Protecting Your HOA From Cyber Attacks, Part 3: Your 4 Steps to Cyber Security

Friday October 27, 2017
Digital technology has taken over our lives, making everyday tasks easy and convenient. You can use your mobile phone or device to pay rent, order pizza, book a dentist appointment or store photos and documents in “the cloud” without blinking an eye.

Arizona community associations are also benefiting from the latest digital technologies. Boards use property management software to make their daily responsibilities more efficient. These programs allow them to expedite resident transactions, sign documents electronically, and perform other important tasks quickly and conveniently. Associations also rely on digital technology for their communication and security needs (e.g., cardkey data and security cameras that capture footage and save it to a server). 

Of course, these technology breakthroughs can come with their own set of challenges. Turn on the local news, and you won’t have to wait long to hear about a new data breach by sophisticated hackers. In fact, in September 2017, credit bureau Equifax announced that a breach by hackers left the personal information (including Social Security numbers and addresses) of 143 million Americans at risk. In light of the risk stemming from similar cyber attacks, Maricopa County even established a Cyber Security Portal to help mitigate these threats. The state of Arizona has prioritized cyber security across many of its local agencies.

As an HOA board member, you might be thinking that this issue only applies to large corporations like Equifax. However, small organizations like HOAs are at a very high risk for cyber attacks. In a 2016 report, global security firm Symantec reported that the largest percentage of all spear-phishing attacks in 2015 (approximately 43%) were directed toward small businesses with 1 to 250 employees. Homeowner associations are particularly threatened by spear fishing, a method that involves sending fraudulent emails to organizations for the purpose of obtaining personal and confidential information. Small businesses like HOAs are not safe from cyber attacks.

The Role of Your Management Company

We’ve established the fact that HOAs are increasingly threatened by cyber attacks. But how do you protect your association from data breaches and digital threats? To start, you should hire an experienced community management company. A good HOA management company will manage daily operations, such as maintenance, policy enforcement and communication with residents. But a great community management company will provide you with a dedicated IT team to manage all of the IT needs in your community. The company that is entrusted with your private data will also maintain your systems where the data lives. So what should you look for when hiring a management company with dedicated IT support?
  • Solid understanding of your HOA’s IT needs
  • Quick responsiveness to IT issues
  • Dedicated IT service to your association
  • Budget-sensitive IT planning
  • Limited downtime during hardware repairs that occur offsite
  • Zero third-party access to your HOA’s confidential information
The best community management companies provide your HOA with dedicated IT hardware and support, taking the burden off of your association. In today’s world, cyber security has never been more important. So it’s important to place your IT needs in the hands of a company you can trust.

For a list of questions you should ask your community management company about how they manage your association’s cyber security, read page 12 of our downloadable White Paper, Who’s Minding Your Association’s Technology?

The Role of Your HOA

In addition to hiring a community management company that offers dedicated IT support, Tony Joseph, regional vice president of information technology at FirstService Residential, recommends that HOAs take specific action to protect themselves from cyber threats. To start, here are four steps that association members can take:
  1. Establish a cyber security policy for your HOA.
As we’ve mentioned, small organizations like HOAs are increasingly vulnerable to cyber threats. That’s why it’s so important for your association to have a cyber security policy in place. You can begin drafting your policy by reviewing governing documents and local laws. These documents will provide a good foundation for your new policy. The next step will involve fleshing out the details:
  • Outline roles and responsibilities. Designate individuals who will handle the data and who will ultimately manage cyber security.
  • Include potential risks. Determine the risks that your association is susceptible to, including security breaches, personal information leaks and criminal hacking. Then, outline a plan of action should those risks occur.
  • Determine rules for using HOA devices. Many associations allow members or residents to use mobile devices or computers. In these cases, it’s important to establish rules for the use of these devices, so that unauthorized people will not be able to access private information.
  • Provide a data breach plan. Joseph said, “We prepare for potential physical attacks by taking self-defense classes–we should have the same mindset for cyber threats. Preparation is key. ” Many federal and local government agencies offer resources to help businesses prepare for a potential data breach. For example, the Online Trust Alliance provides an online guide about data breach preparation. The Federal Trade Commission also offers several online resources that explain the process of securing association data and protecting customer data.
  1. Review guidelines for cyber security.
Your HOA’s cyber security plan should include cyber security guidelines for board members. These principles can help HOAs better understand new policies and learn how to respond to potential data breaches and cyber attacks. These guidelines also play a key role in establishing unity with board members in regards to cyber security policies and procedures.
  1. Inform residents about cyber security.
Your board should prioritize resident education as a means to prevent cyber attacks from both an individual and community standpoint. You can inform residents about cyber security by including announcements in your community’s newsletter, sending direct mail to residents (emails or print mail), posting tips on the community website or posting bulletins in a central location in the community.
  1. Employ secure association software.
Property management companies will often provide community association software that residents and board members can use for community-related tasks. But how secure is that software? Joseph said, “Make sure that your association software is secure, with features that defend against malware and protect sensitive and confidential information.” He continued, “The best community association management companies will only offer proprietary association software, meaning the management company will not be sharing your private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.”

Knowing about cyber security isn’t enough these days; associations need to take action to make sure their communities are protected from threats. Sophisticated hackers and scammers are targeting small businesses and organizations like HOAs on a regular basis. Given the latest statistics, it’s important to understand the risks and establish a plan to help combat these threats. To learn more, read our other posts in this series on cyber security. Part 1 explains the role of residents, and Part 2 is all about the role of your board.

An experienced community management company can help you with your IT needs. To see how, contact FirstService Residential, Arizona’s leader in community association management.
 
Friday October 27, 2017