In HubSpot's Security Center, you can review a checklist of security criteria to understand how well-protected your HubSpot account is from security incidents. The Security Center provides a score, and if a security measure needs improvement, you can click links in the scoring criteria to resolve any security risks. The score can then be recalculated to reflect the improvements in your account’s security score.
Access the HubSpot Security Center
In your HubSpot account, click the settingssettings icon in the main navigation bar.
In the left sidebar menu, navigate to Account Defaults > Security.
Click the Visit the Security Center button at the top of the screen.
The Security Center screen will display your Security Rating percentage and the security measure criteria. The rating system will rate you with Good or Please review for each of the security measures.
You can resolve the scoring criteria by clicking Resolve next to the rating that says Please review.
What is the scoring criteria?
Is two-factor authentication (2FA) required for your account?: Two-factor authentication (2FA) is the best way to protect your HubSpot account from unauthorized access. Learn how to require 2FA in your HubSpot account.
What percentage of users have 2FA set up?: The more users who use 2FA, the more your account is protected from unauthorized access.
How many super admins does your account have?: A lower number of super admins ensures that the risk of users taking risky actions is reduced. Learn how to manage your super admin permissions to determine if any can be removed.
What percentage of your users are super admin?: A low percentage of super admins compared to overall users ensures that you aren't giving too many permissions to users that could cause risk.
Do you have any partner users who are super admin?: Making partner users super admins allows them to view and manage billing, add and delete users, and perform tasks that could add risk to your account. As with any other user, a lower number of super admins reduces security risks. Learn how to manage partner user permissions to determine if any can be removed as super admin.
Does your account have any inactive users?: Only users who need access to your HubSpot account should be able to access it. HubSpot considers users inactive if they have not logged on in the past 90 days. Learn how to remove or deactivate users.
Thank you for your feedback, it means a lot to us.