Preventing Cyber Attacks, Part 3: Your HOA’s 4-Step Digital Defense Plan
Homeowners associations are taking advantage of this pervasive technology in droves, using property management software to expedite resident transactions, sign documents with electronic signatures, and perform tasks more efficiently. Digital technology can also help improve resident communication and security systems (via cardkey data and security cameras that are able to upload footage to a server instead of physical videotapes).
As is the case with most things, there can be challenges associated with all of these improvements. Digital technology has some pretty significant vulnerabilities that are prone to cyber attacks from sophisticated hackers. In fact, according to the Insurance Information Institute, California held the highest percent of total cybercrime victims in 2015, coming in at 14.53% out of all 50 states. These cybercrimes are popping up in the news frequently; in September 2017, credit bureau Equifax announced that a breach by hackers in July potentially compromised the personal information (e.g., Social Security numbers, birth dates and addresses) of 143 million Americans.
You might think that this doesn’t apply to you as an HOA board member. But the truth is, small businesses and organizations (like HOAs) are at an increasingly high risk for cyber attacks. In fact, global security firm Symantec reported that approximately 43% of all spear-phishing attacks in 2015 were against small businesses with 1 to 250 employees (that’s in contrast to 35% directed toward large businesses and 22% to medium-size businesses). Spear fishing is a particularly hostile threat to homeowner associations, as it involves sending fraudulent emails to organizations in order to obtain personal and confidential information. Small organizations are far from immune to cyber attacks.
Your Management Company’s RoleA strong digital defense strategy begins with hiring an experienced HOA management company. Many associations work with a community management company to manage day-to-day operations, including maintenance, resident communication and policy enforcement. In addition, the best community management companies will provide you with a team of dedicated IT professionals to help manage your community’s IT needs. The company that you trust with your confidential data will also be responsible for maintaining your systems where the data lives. There are several key attributes you should look for when hiring an HOA management company with dedicated IT support:
- Strong understanding of your association’s IT needs
- Fast responsiveness to IT issues
- Dedicated service to your association
- Planning within your association’s budget
- Limited or no downtime during offsite hardware repairs
- No third-party access to your association’s confidential information
To see a list of questions you should be asking your community management company about how they handle cyber security, read page 12 of our downloadable White Paper, Who’s Minding Your Association’s Technology?
Your HOA’s RoleTony Joseph, regional vice president of information technology at FirstService Residential, said that in addition to hiring a community management company that provides dedicated IT support, association members can take some steps to protect themselves from cyber threats. To get started, we’ve outlined a 4-step digital defense plan:
Create a cyber security HOA policy.
- Determine roles and responsibilities. Decide which individuals will handle the data and who will ultimately manage cyber security.
- Cover potential risks (e.g., security breaches, leaking of personal information, and criminal hacking) and outline a plan of action if those problems should occur.
- Establish rules for using association devices. For example, if your association allows members or residents to use its mobile devices or computers, ensure that unauthorized people will not be able to access sensitive or confidential information.
- Have a data breach plan in place. Joseph said “We prepare for potential physical attacks by taking self-defense classes–we should have the same mindset for cyber threats. Preparation is key. ” There are many resources available to help individuals and businesses prepare for data loss or theft in the event of a breach. The Online Trust Alliance offers an online guide about data breach preparation and the Federal Trade Commission has online resources that explain the process of securing association data and protecting customer data.
Review cyber security guidelines.
Educate residents about cyber safety.
Use secure association software.
Cyber security is crucial for associations and the residents they serve. Recent statistics show that hackers and scammers regularly target small businesses and associations like HOAs. Since all communities are threatened by cyber attacks, it’s important to understand the risks and establish a plan to help combat these threats. To learn more about cyber security, read Part One of this series on the role that community residents play and Part Two on how your board can protect HOA data.
A trustworthy community management company can help you with your IT needs. To find out how, contact FirstService Residential, California’s leader in community association management.