Community Management
tag: [Community & Marketing]
Historically, there has been quite a few compromised communities where the threat actor then transformed it into a phishing platform with users ending up losing funds as a consequence. In order to protect your users, as well as your own brand, you should ensure that you secure your communities. Each community platform has its own set of best practices, and below you can find some general approaches to securing your community
-
Strong Passwords and Two-Factor Authentication (2FA):
- Use unique, complex passwords for each service, managed through a password vault.
- Enable 2FA. Avoid SMS-based 2FA due to its vulnerability to SIM-swapping attacks. Use hardware-based tokens like Yubikey or a mobile application. Do not use your password manager to generate 2FA codes; separate passwords and 2FA codes.
- For 2FA apps like Authy, encrypt your passcodes with a password to prevent unauthorized access through SIM-swapping.
- Secure the email account associated with your community accounts with unique passwords and 2FA (preferably hardware-based).
- Encourage community members to adopt these security practices.
-
Phishing Awareness:
- Inform community members about scams and how to recognize them.
- Remind them that your team will never initiate a chat first, as that is a common tactic utilized by threat actors.
-
Operational Security:
- Be aware of the risk of your computer or phone being compromised, which could lead to your community services being compromised. Take steps to minimize this risk.
-
Emergency Response Plan:
- Prepare an emergency response plan for security breaches or unexpected incidents. Having a compromised community account could lead to severe consequences as many users could end up falling for scams.
- Be prepared. Consider the saying: “It’s not a question of if you’ll have a breach, but when”. Planning ahead help mitigate chaos.