Never has privacy been as big an issue as it is today. Every week seems to bring a new data breach, hack or misuse of data. In the post-Cambridge Analytica era, community managers must do more to secure their networks. After all, you cannot expect someone to engage with your community if they do not trust its security.
Trust is a huge deal these days. Communities are broken when members lose trust. Tools such as WhatsApp and Facebook have come under increasing scrutiny over their data sharing and storage policies. Plus, the public is now better informed about their rights to their personal data, thanks to GDPR and the flurry of communications it caused.
So, the onus is on community managers to build trust in their networks. Fundamental to this is strong data privacy. Read on to learn how to achieve this.
Have community guidelines
Creating and enforcing community guidelines is one of the best ways to keep your network safe and secure. This should (ideally) be done when setting up your community for the first time. But if you missed this step, then it’s never too late to establish some ground rules.
Make sure you communicate these far and wide within your network. When members are first on-boarded, for instance, or pinned to the top of community pages. The guidelines will set out what is and isn’t acceptable behaviour. It’ll also cover the purpose of the community, terms of service, penalties for breaking the rules, posting privileges and account deletion.
Allow people to manage their privacy
Your members will feel more secure if they can control their privacy and access to data. Like opting out of daily emails or only showing their email to logged-in members. Encourage members to update their privacy settings regularly - on joining and then ideally every few months. Making the process as seamless as possible will increase the likelihood of members updating their details. So, create a privacy hub that can be easily accessed by members. On their mobiles, for example.
You can also include information about your community’s data use and compliance in the hub. Transparency is essential to comply with GDPR and it’s also best practice to help build trust. Make sure you include all uses of personal data and the benefits of this for members. Getting consent for personal data use is a legal requirement and this can be managed via the privacy hub.
Be clear about your members’ rights in your community. If you have a cancellation policy, make this obvious on sign-up. Tell them what your community offers and what it asks for in return. This information should be easy to find and shouldn’t catch someone by surprise. There’s no quicker way to lose trust.
Fix problems immediately
If a data breach or downtime occurs, be upfront with your members about what’s happening and how you’re fixing it. Have a crisis comms plan that outlines your immediate response, spokespeople, the chain of command and who should be notified. You can salvage a situation if you’re honest, respond quickly and apologise.
When social media company Buffer was hacked, it won praise for its rapid and transparent response. It leveraged its network to quickly communicate with its customers, on channels that they spend most of their time on (social media and the Buffer platform). Regular updates were given, as well as an apology from Buffer’s CEO and tips to secure their account. This turned a potentially business-ending crisis into a reputational boost.
Prioritise your cybersecurity
Strong cybersecurity is non-negotiable. Designing your community to be privacy-first is highly recommended. As a start, your security should detail who has access to data, the processes for requesting access, physical security, regular penetration testing, personal data encryption and data auditing.
Always test your community site regularly to uncover vulnerabilities. This will lessen the risk of your network being hacked. If you find an issue, resolve it immediately.
Educate your people
People can be the weakest link in your security. Ensure your team understand their role in securing your community. Especially team members outside of your cybersecurity or IT team, who may believe that they don’t need to secure the site. You’d do well to educate your members too - in basic fundamentals like choosing a strong password and never writing it down. For your team, regular refreshers are advised to keep them updated on the latest security threats.
Another common security threat occurs when members share too many personal details in the community. Although a certain level of detail can bond members together and build trust, if they overshare they’re putting themselves at risk. Many members use pet names, phone numbers and birthdates to create passwords and security questions. If those details are later exposed on forums, they can be exploited to hack accounts elsewhere.
Remove inactive accounts
Inactive user accounts are a security risk as they can be used to access your community. Hackers can take their time when hacking it as nobody will notice until it’s too late. To avoid this, have a process to delete inactive accounts after a certain period. Warn members before their accounts are deleted, to give them a chance to return to your community or manually delete their profile.
Always have a back-up
Keep a back-up of your community’s data that’s in a different location to your main servers and storage. If the worst does happen (your community is completely compromised and irreparable) then your back-up will save the day. Plus, it gives you an opportunity to audit your data and ensure nothing nefarious is happening behind-the-scenes.
Prioritise your privacy
It today’s environment, your members won’t be quick to forgive privacy failures. Although you cannot secure your site 100%, there are steps that you can do to make it a lot harder to breach and less attractive to hackers. Take your community privacy seriously. If your members lose confidence in your site security they’ll leave. Then all your hard work in building your community will be wasted.