Keeping Your Online Community Safe
People join online communities for a number of reasons. Whether they’re looking to interact with a brand, proclaim support for a political or social cause, or connect with individuals who share a common hobby. Part of a community manager’s (CM) job is to ensure that the forum is a safe and enjoyable place for members to interact.
An important issue with participating in these communities is that of online community safety. While forum discussions can run tense at times, it is important that members feel like they’re a part of a community, and that it is “their” community. This encourages members will do everything they can to keep the community a great place to be and a safe place to connect with each other. The two key concerns about safety involves both external and internal issues.
Cyber Security Is Key
A secure site is the first step you can take to protect your community from outside influence such as hacking or phishing scams.
One of the most effective methods is to implement a password strength indicator and basic guidelines for password length and characters that can be used. Allowing your users to see just how weak or strong their password is can help them better protect their credentials from hackers.
Every online community will eventually run into user login problems. While most login issues are simple, without long-lasting effects; persisting login problems create annoyed users. The result is an increase in users resetting their passwords, emailing or calling support, and preoccupying your support teams with these user complaints..
Login problems are commonly caused by having a low server load capacity. Where too many login attempts at once overloads your servers. It’s important to properly monitor the strain on your server so you can fix it before you become overwhelmed.
Another easy step to take is to have purposefully unclear error messages as to which login credentials are bad. By stating that either the username or password is incorrect; then requiring the user provide an email address to reset their password, without acknowledging whether or not there is an account associated with that email, it limits a hacker’s ability to steal the account.
Inactive User Accounts
An inactive user account remaining that way for a long time, is similar to a car being parked somewhere for too long – the bad guys will eventually notice, and when they do they’ll take it. When hackers become aware of an inactive account, they know that they can take their time hacking it. In fact, they may not hack the account through your community site; but instead will work to hack the user’s email and reset the password.
Hacking an inactive account is dangerous for everyone as no one will know that the account has been taking over until it’s too late. The original owner of the account probably doesn’t know that their account’s been hacked. In fact, as long as no one complains, the hacker can remain in control indefinitely.
An easy way to prevent this is to implement a system that deletes inactive accounts after a certain period of time. By alerting users that their inactive account will be deleted, it will give them an advanced notice that they may not be able to get back into their account, giving them the option to voluntarily delete, become active again, or simply ignore it and allow the site to delete it automatically.
Prevent Link Exchanges
Fake links are incredibly easy to make, and even easier to convince the unsuspecting user to click on them. When hackers, spammers, and phishers send a fake link through a message, it can launch any number of virus or spyware tools that can infect their account, and even worse, their machine.
While links are a common thing to post in the public areas and are easily monitored, it should be a best practice to prevent users from sending clickable hyperlinks in private messages. When sent links appear as plain text, it can be far easier to prevent users from following through them.
This may not prevent 100% of bad link attacks, but it severely decreases their presence. There are tools you can implement that scan links before a post becomes public or a private message is sent. Potential spam can be flagged before it appears to your users or even flagged to the user so that they proceed with caution.
It may seem counterintuitive to prevent users from displaying personal identifying information on your forum, but this is a good practice to help keep accounts safe. Many users rely on pet names, phone numbers, birthdates, and other personal information to create a password or answers to security questions. When these details are coaxed out of users, either willingly or otherwise, trouble can arise and accounts get hacked.
You may not be able to keep users from posting everything, but you can make it difficult. In fact, many online communities make it a violation to post personal information. Setting community guidelines, that includes a ban on posting personal information helps protect users from themselves.
Communities can be a great place to connect with others who share similar interests, but users need to be reminded that this is still the internet so they need to be careful with what they share.
Fix Site Problems Quickly
It may seem obvious, but too many community site problems go unsolved for too long. Once an issue is known, always address it quickly. Any crack in your website can lead to vulnerabilities.
Even if your site is performing well, it’s a wise idea to frequently test your site for security problems. A great way to do this is with a site penetration test. By regularly assessing the potential risk to your community’s site is for current known exploits in code and script, you can mitigate several risks. Keep up to day on how strong your site is and where it’s vulnerable, you can take preventative measures which will save time and frustration in the long run.
Limit Public Connection Access
While it may be inconvenient to some users, it can help if you don’t allow access to the site over public or unencrypted connections. Hackers and phishers often use public connections, like those found in libraries, fast food restaurants, and stores to get a hold of financial information and personal data.
No one wants to bar their users from remaining active, but by preventing public access connections it helps them stay safer for longer. This is a less ideal solution if you’re trying to grow your community, or if you want your users to be able to have access from anywhere.
If you’re a brand, business, or a community brought together by a social or political cause, limiting your users isn’t a great call. However, if yours is an internal community, such as a private business network, this is a great option to explore.
Create and Enforce Community Guidelines
One of the best ways to keep your online community safe is by establishing and enforcing community guidelines. When setting up your community for the first time, one of the first things you will do is create a set of rules governing what is and is not acceptable within your community.
A proper set of community guidelines will cover:
- Terms of service and acceptable use policy.
- Outlining the intended purpose of the community.
- What actions or behaviors are acceptable and unacceptable.
- Penalties for violating community rules.
- Limiting access to certain areas of the site.
- Loss of posting privileges, temporary or permanent.
- Account suspension.
- Account termination.
Managing a community can be a tightrope walk at times. You want your users to be able to express themselves in a variety of ways, however you do not want other users to suffer for it. Most successful communities employ a variety of penalties, such as the ones above, and rarely jump the gun to account termination from a single incident.
Your community will suffer if a few users create a hostile environment, however it will also suffer if you’re too quick to give people the boot. Your community guidelines act as a first line of defense, letting users know the rules. From there, a number of options such as the ones above are useful depending on the severity of the infraction, and if this is a recurring issue with the user verses a first infraction.
If a user engages in openly dangerous behavior such as: calling for offline violence, engaging in cyberbullying, or inciting arguments with cultural slander there may be real world legal ramifications. Community managers should be well aware of the laws their community is operating under. Thankfully these occurrences are rare but it’s important to remind users that there is a real person behind the keyboard.
Active Community Management and Moderation
Community users will certainly be quick to let you know when something is happening that they do not like. This does not mean that every complaint requires immediate and severe action. However, having a community manager, or a team of moderators in place to investigate these issues is important.
Before your community is even active, it is important to set up your community management team. This team can be a sole community manager, or a handful of people within your organization. This team’s main focus is to guide the community in the right direction. Part of this is monitoring the community for trouble spots and signs of abuse.
Issues of cyberbullying, hate speech, or posts that violate the community guidelines need to be investigated and removed sooner rather than later. To make their lives easier, some communities even employ volunteer moderators from within the community itself. These are users who have demonstrated a commitment to the community and have set themselves apart from the pack.
Volunteer moderators should be chosen carefully and many larger communities provide training materials to dictate the scope of their authority. Properly implemented, volunteer moderators can provide an excellent way to combat a number of common community issues.
Reward Positive Behaviors with Increased Access
Many communities limit new members to the number of posts they can make, or the actions they can engage in. This ensures that new users “earn” the right to have greater freedoms within your community. Some examples of this include:
- Restricting the number of daily posts a new user can make.
- Restricting a user’s ability to post messages containing links to other sites.
- Restricting the ability to upload media files such as video or pictures.
- Restricting the areas of a community a new user can access.
It may seem counterintuitive to handcuff your users right from the beginning. However, making your new members earn the right to engage in certain actions helps weed out spammers and bad apples. It also helps ensure that those who hang around long enough to reach those levels of privilege, are truly interested in engaging with your community in the right way.
A Safe Community is A Happy Community
Community safety is the job of everyone involved, from the management team to the members themselves, everyone needs to do their part. Creating an enjoyable community means fostering a positive environment in which the community may grow and thrive.
Issues will arise, both internal and external. Taking steps like those outlined previously will go a long way towards ensuring your community is safe from both.
Learn more about Vanilla Forum’s extra security measures and their implementation of RASP. We are the first to do this for our community platform.