Ways Board Members Can Keep an Association Safer from Cyber Threats
As a board member, you may be thinking, “We’re all volunteers. What do we know about cyber and internet security?” If no one in your community is knowledgeable in this area, hiring a cyber security professional would be a valuable investment. This professional can review your existing protection, recommend ways to improve it and perform any upgrades you can’t do yourself. A good property management company can help, either by providing an in-house expert or by referring you to a reputable cyber security specialist.
Meanwhile, your board can implement the steps below to begin putting your association on a more secure path.
1. Craft a solid cyber-security policy.
Your community association is essentially a small business, and just like any business, it should have an established policy for handling online security. Of course, your governing documents and local laws will dictate how to add a new policy. Such a policy should include
- Roles. Who should have access to what information? Who should have administrative privileges? Who will have responsibility for managing cyber security?
- Potential risks and a plan of action. What are some of the possible security breaches that might occur, and what can you do to mitigate those risks? How should board members address mishandling or accidental leaking of personal information? Who should you contact if you suspect criminal hacking of your data?
- Rules about using association devices. If your association owns computers or mobile devices for board members or residents to use, do they contain sensitive information? How will you prevent unauthorized people from accessing confidential information? Should you allow access to social media from these devices? Are certain websites off limits? “I highly advise that you use business devices for business and personal devices for personal use, if possible,” Walter Christian, regional technology director at FirstService Residential, said. “Never allow your spouse or children to use business-owned devices. This level of separation will minimize the risk of a breach, as well as maintaining the chain of custody with respect to your computing.”
Whether you create a simple manual or require board members to take a class, cyber security awareness training is a good idea. This way, everyone on the board is following the same procedures and policies. Understanding password security is part of that training. “Develop a system of passwords with a level of separation to minimize your risk of exposure in the event of a security breach,” Christian said. “Also, never share your passwords. You should also never explain your system of passwords. You never know who is 'listening.’
3. Check the security of the software you use in operations.
Using software that is specially designed for homeowners associations can make many tasks easier for both board members and residents. However, it must incorporate robust security designed to prevent the introduction of malware and unauthorized access to sensitive information. Whatever software you choose, ask the vendor for details about its security – you’re protecting your investment, not being nosy! Christian said that making sure updates are done regularly is critical. “Stay up to date with security patches. Although the bad guys will always be one step ahead of the hardware and software manufacturers there are always updates to the existing vulnerabilities,” he said. “It is a matter of personal responsibility to ensure all your devices are up to date with security fixes. If we knew that the lock to our front door was broken we would treat it with urgency, so why not do the same with your devices.”
Businesses today often use online file sharing services, and Christian recommends care when doing so. “Dropbox, Box.net and OneDrive are very popular online file sharing services. The services are very convenient but they are also targeted on a regular basis,” he said. “When you get an email suggesting that someone is sharing a file or folder with you it is worth the time to ensure that the sender actually sent you that email over the time you will spend trying to figure out what was breached if the link is a fake redirect.”
4. Promote cyber security awareness among residents.
Use available communication channels to inform residents about cyber security. Include tips in your community newsletter, social media, emails or letters, on your website and on flyers in common spaces. Follow them in your own home! “Regardless of how savvy your household may be they will always be the weakest link,” Christian said. “In this era of home networks, family devices, Internet-connected thermostats and refrigerators, every device is a point of weakness and the fact remains that the more users you have of these devices the more likely you are to have a breach.”
Safety and security mean a lot more than the walls of your building or the fences of your neighborhood. In today’s world, hackers and scammers can cause even more harm than traditional thieves. Understanding the dangers and being vigilant when going online are responsibilities that every board member—and every resident—should undertake to protect your community.
An experienced property management company can help you protect your information from cyberattacks while making it easier to conduct business online. Contact First Service Residential, Pennsylvania’s leading community association management company, to learn more.