Look, we’re putting so much effort into building our email lists.
But have you ever thought about what happens when someone hacks your ActiveCampaign account and gets access to all your hard-earned email contacts?
Trust me, it would be bad 😬
This guide is a gentle reminder to think about account safety, with some tips so you probably never get intro trouble.
The risks
Data theft
Someone could steal a complete list of all your email contacts, and could do who knows what with them.
They could sell all data, could start spamming the people that have trusted you with their email address, or share other sensitive data with others.
(especially bad if you store e-commerce data in ActiveCampaign)
Unauthorised Emails
If someone gains access to your ActiveCampaign account, they can send emails as if they were you.
At best, it might be harmless spam. But what if it’s more serious? Imagine they send an email announcing a new product, with a link to purchase—only for the product to never be delivered. Your customers will hold you responsible because, to them, it looks like you sent the email.
That would be bad, very bad 😅
Loss of Control
I don’t know about you, but it took me a lot of time to configure my ActiveCampaign account, build all the necessary automations, and write all the emails for those automations.
If someone starts tampering with those automations, maybe even deleting them, that would cost me weeks to recover from, while not being able to send emails in the meantime which could have a huge financial impact.
Legal and Compliance Issues
I’m not a privacy lawyer, but I can see how a breach of regulations like GDPR or CCPA could lead to serious legal consequences.
Spamming and Blacklisting
Your email domain might be blacklisted if hackers send spam or malicious emails from your account.
This can really impact your email deliverability and damage your sender reputation, making it difficult to reach your audience effectively.
Mass Unsubscribes
If something goes wrong with your account and your email contacts find out, they might unsubscribe in large numbers. Once they’ve left, you won’t be able to reach them to explain or win them back.
What you can do right now
Don’t postpone this. As you can see from the risks mentioned, it can be quite serious, and it doesn’t take long to address these issues.
Use Strong and Unique Passwords
This seems so simple, but quite often someone gives me access to their account to work on automations for them, and they use a simple password like butterflies283
😅
That’s just not enough, hackers can crack something like that in seconds.
You can’t find plenty of guides online of how to choose a strong password in 2024, but it comes down to this;
- 16 character minimum.
- Include special characters, numbers, and a mix of upper and lower case letters.
- Don’t include any words that are known to you; your name, address, pets name. Make it random.
- Don’t use the password on any other website.
For example: P@ssw0rdL0nger!WithMoreWords
Or make it completely random: B7@r^pL9&x!Qv3zW*R2
I know it’s hard to remember, but just use a password manager to store all your different passwords.
Enable Two-Factor Authentication (2FA)
This is probably one of the strongest ways to improve your account security right away.
With Two-Factor Authentication, you need a second 6-digit code to login to your ActiveCampaign account.
This code changes every minute and can be generated in an Authenticator App on your phone, or you could invest in a hardware security key that generates this code.
Without your phone or hardware security key, a hacker can’t access your account—even if they have your password. 😎
ActiveCampaign has a guide here about how to set it up.
Enable session timeout
This is especially relevant if you use public computers, or when other people have access to your account too, and you’re not sure where they’re logging in from.
When you enable session timeout, users are automatically logged out after a period of time.
To enable it, go to Security
» Session Timeout
and toggle Enable for the entire account
.
The default is 8 hours, but I’ve personally increased it to 16 hours because it might be annoying if you get logged out during a workday.
Manage users
Do your work in a team and do other users have access to the ActiveCampaign account too?
Set a reminder to periodically go to Settings
» Users and Groups
to delete any old users that don’t need access anymore.
Create a backup
This might be overkill, but it can’t hurt to create a backup of all your contacts once in a while.
Go to Contacts
, click the three dots on the top right to open another menu, and click Export
.
Give it a name, and in a few minutes your export is ready to download as a CSV file.
Store the file in a safe place, and maybe consider putting it in a ZIP with a password.
Be Cautious with Integrations
Don’t just connect anything to ActiveCampaign and check first if it’s a legit integration.
Keep your email account secure too
If someone gains access to your email inbox, they effectively have access to your entire online life, including your ActiveCampaign account. So, make sure to keep your email account secure as well.
Conclusion
This is probably the guide nobody searched for, but I’m happy it found you so it hopefully saves you a world of headache.
Any questions, or other safety recommendations?
Let me know in the comments below, would love to hear from you 🙌