Protecting Network and Member Information
Account Security Basics
As a Network Creator, it’s extremely important that you protect your Ning account, and ask any Administrators you’ve appointed to do the same. This is not only crucial for the integrity of your social network and protection of your personal information, but that of your members as well. Because you have access to all of your members’ information through your Network Creator account, their information would be compromised as a result of your account being compromised. To protect your account:
- Create strong passwords, keep them secure and update them regularly. You can read more about what this means below.
- Be conscious of where you’re entering your password and why. Make sure it’s legitimate.
- Password protect your computer. If you share your computer with others, don’t save passwords in your browser.
- Sign out after each visit.
- Ensure that your operating system and browsers are up to date with the latest security patches.
To protect your social network generally, only promote those who are trustworthy and responsible to Network Administrator status. Admins have very similar privileges to the Network Creator and it’s important that those with this power are people you know well. If your account or social network has been compromised, please contact us ASAP with as much information as possible, including details about exactly what happened and when.
Strong Passwords
Never underestimate the importance of a strong password. A strong password should be:
- Lengthy and include numerals and symbols.
- Free of common words, personal information, your user name and adjacent keys on the keyboard (e.g. qwerty).
- Easy for you to remember, but difficult for others to guess.
Additionally, in order to keep your password secure:
- Never share your password with anyone, even if it’s someone you really trust, like your best friend, spouse, or business partner. Also know that we will never ask for your password in any circumstance.
- Change your passwords regularly.
- Use a different password for each of your accounts. If you use the same password for your various online accounts, all of them (and your social network) are at risk if just one is compromised.
- Ensure your email account is especially secure. If your email address is compromised, whoever has access may be able to reset your password with your various accounts associated with the email address.
- Be aware of where you’re entering your password and why.
- Sign out after each visit.
- Password protect your computer. If you share your computer with others, don’t save passwords in your browser.
- Don’t click on unknown links. To be on the safe side, type in URLs yourself.
Being Mindful of Phishing
To gain unauthorized access to your social network and members’ accounts, phishers may create a webpage that looks like a version of another page, such as your social network’s sign in page. When someone enters their email address and password on a phishing page, this information is sent to the phisher, who can then access their account(s) and/or sell this information to others.
Being aware of and educating your members about phishing is important in order to keep your members’ accounts from being compromised and to keep your social network safe from unauthorized access or malicious activity. Make sure your members are mindful of the URL they’re accessing to sign in to your social network. For instance, if your social network is http://examplenetwork.ning.com, members should always see this in the URL when signing in:
If you have domain mapping, the sign in URL should match your domain mapped URL. You can encourage your members to bookmark your social network so they consistently access the correct URL without question.
Additionally, you and your members should never click suspicious looking links in emails or web pages as these can link to illegitimate sites made to trick someone into entering their sign in credentials. For more information and best practices for avoiding this, take a look at OnGuard Online’s Quick Facts about phishing and the Anti-Phishing Working Group’s Consumer Advice.
Create and Post Your Own Privacy Policy
Being open and upfront about your privacy practices is not only best practice (and in some cases, required by applicable law), but may help with member sign ups. Privacy conscious individuals might be hesitant to join websites that don’t have a Privacy Policy publicly posted, so you may be interested in posting a Privacy Policy to explicitly inform visitors and/or members what information you may be collecting from them, why you are collecting this information and how you will treat this information. While we’re not in a position to offer legal advice, here are some topics that you may want to cover in your custom Privacy Policy:
- What personal information you’re collecting. For example, if you choose to collect IP address information using third party products, you must inform your visitors and members of this.
- Why you’re collecting this information. This is especially important if you’re asking for or collecting anything particularly sensitive.
- How this information will be handled. This includes how it will be used and whether or not it will be disclosed. If you plan on disclosing this information to any third parties, you should make this clear.
- How your members can view, update or remove the information they’ve provided to you. Most of this can probably be done through their account on your network, which you can point out.
- How visitors and members may contact you with questions or issues. You may want to create and post a specific email address to field these questions or issues, such as privacy@yourdomain.com.
Please note that any custom privacy policy must not conflict with or supersede our own Ning Privacy Policy.
Security Resources
Please feel free to take advantage of the following informational resources out there about staying safe and secure online. We recommend sharing these with your members as well!