Threat Modeling for Communities
Simple questions that help groups think about what they're protecting
Threat modeling for communities isn't about imagining worst-case scenarios. It's about asking honest questions so you can make thoughtful choices.
What Is Threat Modeling?
At its simplest, threat modeling is asking: What are we trying to protect, and from what?
For individuals, this might mean thinking about passwords and personal data. For communities — schools, families, nonprofits, faith organizations, neighborhood groups — it means thinking about the people and relationships that could be affected by how we use digital tools.
This isn't technical work. It's reflective work. It doesn't require special expertise. It requires honesty and a willingness to think about uncomfortable questions calmly.
The Five Questions
Any community can work through these questions together. They don't need to be answered perfectly — the value is in the conversation.
1. What are we protecting?
Start concrete. Not "our privacy" in the abstract, but specific things:
- Student records and family information
- Internal planning conversations
- Member contact lists
- Financial information
- Personal stories shared in confidence
Example: A school PTA might identify three things: the student directory, parent volunteer contact information, and the group chat where families sometimes discuss individual children's needs.
2. Who might want access to this?
This isn't about identifying enemies. It's about being realistic about who might encounter your information, intentionally or accidentally:
- Data brokers who scrape public information
- Former members who still have access to shared spaces
- Platform companies that mine data for advertising
- People outside the community who find shared content through search
- Bad actors who target organizations like yours
Example: A nonprofit working with vulnerable families might recognize that their client communications could be sought through public records requests, subpoenas, or data breaches at the platforms they use.
3. What would happen if this information were exposed?
Not every piece of information carries the same risk. Thinking about consequences helps prioritize:
| Information | If Exposed |
|---|---|
| Meeting schedule | Minor inconvenience |
| Member contact list | Spam, unwanted contact |
| Student behavioral notes | Harm to student dignity, legal liability |
| Internal disagreements | Community trust damage |
| Immigration status of families | Serious safety risk |
The exercise of ranking these honestly is itself valuable. It helps groups understand that not everything requires the same level of protection.
4. What are we already doing?
Most communities already have some protections in place, even if they don't think of them that way:
- Password-protected accounts
- Private group settings on messaging apps
- Verbal agreements about confidentiality
- Limited sharing of certain documents
Acknowledging what already works prevents the feeling that everything needs to change. Often, the answer is "we're doing most things well — there are just two or three gaps."
5. What's one thing we could improve?
This is the most important question because it leads to action. Not ten things. One thing.
- Could we move sensitive conversations to an encrypted channel?
- Should we audit who still has access to shared drives?
- Would it help to set up disappearing messages for coordination chats?
- Do we need a simple agreement about what's okay to share outside this group?
One improvement, adopted consistently, is worth more than a comprehensive plan that nobody follows.
Applying This in Different Contexts
Schools and Educators
- What student data flows through unofficial channels (personal phones, group chats)?
- Who has access to shared drives with student information?
- Are communication tools chosen for convenience or for appropriateness?
- What happens to digital records when a staff member leaves?
Families
- What information about our children is publicly accessible?
- Who has access to our shared photo albums and family group chats?
- If someone lost their phone, what family information would be exposed?
- Are we comfortable with what schools, apps, and platforms know about our kids?
Nonprofits and Community Organizations
- What member information do we collect, and do we still need all of it?
- Who has administrative access to our digital tools, and is that list current?
- If a platform we use shut down tomorrow, what would we lose?
- Are our most sensitive conversations happening on appropriate channels?
What This Is Not
This isn't about achieving perfect security. It's not about imagining elaborate scenarios. It's not about fear.
It's a planning mindset — the same kind of thinking that goes into fire drills, first aid kits, and emergency contact lists. We don't practice fire drills because we expect a fire. We practice because being prepared is a form of care.
Threat modeling for communities is the digital equivalent: thinking ahead so that when something does go wrong, the harm is smaller and the response is clearer.
Foundational Concepts
- Privacy Security Encryption Defined — Understanding what tools can and can't protect
- Threat Modeling for Regular People — The individual version of this practice
- Privacy is Power Not Secrecy — Why this matters for everyone, not just "high-risk" groups
Related
- Security Culture as Digital Literacy — The parent grove
- Group Architecture & Trust — Structure as a form of protection
- Ephemeral Communication & Information Half-Life — Managing what persists
- Alert Fatigue & Information Hygiene — Staying clear-headed about real vs. imagined risks
- Digital Sovereignty — Owning infrastructure as risk reduction
- Digital Resilience — Building the capacity to respond well
You don't need to be a security expert to protect your community. You just need to be willing to ask honest questions and follow through on the answers.