platforms that make it easier to interact with your Infusionsoft app. Whether you are using free or paid plugins, it is vital that you keep them up-to-date. New versions frequently fix security issues that can leave you at risk to hackers, nosy customers, or unscrupulous competitors.
This also applies to your web hosting and server software. It sometimes feels like a major security threat is being discovered every other day. Regularly updating your server software will protect you from these serious vulnerabilities.
Use Infusionsoft’s user permissions feature
Infusionsoft provides a method of controlling what a user can do inside of your Infusionsoft app. For example, you can restrict your employees so they aren’t able to delete contacts, or even limit what contacts they are allowed to see. In general, a user should only be given the permissions required for them to perform their job function. This limits your risk of data loss or theft by your employees.
You may want to consider disabling access altogether for employees that don’t have a genuine need to interact with Infusionsoft. If you have several users that are only using Infusionsoft for viewing data (such as reporting), it may be cost effective to deactivate their Infusionsoft accounts and instead set up reports using a tool like Data Warehouse.
Be careful who you give API access to
Giving a third-party access to your Infusionsoft app’s API should be done carefully. Anyone that has access to your API also has access to nearly all of your data. Working with well known developers and vendors will limit your risk of data loss or theft.
If you are hiring a developer to create a custom integration, you may want to give them access to a sandbox app instead of your real Infusionsoft app during development. This will prevent any bugs from damaging your real business data. This is especially important when hiring a developer that isn’t well known to the Infusionsoft community (such as one found on Freelancer or oDesk).
Use a backup solution
Even when following good security practices, there is still a chance of data loss. You or an employee may accidentally delete records or create a campaign that makes undesired changes to tags. A third-party integration may contain a bug that overwrites records or tampers with tags in an unexpected way. Or perhaps you ignored our advice about being careful with your API access, and an inexperienced developer mangled your Infusionsoft data.
With regular backups you’ll be able to get your business back on track even after accidental (or intentional) data loss. We offer a Cloud Backup solution that is fully automated. New and updated records are backed up every 15 minutes, and you can easily download your backup whenever you need it. We trust Cloud Backup with our own Infusionsoft app and are confident in its abilities.
Don’t add a contact’s details to the end of URLs
Last, protect your contacts by leaving their details off the end of URLs when creating links in emails. This option is provided to make it easier for non-developers to customize their landing pages with a contact’s details, but it also makes it easy for a contact’s password to get stolen. Instead, manually add just the details you need to the URL.