How to Create a Secure Online Form
This article provides advice to help customers safeguard access to their account and protect the confidentiality of the data submitted though their forms.
Identifying Risks
Customers create online forms to support three broad types of processes and applications:
- Applications where a member of your team needs to process each form response individually
- Applications where your team only needs to access aggregated form submissions (survey, event registration)
- Finally, applications that are automated with webhooks and APIs.
Automated processes involve specific security mechanisms and risks which are not discussed here.
Risks Associated with Compromised Credentials
Processes where staff need aggregated form submissions mainly rely on Excel reports. A member of your team may also occasionally need to access an individual form entry online to update it or add a note.
Examples: You are running a survey and generate a spreadsheet with the collected data once the survey period has ended. An event organizer takes online registrations. Both registration and payment are automated, so they only need to download a spreadsheet to get a list of confirmed guests.
In both cases, there is no need for anyone to receive email notifications, so notifications should be turned off, removing the risks associated with using email discussed in the next section. You can mitigate the risks that data held in your account is compromised by securing and monitoring access to your account, as discussed below.
Risks of Receiving Form Responses by Email
In this section, we focus on scenarios where a member of your team needs to process each form response individually, so you set up FormSmarts to send form responses to them by email.
Receiving form responses by email is convenient because the person receiving the form submission can view form data in the body of the message and can reply directly to the individual who submitted the form.
But there are several risks associated with receiving form responses by email:
- The risk of someone accessing the content of the email while the message is in transit from FormSmarts to your email host
- The much higher risk of someone getting access to the data submitted on a form if the email account of one of its destination emails is compromised even years after the form was submitted
- The risk of an email server being compromised (due to misconfiguration, leak by a rogue employee or hacking), allowing an unauthorized party to access all messages hosted on the system. For example, tens of thousands of on-premise Microsoft Exchange servers have been hacked in early 2021 due to a previously unknown vulnerability, allowing hackers to access all emails hosted on the systems affected.
The risk of a message being intercepted in transit is low, but it exists. Currently, FormSmarts uses opportunistic TLS to encrypt the connection when we send a form response to your email host:
- FormSmarts delivers email using an encrypted connection if supported by the mail host. All mail providers should nowadays support encryption (TLS), but that doesn't necessarily apply to the basic email hosting offered as part of web hosting packages used by many small organizations.
- If the destination email server does not support TLS, we deliver form responses via an insecure connection.
The risk of an email accounts being compromised is much higher and is the main reason why we provide other email notification options.
FormSmarts offers two ways to mitigate the risks of standard email delivery: Secure Access and Encrypted Email 1.
Secure Access
With Secure Access, users are required to sign in to FormSmarts to view a form entry and access uploaded files. Email notifications do not contain form data, but only a link allowing authorized users to access the form response online. If a form has multiple destination emails, each user must have been given permissions on the specific form.
Encrypted Email
With encrypted email, FormSmarts encrypts the message itself, not just the connection used to deliver it to your mail host. The message is encrypted in such a way that it can only be read on devices where you have installed the decryption key.
Encrypted email allows customers to keep the convenience of receiving form responses by email while protecting the confidentiality of the data submitted.
As an additional benefit, eSignatures and most file uploads are attached to the email, so you don't need to sign in to FormSmarts to download them.
Set Up Secure Access
Before you turn on Secure Access for a form, create a user in your account for each of its email recipients and give them permissions to access single form entries for that specific form only.
Important: Because the data submitted is not shown in email notifications with Secure Access, data storage must be enabled for that form. Form responses will be lost if data storage is disabled.
To set up Secure Access for a form, contact us mentioning the FormSmarts URL of the form.
Use Secure Encrypted Email
FormSmarts can deliver form responses directly to your inbox by encrypted email as an alternative to Secure Access.
FormSmarts encrypted email uses asymmetric encryption (also known as public-key cryptography) to encrypt the message before it is sent in such a way that only the form recipient can decrypt it. The email message is encrypted, not just the connection used to deliver it to its destination.
With encrypted email, a form response is encrypted in FormSmarts' backend and only decrypted by the email app on your computer or phone, once it has reached your inbox.
FormSmarts secure email is based on the S/MIME standard that is supported by most desktop and mobile email apps.
You can set up secure email online.
Download Forms as Password-Protected PDFs
FormSmarts allows members to download form submissions as password-protected PDF documents. A password is needed to open the documents, thus providing another layer of protection for reports that may contain personal information stored on personal devices and cloud storage.
The password is personal to each sub-user authorized to access PDF reports and cannot be the same as their FormSmarts password.
To turn on password protection of PDF reports:
- Create a sub-user (a.k.a invited user) for each form recipient, so they may log in to FormSmarts
- Give each user permission to access individual form responses (View Single Entry)
- Ask each form recipient to log in to FormSmarts to create a PDF password. The PDF password is personal, and it must be different from their FormSmarts password.
- Turn on password protection of PDF reports.
Once you have turned on the password protection of PDF reports, form recipients can download form entries online and via the Download PDF link at the bottom of email notifications. All desktop and mobile PDF readers support password-protected documents.
Secure Your Account
The first step towards securing the data you store with FormSmarts is to prevent unauthorized access to your account: set a reasonably strong password and enable two-step verification. If more than one person needs to access your account, create a user for each member of your team. Do not share your administrator password.
Check the Strength of Your Password
Please check the strength of your current password by typing it in the password field on FormSmarts registration page. If your password is rated less than Good, please change it. We suggest you use the checklist at the bottom of this page to help you choose a new password.
Use Two-Step Verification
We recommend you turn on two-step verification to enhance the security of your account. Two-step verification adds another layer of security to the log in process and helps prevent unauthorized access to your account and protect the data you store with FormSmarts.
After activating two-step verification, you will need to enter a verification code from an app on your phone in addition to your login email and password when you log in to FormSmarts.
Two-step authentication is required for members using Advanced Protection.
Create a User for Each Member of Your Team
If your forms are sent to multiple email recipients that need to sign in to FormSmarts to process form submissions or retrieve uploaded documents, create a user for each person who needs to access your account and only give individual users access to specific forms.
Do not share your FormSmarts account admin credentials with others within your organization.
Monitor & Audit the Security of Your Account
Familiarize yourself with the Security Settings and the Account Activity dashboards of your FormSmarts account.
The Account Activity dashboard allows you to:
- Monitor and audit recent account activity, for both the account administrator and invited users
- Log a user out immediately
Make sure how you use your FormSmarts account, who can access it, and how you secure your account (e.g. password strength requirement and protection, use of multi-factor authentication) is and stays consistent with your usage of the service.
For example, if you created a FormSmarts account to support a basic contact form or internal reporting and your usage evolved over the years to include applications collecting more personal data, make sure you upgrade how your protect your account accordingly.
If evey legitimate access to your FormSmarts account is from a fix set of IP addresses (from your office or through a VPN), consider setting up an IP Whitelist.
Have a Data Retention Policy, Set Up Removal Rules
FormSmarts allows you to keep submitted form data and associated e-signatures and uploaded files for as long as needed for processing and auditing, and automatically delete them once the retention period has passed.
Deleted data cannot be leaked, so data that has reached the end of its useful life and is no longer needed should be automatically removed.
Adopt an Explicit Data Retention Policy
For each of your online forms, find out how long you need to keep the data you collected based your application, and put in place automated deletion rules.
In many cases, data retention is mandated by industry regulations.
Data Lifecycle: Fine-Grained Data Retention & Deletion
FormSmarts give you fine-grained control over the retention policy for form responses stored in your account and any associated form attachments.
Stored Form Responses
- FormSmarts let you define a data retention rule to automatically delete a form response and any associated attachments (uploads) after a preset period
- You can alternatively decide to keep a form submission, but have sensitive data fields partially masked after a preset period of time.
Example: You need to keep a person's name, phone number but not their SSN. You set up a data retention rule to partially mask the SSN field after 30 days.
Form Attachments
FormSmarts gives customers full, fine-grained control over how long we keep uploaded files:
- FormSmarts allows you to define a specific retention policy for uploaded pictures, documents and e-signatures at the level of an individual upload field
- The retention policy for uploads is independent of any rule applying to the corresponding form response.
Example: You ask customers to upload a copy of their driving license or passport and a proof of address. You set up FormSmarts to delete the picture ID after 60 days, but keep the proof of address for two years.
Data lifecyle rules currently need to be set up on our end. Please contact us for help setting this up.
Consider Advanced Protection
The Advanced Protection mode activates a number of security features on FormSmarts to protect access to your account and the data it contains. If you would like to set up Advanced Protection, please contact us.
Password Quality & Security Checklist
Here is a password security check list to help you choose a new password.
Password Quality
- Passwords must contain a minimum of 8 characters, with a maximum of 100 characters.
- Do not use a password you already use on another site
- Do not use simple passwords based on dictionary words or character patterns like 'qwerty' or '87654321'
- MiX uPpER and loWercaSEs.
- Use numbers and special characters: ~!@#$%;(^_…
- Avoid obvious substitutions like '0' for 'o' and '1' for 'l'
- Passwords may contain non-English characters (ñ, 美,…) if your browser allows them and whitespaces. Whitespaces are ignored at the start and end of a password.
To change your FormSmarts password now, visit this page.
Password Security
- Do not use a password you already use on another site
- Do not share your password with anyone, if needed create sub-users to allow others to access your account
- Ensure your password is not written anywhere where it could be accessed by a third party
- Never click on ‘reset password’ requests in emails — instead go directly to the FormSmarts homepage and follow the password reset link on the login screen
- FormSmarts staff will never ask you for your password
- Turn on two-step verification
- These features are only available with FormSmarts Business Max package and higher.
Content
- Identifying Risks
- Set Up Secure Access
- Use Secure Encrypted Email
- Get Forms as Password-Protected PDFs
- Secure Your Account
- Check the Strength of Your Password
- Create Users for Members of Your Team
- Monitor & Audit Account Security
- Have a Data Retention Policy, Set Up Removal Rules
- Consider Advanced Protection
- Password Quality & Security Checklist