Cyber Security and Your HOA, Part Three: Your 4-Step Action Plan

Friday October 27, 2017
Technology has come a long way over the past decade. Mobile devices now let you pay credit card bills, order takeout, make doctor’s appointments and store personal information in “the cloud” with the touch of a button or a tap on your phone.

Nevada homeowners associations are utilizing the latest digital technologies in a big way. Property management software allows boards to expedite transactions for residents, digitally sign documents and perform everyday tasks quickly and efficiently. Digital technology is also used to improve resident communication and security systems (e.g., cardkey data and security cameras that can upload footage to a server, rather than physical videotapes).

While these advances in technology have made everyday tasks a lot easier, there are also some challenges associated with these innovations. Digital technology has some significant vulnerabilities that leave it open to sophisticated cyber attacks. In fact, watch the local news tonight and you’ll likely see another instance of a major data breach from an experienced hacker. In September 2017, credit bureau Equifax announced that a breach by hackers in July potentially compromised the private Social Security numbers, birth dates and addresses of more than 140 million Americans. Of that number, Nevada Attorney General, Adam Paul Laxalt, reported that an estimated 1.2 million Nevada residents were affected by the breach.

HOA members may think this kind of news doesn’t apply to their organization since they do not reach the same number of people. But the latest stats tell a different story. Small businesses and organizations (like HOAs) are increasingly at risk for cyber attacks, like spear fishing. Spear fishing, a particularly hostile threat to associations, involves sending fraudulent emails in order to obtain private information from organizations. In a 2016 report on cyber attacks, global security firm Symantec reported that 43% of all spear-phishing attacks in 2015 were against small businesses with 1 to 250 employees (compared to 35% directed toward large businesses). Make no mistake, small organizations like HOAs are just as easily targeted as big corporations.

Your Management Company’s Role in Cyber Security

A strong cyber security strategy begins with an experienced property management company. Many associations work with an HOA management company to manage the day-to-day operations, like maintenance, resident communication and policy enforcement. In addition, the best management companies will equip you with a dedicated IT team to help manage the IT needs in your community. Working with an IT team that is part of your management company allows you to benefit from solutions designed specifically for associations. When hiring an HOA management company with dedicated IT support, make sure that they:
  • Understand your association’s IT needs
  • Are quick to respond to IT issues
  • Provide dedicated service to your association
  • Make budget-conscious planning decisions
  • Have limited downtime for offsite hardware repairs
  • Do not allow third-party access to your association’s confidential information
The best management companies will provide you with dedicated IT hardware and support so that you, your HOA and the residents you serve can rest easy. It’s more important than ever to take cyber security seriously. That means putting your IT needs in the hands of a company you can trust.

Turn to page 12 of our downloadable White Paper, Who’s Minding Your Association’s Technology? (linked below) to see a list of questions you should ask your HOA management company about how they manage IT.

Your HOA’s Role in Cyber Security

Tony Joseph, regional vice president of information technology at FirstService Residential, said that along with hiring a community management company that provides dedicated IT support, HOA members can (and should) take some additional steps to defend against cyber threats. To get started, we’ve outlined 4 steps you can take:
  1. Create a cyber security policy for your HOA.
Since we’ve established that small organizations are increasingly threatened by cyber attacks, HOAs need to have a cyber safety policy in place. To begin, review governing documents and local laws. These official documents will set up a foundation for adding a new cyber security policy. Next, flesh out the details:
  • Roles and responsibilities. Determine which individuals will handle the data and which individuals will ultimately manage cyber security.
  • Potential risks. Outline a plan of action if security breaches or criminal hacking occur.
  • Rules for using association devices. Set up a list of rules for using association mobile devices or computers to ensure that unauthorized people will not be able to access confidential information.
  • Data breach plan. Joseph said, “We prepare for potential physical attacks by taking self-defense classes–we should have the same mindset for cyber threats. Preparation is key.” To prepare for a potential data breach, you can access a variety of resources from trusted authorities like the Federal Trade Commission (FTC). The Online Trust Alliance has an online guide about data breach preparation and the FTC offers resources that explain the process of securing association data and protecting customer data.
  1. Review cyber security guidelines.
To implement a good cyber security plan, you should provide board members with a set of guidelines. These cyber security principles can help community associations better understand new policies and see how to respond to potential cyber attacks and data breaches. They are key to bringing everyone on the same page regarding cyber security policies and procedures.
  1. Teach residents about cyber security.
When it comes to cyber security, half the battle is knowing what you can do to protect yourself. That’s why educating residents about cyber security should be a priority for your HOA. You can include announcements in your community’s newsletter, send emails or letters directly to residents, post tips on the community website or post bulletins in a central location in the community.
  1. Use secure HOA software.
Community management companies provide HOAs with association software that board members and residents can use for everyday tasks. But how secure is that software? Joseph said, “Make sure that your association software is secure, with features that defend against malware and protect sensitive and confidential information.” He said, “The best community association management companies will only offer proprietary association software, meaning the management company will not be sharing your private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.”

If you haven’t given cyber security a second thought until now, it may be time for a change. The latest statistics show that small businesses and organizations like HOAs are increasingly being targeted by hackers. Therefore, it’s important to understand the risks and establish a cyber security plan to help combat cyber attacks. Want to learn more? Part One of this series explains how residents can help prevent attacks, and Part Two describes the board’s role in data safety.

An experienced HOA management company can help with your IT needs. To find out how, contact FirstService Residential, Nevada’s leader in community association management.
 
Friday October 27, 2017