How to Protect Your Condo Corporation From Cyberattacks

When it comes to cyberattacks, you may be under the assumption that your condo corporation is flying under the radar. But you’d be dead wrong. In fact, as a small business, your corporation may be at greater risk of being targeted than ever before.
 
In a 2018 study by the Canadian Internet Registry Authority (CIRA), 10% of Canadian small businesses reported that their websites had been brought down by a cyberattack in the prior 24 months. And according to the Ponemon Institute’s annual study of small- and medium-sized businesses, 61% of survey respondents had experienced a data breach in 2017 as compared to 55% in 2016.
 
Your condo corporation certainly can’t address the problem by avoiding digital technology, of course. “The ability to access information online, communicate and pay condominium fees makes it much easier for corporations and residents to handle many necessary tasks,” says Chris Cady, director of information security and enterprise architecture at FirstService Residential, “but these alarming statistics underscore the urgency of having a solid security strategy.”
 
In Alberta, condo corporations are legally required to take proper measures to secure personal data under the Personal Information Protection Act (PIPA). In addition, PIPA mandates that they designate a privacy officer to be responsible for ensuring that the condo corporation is compliant.

 

Your condo board’s role

Condo boards must be conscientious about protecting the personal information of residents. In addition, the board must make sure that the condo corporation’s sensitive data is protected. Following the 4 guidelines below is a good place to start.

1. Develop a cyber security policy for your condo. Make sure your policy addresses PIPA compliance. In addition, it should identify those people authorized to access confidential information and those who are responsible for your condo corporation’s cyber security. It should also describe possible risks, pre-emptive steps to take to recover quickly and an action plan to enact in the event of a breach. In addition, the policy should define restrictions regarding corporation-owned computers and devices, for example, types of websites or social media that are off limits and who is authorized to use the devices.

2. Provide security training for all board members. Board members need to implement security procedures consistently. Develop cyber security training and written guidelines for your board. Make it a requirement that both new and current board members go through the training each year.

3. Verify the security of your property management software. Property management software certainly makes it easier for board members and residents to take care of condo-related tasks. However, it can put your corporation at risk if its security is lax or isn’t updated regularly. Only use software you’re sure has robust security. That means it can detect and thwart malware, enable authorized users to log in safely from anywhere and on any device and protect sensitive information.

4. Educate condo residents about security risks and best practices. It only takes one infected device to put everyone’s data at risk. “Awareness is the most important way you can protect your condo corporation’s information,” Cady explains. “When residents understand the importance of online security, they can do their part to protect data.”

Regularly provide residents with information about the various types of cyberattacks and how best to protect their devices. You’ll reach more residents by using a range of communication channels, so be sure to post information in your condo’s newsletter, on your website and on bulletin boards, and to send out emails and postal mail. (See below for important steps you should share with residents.)

Condo residents’ role

Residents can protect their devices as well as their condo corporation’s data by following 5 best practices.

1. Combine strong passwords with other passcode protection. Cybercriminals have more difficulty guessing long, complex passwords, so incorporate a combination of lower and uppercase letters, special characters and numbers. Regularly change your password, and don’t use the same password on multiple sites. Whenever possible, add other protections like password locks and multifactor authentication.

2. Keep devices with you. Never leave your devices unattended in public places or in your vehicle. A thief can easily steal your device and access your private information. Even a device that’s left in a locked car can be stolen in just seconds. When traveling, never pack devices in checked luggage.

3. Get to know the various types of attacks. Knowing the most common ways that malware infects your system will help you recognize attempted breaches. Here are some of the usual culprits:

• Viruses – These are software programs that infect files on your device by replicating themselves. They are often picked up through downloads or by opening an email attachment.
• Phishing or smishing – A legitimate-looking email or SMS text message warns you that there is a problem with one of your transactional accounts. A link in the message takes you to a fake website where you are asked to enter personal information.
• Email scams – If you receive an email offer that looks like it’s too good to be true and requires up-front money, it’s probably a scam.
• Botnets – These software “robots” will send emails from your account – and possibly even from the email accounts of your contacts. The goal is to spread malware or attack a business or government website.

4. Be suspicious of unfamiliar emails and odd URLs. Emails that are meant to scam users or infect their files can be identified by certain key signs. Often, they have grammatical or spelling mistakes, make outrageous promises, have extensions indicating they are from a foreign sender or include attachments with “.bat,” “.exe” or “.pif” extensions. It’s likely that a URL is not legitimate if it takes you to a transactional website that doesn’t begin with “HTTPS” or if the hyperlinked text and the actual destination don’t match up.

5. Disconnect from the internet if you’ve clicked a link. You may realize too late that you shouldn’t have clicked on a link. If that happens, end your internet connection immediately. Before reconnecting, back up your files and scan your system to detect any malware. If you aren’t very tech savvy, have a trusted information technology (IT) professional perform the scan.

What a good condominium management company can do

Condominium corporations often hire a management company to take care of their day-to-day operations, including resident communication, policy enforcement and maintenance. What you may not realize, however, is that a good property management company will also know how to protect you against cyberattacks. Look for a company that has IT and cyber security expertise, as well as the resources to help your corporation manage your IT needs. A qualified company should:

• Know the most current security measures
• Have an in-depth understanding of your condo’s IT requirements
• Be able to respond quickly when addressing IT issues
• Avoid exposing your data to a third party
• Be able to limit or eliminate downtime when making offsite hardware repairs

Cyber threats aren’t going away, so your condo corporation must be able to protect against data breaches. To do that, residents and board members must be committed to staying vigilant and doing their part so your corporation’s data stays safe. A condo management company that has the experience and resources to handle your IT needs can also be a tremendous asset when it comes to mitigating your exposure to cyberattacks.
 
Learn how to determine if a management company has the IT capabilities your community needs.  Get our FREE white paper, Who’s Minding Your Association’s Technology? by filling out the form today!