You need to be able to prevent someone or something from gaining access to your website and being able to change content, shut down the website completely, or access the information that is transmitted through the website - that's why website security is essential for any business.
Because HubSpot is a managed app, HubSpot IT is responsible for maintaining/updating most security measures for the CMS. Security updates happen in the background, and your IT team doesn't have to worry about them. (However, there is a change log if you want to learn more about this). If something goes wrong or you have a question about a security measure, you can contact HubSpot's support team.
.If, on the other hand, you are using a self-hosted website, you are responsible for the quality of your website's security.For other CMSs like WordPress, there are managed hosting providers that can relieve you of some of the security responsibility, but if you are using a number of plug-ins on your website, this leaves you vulnerable to potential security breaches.
Because HubSpot is an extensible platform, security issues due to third-party plug-ins are less of a problem because everything you need to manage your website and marketing strategy is provided directly by HubSpot.
HubSpot hires outside companies to perform penetration tests on its CMS and other products several times a year to ensure that its security system is robust. You don't have to pay for these tests yourself - though of course you're welcome to conduct your own penetration tests if you wish.
SSL comes standard with every HubSpot CMS site. HubSpot not only takes care of getting the initial certification for free, but also automatically renews it for them 30 days before the expiration date. HubSpot's certificate is offered through Cloudflare, which can support up to TLS 1.2.
Hacking isn't the only way a website can be compromised, but HubSpot has security measures in place to ward off other potential threats as well. For example, HubSpot has features that protect your website from crashing due to DDOS attacks
HubSpot has a number of security settings that you can customize to meet your business needs:
To reduce the risk of someone gaining access to your site by obtaining your employees' login and password, HubSpot lets you set up two-factor authentication.
This requires a second verification besides the username and password to ensure that the person accessing your HubSpot portal is actually the owner of the account they are logging in through.
For example, when someone logs on to their computer, they also have to enter a code that was sent to their cell phone number via SMS. In addition to this method, HubSpot still supports the transmission of the code via email or an authentication via "Google Authenticator" App.
If something goes wrong and your site is compromised, HubSpot has a backup system that prevents your original content from being lost forever. Revision history is available for all page content and code.
So if someone gets access to your site and deletes or changes things, you can revert back to the previous versions.
Security is a very high priority for HubSpot because if there are problems, it affects all the websites of the CMS!
While no form of website security can be perfect, HubSpot has a great track record of protecting its systems, its customers, and the data contained on its platform. There are even cybersecurity companies that trust the platform with their business.
Knowing that HubSpot is there to help you keep your site secure frees you up from that responsibility, allowing you to spend more time and resources on your actual marketing.