While HubSpot offers incredible tools for organizing, automating and optimizing your business processes, there is one area that people don't always remember to monitor—users and their associated access.
Your CRM is the lifeblood of all marketing, sales and service processes, so if you aren't staying on top of your HubSpot users, paid seats and permissions, you're opening yourself up to a cascade of headaches and potential data breaches.
Forrester reported that internal actors were responsible for 43% of data loss incidents, half of these breaches being unintentional. Whether through malice or accident, the sheer number of insiders with authorized access to a company’s CRM data can pose a significant risk.
Trust us—if you strategically manage these key items during your CRM implementation, you will reduce the risk of poor data quality and compromised security.
A fundamental step in managing your HubSpot CRM effectively is understanding your teams and their access levels. Each user should be assigned roles and permissions tailored to their responsibilities. If you add people to the appropriate team in HubSpot, you'll get a quick understanding of exactly who needs what access and the permissions they need to possess.
At the Professional level of all Hubs, HubSpot admins are able to add users to teams and individually assign permission sets on a per user basis. For Enterprise users, you can create blanket permission sets and assign them to each team.
(Psst…to hack this in the Pro levels, try creating a permission set for a specific team member and copy that permission set to any newly created users for that same team.)
Create a spreadsheet to define all the access and permissions needed within HubSpot on a team level and keep it up to date. Not only does this streamline the onboarding process for new users, it allows admins to organize their permissions a bit more effectively, ensuring that you are able to copy permissions, update permission sets or assign permissions with ease, as well as prompt them to tidy up the backend of HubSpot when users leave your organization.
Mitigating the risk of data breaches and human error requires granular control over user permissions. HubSpot provides pre-made templates for user access, such as Super Admin, to prevent users from gaining access to sensitive data.
For example, if you have freelancers or agency teams that you work with frequently, make sure they are designated as a Partner Admin—this can circumvent unnecessary expenses on additional sales or service seats while still providing essential access to get their projects done.
HubSpot administrators should carefully manage permissions for sensitive functions such as assigning marketing contact status, downloading apps and the ability to permanently delete data. Best practices dictate reserving delete and export permissions solely for Super Admins to reduce the risk of accidental data loss or unauthorized data access.
Reminder: think of your Super Admins as having the highest security clearance—AKA you wouldn't let a summer intern at the White House have nuclear access codes. Dramatic as that may seem, it is incredibly easy for someone to slip up and delete critical data in your CRM, or circumvent business processes (and potentially violate CAN-SPAM) by exporting lists of contacts for example.
Otherwise, you can browse through the permissions templates, copy another user's permissions, manually assign or start from scratch on a per user basis.
You definitely want to pay extra attention to users who may require paid seats in Sales or Service Hub—we say "may" because it is incredibly common for organizations to pay for seats for a user without even realizing that person rarely needs or doesn't even touch the tools at those access levels.
Take a look at the features that are only available to paid seats. You can tell what requires a paid seat by looking out for the
What items are visible under a paid seat? Quite a bit:
Check out the Pricing & Features tab in your portal by navigating to your Company name at the top left to see all of the items available under paid seats.