Without a doubt, digital technology has made our everyday tasks easier and more convenient than ever. Mobile phones and tablets allow you to pay monthly bills, upload family photos and store important documents in “the cloud” with just a few taps and swipes.

Homeowners associations are taking advantage of this pervasive technology in droves, using property management software to expedite resident transactions, sign documents with electronic signatures, and perform tasks more efficiently. Digital technology can also help improve resident communication and security systems (via cardkey data and security cameras that are able to upload footage to a server instead of physical videotapes).

As is the case with most things, there can be challenges associated with all of these improvements. Digital technology has some pretty significant vulnerabilities that are prone to cyber attacks from sophisticated hackers. In fact, according to the Insurance Information Institute, California held the highest percent of total cybercrime victims in 2015, coming in at 14.53% out of all 50 states. These cybercrimes are popping up in the news frequently; in September 2017, credit bureau Equifax announced that a breach by hackers in July potentially compromised the personal information (e.g., Social Security numbers, birth dates and addresses) of 143 million Americans.

You might think that this doesn’t apply to you as an HOA board member. But the truth is, small businesses and organizations (like HOAs) are at an increasingly high risk for cyber attacks. In fact, global security firm Symantec reported that approximately 43% of all spear-phishing attacks in 2015 were against small businesses with 1 to 250 employees (that’s in contrast to 35% directed toward large businesses and 22% to medium-size businesses). Spear fishing is a particularly hostile threat to homeowner associations, as it involves sending fraudulent emails to organizations in order to obtain personal and confidential information. Small organizations are far from immune to cyber attacks.

Your Management Company’s Role

A strong digital defense strategy begins with hiring an experienced HOA management company.  Many associations work with a community management company to manage day-to-day operations, including maintenance, resident communication and policy enforcement. In addition, the best community management companies will provide you with a team of dedicated IT professionals to help manage your community’s IT needs. The company that you trust with your confidential data will also be responsible for maintaining your systems where the data lives. There are several key attributes you should look for when hiring an HOA management company with dedicated IT support:
  • Strong understanding of your association’s IT needs
  • Fast responsiveness to IT issues
  • Dedicated service to your association
  • Planning within your association’s budget
  • Limited or no downtime during offsite hardware repairs
  • No third-party access to your association’s confidential information
At the end of the day, a great community management company will provide you with the dedicated IT hardware and support you need so that you can rest easy. Cyber security should not be taken lightly in this day and age, so it’s important to put your IT needs in the hands of a company you can trust.

To see a list of questions you should be asking your community management company about how they handle cyber security, read page 12 of our downloadable White Paper, Who’s Minding Your Association’s Technology?

Your HOA’s Role

Tony Joseph, regional vice president of information technology at FirstService Residential, said that in addition to hiring a community management company that provides dedicated IT support, association members can take some steps to protect themselves from cyber threats. To get started, we’ve outlined a 4-step digital defense plan:

Create a cyber security HOA policy.

Since small organizations are particularly vulnerable to cyber threats, a cyber safety policy is a necessity for HOAs. To create your policy, start by reviewing governing documents and local laws. This will give you the groundwork for adding a new cyber safety policy. Next, flesh out the details in your policy:
  • Determine roles and responsibilities. Decide which individuals will handle the data and who will ultimately manage cyber security.
  • Cover potential risks (e.g., security breaches, leaking of personal information, and criminal hacking) and outline a plan of action if those problems should occur.
  • Establish rules for using association devices. For example, if your association allows members or residents to use its mobile devices or computers, ensure that unauthorized people will not be able to access sensitive or confidential information.
  • Have a data breach plan in place. Joseph said “We prepare for potential physical attacks by taking self-defense classes–we should have the same mindset for cyber threats. Preparation is key. ” There are many resources available to help individuals and businesses prepare for data loss or theft in the event of a breach. The Online Trust Alliance offers an online guide about data breach preparation and the Federal Trade Commission has online resources that explain the process of securing association data and protecting customer data.

Review cyber security guidelines.

Your “digital defense plan” should always include cyber security guidelines for board members. These guiding principles can help community associations better understand new policies and learn how to respond to potential cyber attacks and breaches. They are instrumental in bringing everyone on the same page regarding cyber security policies and procedures.

Educate residents about cyber safety.

Knowledge is power when it comes to cyber safety, and educating residents about cyber security should be a priority for your board. You can do this by including announcements in your community’s newsletter, sending emails or letters directly to residents, posting tips on the community website or posting bulletins in a central location in the community.

Use secure association software.

A good community management company will provide specific community association software that board members and residents can use on a regular basis. But how secure is that software? Joseph said, “Make sure that your association software is secure, with features that defend against malware and protect sensitive and confidential information.” He added, “The best community association management companies will only offer proprietary association software, meaning the management company will not be sharing your private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.”

Cyber security is crucial for associations and the residents they serve. Recent statistics show that hackers and scammers regularly target small businesses and associations like HOAs. Since all communities are threatened by cyber attacks, it’s important to understand the risks and establish a plan to help combat these threats. To learn more about cyber security, read Part One of this series on the role that community residents play and Part Two on how your board can protect HOA data.

A trustworthy community management company can help you with your IT needs. To find out how, contact FirstService Residential, California’s leader in community association management.
Friday October 27, 2017