Technology and cybersecurity aren’t always top priorities for condo and HOA communities. But we strongly believe they should be.
Think of it this way. Failing to proactively take steps to protect your community data (names, credit cards, emails, phone numbers, etc.) is kind of like leaving the front door of your home unlocked. Your home will probably be fine. But there is a chance that someone could sneak in, take your most valuable items, and never be caught.
Table of contents
- Types of data threats
- Prevalence of cybersecurity breaches in community associations
- Data collection/protection policies
- The importance of secure software
- What to do if you are hacked
- Suggestions for minimizing technology-associated risks
Cyberattacks are becoming more common and more sophisticated. In fact, a large study conducted in 2022 found more than 255 million attacks over a six-month period. That’s a 61% increase compared to the same timeframe in 2021.
As more security and data breaches occur, laws are being created and amended to help protect personal and financial information. But communities that get on top of this issue now will be better prepared to defend against cyberattacks and compromising situations.
Types of data threats
Phishing and ransomware are the most common forms of cyberattack on community associations.
Phishing occurs when a hacker pretends to be someone they are not. For example, they may pretend to be a member of the community, or the community manager, but the email from which the message is being sent might look something like this: firstname.lastname@example.org. After closer inspection, it’s easy to see the sender is using a fake account.
Other red flags to look out for include poorly written messages with several typos, tones/phrases that don’t match the sender’s usual way of writing, or requests for personal information such as credit card numbers or login information.
Hackers may obtain an email address belonging to the board, manager or staff through the following ways:
Buying email lists
Hackers know where to look to purchase email lists. Some lists will provide them with thousands of email addresses. Fortunately, many people who buy lists to send spam emails are unsuccessful. That’s because email service providers are serious about preventing senders from sending spam to their customers and may block these individuals from using the platform when they are caught.
Those looking to obtain data illegally can also harvest emails. They do this by instructing a bot to crawl the internet and find “@” symbols. Emails are then added to a list. Communities can try to avoid being added to these lists by spelling out their emails (using [at] instead of @) so that bots can’t detect them.
By stealing data from one person, such as a board member, hackers may get a hold of many other email addresses, credit card numbers, and even login credentials.
Ransomware is a form of malware that encrypts files. Ransomware infects a computer when a file is opened by the recipient. More aggressive forms of ransomware exploit security weaknesses to infect computers without even needing to trick the recipient.
When ransomware is successful, the hacker will demand a ransom, usually money, from the victim in exchange for restored access to the encrypted data.
Ransomware can be expensive and result in significant data loss. A condo or HOA could end up losing passwords, financial data, records, or personal information belonging to the owners of the community.
Prevalence of cybersecurity breaches in community associations
A study completed by the Foundation for Community Association Research looked at multiple aspects of cybersecurity in U.S. community associations. This included how often condos and HOAs experienced cyber incidents.
While the study is a bit dated, it would be fair to assume that today’s results would be about the same, or even more significant than what they were in 2018.
Communities were asked if they had experienced any hacking or cybersecurity breaches between 2013 and 2017. Less than 10% of total respondents were aware of any such breaches.
However, about 40% of non-manager professionals (accountants, CPAs, IT staff, software vendors) indicated awareness of such incidents.
93% of management staff said they experienced no cyber incidents, while only 59% of non-manager professionals said there were zero incidents.
5% of management staff experienced one incident, while 2% said there were two to four incidents between 2013 and 2017.
15% of non-manager professionals reported one cyber incident, and 7% reported two to four incidents.
Data collection/protection policies
Condos and HOAs are strongly encouraged to have a formal, written policy that clearly outlines the rules and procedures for collecting, storing and securing data. This information should be shared with all board and community members.
Data policies ensure that every person responsible for maintaining data or personal information is taking the proper steps to keep it secure. It also helps owners understand what the community will and won’t do with their data.
More than half of participants who contributed answers to the Foundation for Community Association Research cybersecurity study said that their association had policies and procedures in place for collecting, storing, and protecting member information.
The importance of secure software
Depending on the system, software can help strengthen or weaken a community’s defense against cyber threats.
A reliable, secure system will have its own privacy and security policy for clients, meaning it has thought about the strategies and methods it needs to employ to prevent hackers from obtaining valuable data.
Moreover, it should give every user, including owners, the option to use two-factor authentication. While it’s a simple and highly effective way to keep all accounts safer, two-factor authentication (2FA) remains an underused security measure.
Because it can be a modest inconvenience, some will opt not to use it. But it is a simple way to prevent attackers from gaining access to any account. All staff, board members, and managers should be taking advantage of 2FA to minimize data hacks and breaches.
Finally, a secure platform reduces opportunities for hackers to even attempt to steal data. That’s because instead of having to send an email regarding a work request, parking pass or booking, these tasks can be completed internally within the software. Not only does it minimize the number of emails for staff, but it facilitates a more streamlined, secure environment for condo and HOA communities.
Conversely, software that is free or that has not accounted for security threats can expose communities to hackers and actually make it easier for them to access sensitive information.
Don’t let cost be the key decider when making a choice about software. While the most expensive option isn’t necessary, you do want to ensure you’re getting value for your money. That includes data protection and a security plan that gives you peace of mind.
What to do if you are hacked
Even if your community takes reasonable steps to protect data, a cyberattack can still occur. That’s where cyber insurance comes into play. While condos and HOAs cannot avoid all risks, they can transfer risks through avenues such as insurance.
Cyber insurance covers things like regulatory defense expenses, legal and civil damages, forensic investigations, and crisis management costs. Having this could save your community thousands of dollars.
Condos and HOAs may also consider having liability coverage, or third-party coverage. Cyber liability policies cover legal fees and judgments in cases where owners sue the corporation/association for damages caused by a cyberattack.
Suggestions for minimizing technology-associated risks
Below are some additional tips that cyber-savvy communities have found useful:
- The more you know, the better. Managers and boards may find it helpful to enroll in cybersecurity training and seminars
- Hire IT or cybersecurity professionals to assess the strength of your current security strategies
- Evaluate the effectiveness of community rules and regulations, policies, and procedures, and revise as needed
- Restrict access to association records and data. Make sure owners aren’t given access to personal information belonging to others in the community
- Opt for high-quality antivirus and malware protection software
- Use complex passwords and change them regularly
- If you receive a suspicious or threatening email, don’t respond or click on any links. Instead, delete the email
- It may also be helpful to notify colleagues about fake messages in case they received them too
Ultimately, cybersecurity is everyone’s responsibility, but responsible data management starts with the leaders of the condo or HOA. Don’t hesitate to hire a cybersecurity expert to find out more about what you can do to keep your community data safe.