5 Ways to Keep Your Forms Secure and Stay #CyberAware

October is National Cyber Security Awareness Month (NCSAM)! NCSAM was created as a collaborative effort between the American government and industry to ensure that everyone has the resources they need to stay safer and more secure online.

In the spirit of NCSAM, we wanted to highlight a few easy ways to keep both your forms and your entry data more secure:

Two-Factor Authentication (2FA)

Our two-factor authentication feature enables users to secure their personal accounts and protect their associated organizations. It also enables organization administrators to monitor 2FA compliance across their organization.

Enterprise plan administrators can require all users in an organization to enable two-factor authentication on their accounts. The system then automatically enforces 2FA across the organization, barring access to any user who does not have the feature enabled on their account.

This makes it easy for administrators to ensure their organizations comply with corporate regulations.

2. Data encryption

When creating a form, you may need to collect sensitive data like Social Security numbers, driver’s license numbers, passport numbers, and other personally identifiable information. Using our data encryption feature, you can heighten your data security and encrypt your entry data at rest with just the click of a button. Doing so will ensure that your data is safe and impossible for any malicious outsider to decipher.

You can also protect individual fields to ensure that the entry data does not appear in notification/confirmation emails, generated documents, or through any other method in which data is transferred out of your Cognito Forms account.

3. Password fields

With data encryption enabled, you can more securely collect passwords on your forms using a Password field. Just add a Textbox field to your form, and select Password as the field type. When someone enters their password into the field, the characters will be masked from view with asterisks:

Password fields are always set to protected to ensure that the submitted data cannot be inadvertently transferred out of your account.

4. HIPAA compliance

If your organization directly handles Personal Health Information (PHI) or Personal Health Records (PHR), you are legally required to protect this information and comply with HIPAA regulations. For HIPAA covered entities, finding a cost-effective solution that allows patients to easily communicate with their providers electronically can be difficult.

To solve this problem, Cognito Forms offers HIPAA compliance through business associate agreements, making it easy to build medical forms for new patient registrations, appointment scheduling, refill requests, patient satisfaction surveys, and even online bill payment.

5. HTTPS

SSL (Secure Sockets Layer) is the standard for ensuring that data is encrypted when being sent to a web server from a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Cognito Forms uses SSL encryption and is always accessed over HTTPS 100% of the time for all users. However, if your website is hosted over HTTP, you may run into some issues when embedding your forms onto your webpage; starting in October 2017, Google Chrome began taking steps toward a more secure web by marking HTTP pages with text input fields as ‘Not Secure’. Eventually, Chrome will display a warning on all pages served over HTTP.

Serving your content over HTTPS is the best way to not only avoid browser warnings, but to also heighten the security of your webpage. Obtaining an SSL certificate can be easy and inexpensive with resources like Let’s Encrypt.

Learn more about how you can get involved in National Cyber Security Awareness Month! Plus, if you have any questions about keeping your forms secure, feel free to get in touch with us!