Cyber Security: Four Ways Board Members Can Keep Your Association Safe

Technology has made a lot of tasks easier and faster than ever before. Thanks to “the cloud,” we have access to important information, photos, videos and social media 24/7, in the palms of our hands. Community associations have benefitted from technology; much of the day-to-day business of running an association can be done much more easily than 30, 20 or even 10 years ago. For example, specialized property management software can help associations streamline transactions, including paying bills with electronic signatures. It can help improve communication with residents and it can increase security via cardkey data and digital security cameras that upload directly a server instead of using tapes.

Speaking of security, all that wonderful technology can have vulnerabilities too. Securing your association’s data is more important every day, as hackers become ever more sophisticated and intent on breaching your systems.

As a board member, you may be thinking, “We’re all volunteers. What do we know about security?” If no one in your community is knowledgeable in this area, hiring a cyber security professional would be a valuable investment. This professional can review your existing protection, recommend ways to improve it and perform any upgrades you can’t do yourself. A good property management company can help, either by providing an in-house expert or by referring you to a reputable cyber security specialist.

Before you begin to determine how to keep your association safe, take a look at what you are safeguarding. Phil Pool, Vice President at FirstService Residential, recommends that associations conduct an inventory of their data before beginning to implement cyber security protocols. Consider the following:

1. What kind of data do you have in your records?
2. How is that data handled and protected?
3. Who has access to that data and under what circumstances?

Once the inventory is taken, Pool said, document it and keep a record of its location and move it to more appropriate locations if needed.
Meanwhile, your board can implement the four steps below to begin putting your association on a more secure path.

1. Establish a cyber security policy.
   Your community association is essentially a small business, and just like any business, it should have an established policy for handling online security. Of course, your governing documents and local laws will dictate how to add a new policy. Such a policy should include:
   1. Roles. Who should have access to what information? Who should have administrative privileges? Who will have responsibility for managing cyber security?
   2. Potential risks and a plan of action. What are some of the possible security breaches that might occur, and what can you do to mitigate those risks? How should board members address mishandling or accidental leaking of personal information? Who should you contact if you suspect criminal hacking of your data?
   3. Rules about using association devices. If your association owns computers or mobile devices for board members or residents to use, do they contain sensitive information? How will you prevent unauthorized people from accessing confidential information? Should you allow access to social media from these devices? Are certain websites off limits?
   4. Response to a breach. “Plan for the worst; hope for the best,” Pool said. “You need to plan how to handle data loss or theft in the event that it does occur. Online Trust Alliance has a comprehensive online guide about preparing for data breaches. The Federal Trade Commission has materials about securing data in the care of the association and how to protect their customers’ privacy, including an interactive video tutorial.”

2. Develop cyber security board training.
   Whether you create a simple manual or require board members to take a class, cyber security awareness training is a good idea. This way, everyone on the board is following the same procedures and policies.

3. Provide residents with cyber security information.
   Use available communication channels to educate residents about cyber security. Include information in your community newsletter, send out emails or letters and post tips on your community website and on a centrally located bulletin board. 

4. Make sure that your association software is secure.
   Using software that is specially designed for homeowners associations can make many tasks easier for both board members and residents. However, it must incorporate robust security designed to prevent the introduction of malware and unauthorized access to sensitive information. Along those lines, Pool said, “If the property has Wi-Fi make sure that it is secure and encrypted.“

Safety and security go well beyond the walls of your building or the fences of your neighborhood. In today’s world, hackers and scammers can also cause significant harm. Understanding the dangers and being vigilant when going online are responsibilities that every board member—and every resident—should undertake to protect your community.

An experienced property management company can help you protect your information from cyber attacks while making it easier to conduct business online. Find out how. Contact FirstService Residential, the DC Metro area’s community association management leader, today.