Our customers roll out surveys aimed at many different audiences, ranging from their own employees to members of the public, external stakeholders, clients and many others. Therefore, each of our customers have slightly different needs and rules when it comes to allowing their surveys to be searchable on the internet. That’s why we added a Hide from search engines feature, enabling users to manage the visibility of their surveys in online search results.
Why would you want your survey to be found by search engines?
Some of our customers want their surveys to be found online. This is quite common with consultations, for example for government departments, or organisations engaging with external stakeholders. They may not have the contact details for everyone who may have an interest or concern around a particular topic, and therefore, cannot send a link directly to them. In this case, allowing the survey or consultation to be picked up by search engines means interested parties are able to find and respond to it. This function also allows those with keyword alerts set to be notified, gaining more exposure to the survey and increasing the number of interested parties who are able to respond.
It’s possible you might want your survey to be found by search engines if you have:
- Broad audience, potentially inside and outside of the organisation.
- No strict criteria about who responds – open to any potential stakeholders/interested parties.
- No clear communication channel to reach your potential respondents.
- Public or social interest to make the survey as accessible as possible.
Why would you want to hide your survey from search engines?
Some of our customers don’t want their surveys to be found online. This is usually the case with employee surveys, for example as they might put sensitive information into the public domain, long after the survey is closed. Imagine you have a question relating to cultural change or challenges, or you are explicitly asking for employee inputs to a new ‘2030 plan’. Whilst media outlets would only be speculating, no organisation wants a news headline prematurely exposing the creation of a new future plan before they’re ready to announce it.
However, in some cases, you may want an employee survey to be searchable, as you may have other checks built in, to prevent unauthorised access. For example, if you have a very remote workforce who don’t use their employee emails, you may want the survey to be searchable online. In this case, you might ask for an employee ID, email address or a password to verify the response.
It’s possible you might want your survey to be hidden from search engines if:
- There is a limited audience, for example your workforce
- It’s important for accuracy of data that only this audience responds
- There is a clear communication channel between you and potential respondents, for example, you can email them a link and/or post QR codes in communal areas
- Commercially sensitive information is contained within the survey
- There is an organisational requirement for IP protection
Additional considerations around AI
It is also worth taking into account that with the explosion of AI services, you now potentially have many more eyes on your surveys. That isn’t necessarily bad, but it does mean some additional considerations. If your content is visible to search engines, it is also visible to AI crawl bots, and may become part of the input when suggesting survey questions to AI users, collecting information about your organisation or creating prompt responses.
All of these considerations sit on top of previous concerns, such as the ‘guessability’ of survey links. Even if your survey isn’t picked up by a search engine or linked to from a trusted source, so long as someone knows (or figures out) the survey link, they may be able to access it. This is a particularly common concern where multiple companies are linked from the same domain (e.g. surveycompany.com/ran-dom-letters-and-numbers), as the chances of a correct guess are much higher. Both humans and software programs can use trial and error to try out multiple survey links, and therefore, anything that can be done to prevent unwanted access is positive.
Other ways to reduce unwanted visitors
It is possible for someone to submit a webpage to Google with the instruction that it should be ignored. However, this can be a lengthy process and does require some technical knowledge. If you’re a team who frequently publish surveys, you may find that your IT team is unwilling or unable to help you have each one of those survey links blocked, meaning you risk all but your most important surveys being accessible, or worse, being told that your survey can’t be released because it doesn’t meet internal requirements.
Alternatively, there are some manual methods, like using email rollout or password protection, which make it more difficult for unintended visitors to access your survey. However, neither of these methods are foolproof, and where security is incredibly important, being able to use multiple methods in combination can be a critical step in preventing unwanted access.
The Hide from search engines feature, along with others such as password protection, are not common to all survey platforms, and therefore it is helpful to bear these security considerations in mind during the selection and procurement process. When used in combination, it is possible to completely block unwanted visitors using these features.
How does this enhance security overall?
As the Hide from search engines function is a simple toggle, you are able to show/hide your survey from search engines as feels appropriate to you. However, this option sits alongside a number of other security features already embedded in the SurveyOptic platform, such as two factor authentication:
- Limits are applied to the number and frequency of bots accessing your survey. This reduces the load on the system and avoids resource wastage on automated visits.
- The service can be scaled to meet your visitor needs, preventing DoS attacks rendering your survey unavailable.
- By limiting how freely bots can access your survey on SurveyOptic, this automatically provides some protection from AI mining.
- Survey links are customisable. You could therefore choose to make it easy for your intended audience to find your survey, and also turn off search engine visibility. Alternatively, you may not want to use the automated survey link but nonetheless make the it particularly complex and less guessable to increase security. This works well when you’re able to provide a direct link to respondents to click and access the survey.
- We automatically hide certain pages from search engines as these are not appropriate for public access. For example, any test or draft surveys would automatically be hidden. Additionally, we will automatically hide survey pages beyond page 1 (or the welcome page). This also means that adding a welcome page to your survey, before the questions set, can provide some protection from bots.
- As you would expect, any pages that are only visible to logged in users, such as responses, reports and dashboards are always blocked to non-authorised users. This includes the login page to customer systems.
- Survey responses are obviously stored securely away from any public access. The only way to access survey responses is whilst logged in.
- Password protection is optionally available to limit access to the survey questions.
These features exist in addition to manual methods, such as email verification, that can be used to manage security for your survey.
The Hide from search engines feature relies on the search engine providers respecting the settings on the webpage. We include an instruction which essentially tells bots that they’re not welcome on your survey webpage. This is something that Google, Bing, ChatGPT, and almost all other bots and crawlers will respect. However, there will always be hackers or malicious people who choose to ignore these messages, so it should be viewed as a request, rather than something that can be fully enforced. If you are security conscious and want to do everything you can to minimise the visibility of your survey beyond its intended audience, reach out to the SurveyOptic team who can talk you through how to set up private links or password protect your survey.
You might also be interested in our blog post Two-Factor Authentication: Explained
Photo by Alex Knight on Unsplash