Homeowners associations: There’s a special version of this post just for you! Cybersecurity for HOAs 101
You likely don’t think of your email inbox as a treasure trove of sensitive data that hackers would love to get their hands on. However, a landlord’s communications often involve personally identifiable information (PII)–tenants’ full names, social security numbers, current and former addresses, dates of birth, places of employment, credit history, contact information, and more. It’s all of the information that hackers need to piece together the identities of countless people who’ve trusted you with their information.
Next, think of all of the financial transactions that you engage in each year. From rent payments and security deposits to payments to contractors, think about the impact that it would have on you for the security of those accounts to be compromised. What about the years’ worth of taxes and property records that you keep on file? What kind of havoc could a cybercriminal wreak on your business if they had access to this information?
A recent Multifamily Executive article observed:
“Maybe if we don’t talk about the potential for data breaches in the apartment industry, the identity thieves won’t know we’re here. That seems to be the attitude among apartment operators when it comes to data security and the potential for resident information being compromised or stolen.”
Why does cybersecurity fail to garner the concern it warrants among landlords? There’s a dangerous misconception that individuals and small businesses can fly under the radar because hackers aren’t interested in the type of data that they possess. Let’s dig into this important topic to set the facts straight.
Cybersecurity for Landlords 101:
What Kind of Data Do Hackers Want?
Did you know that email addresses, phone numbers, and billing addresses are all digital currency that’s in high demand among hackers? This type of data–known as personally identifiable information (PII)–is sold between hackers on the “dark web,” the digital black market for stolen identities, fake passports, hitmen, and so, so much more.
Every time there’s a data breach, there are thousands–perhaps millions–of people willing to pay for this leaked information. Once hackers get their hands on your log-in information, they’ll proceed to test it on thousands of websites. They’re not doing this manually, either–they have software that does it for them instantaneously. So by using the same log-in information across countless sites, when one company inevitably has a breach, you’ve given hackers the keys to all of your accounts in one fell swoop. You can find out if your account info has been leaked on the site Have I Been Pwned?
There are also people working to piece together information that they collect about you from multiple online sources into whole identities–from your photo and address to your social security number and date of birth. In the social media era, this information is surprisingly easy to gather–and as you can imagine, it’s extremely attractive to identity thieves. If a breach happens to you, everyone whose information you’ve saved is exposed to a great deal of risk–and you’re exposed to a tremendous amount of liability.
So landlords are already attractive to cybercriminals because of the sums of money they process and the sensitive data they collect–and when that’s combined with a dearth of security measures, it creates a perfect storm.
Keep in mind that cyberattacks aren’t the sole concern here. Just 48% of data breaches in small businesses are perpetrated by malicious hackers–meaning that just over half of all data breaches result from improper storage and handling of sensitive data. We’ll go over what you need to do to prevent a nightmare from happening in the second half of this post.
Cybersecurity for Landlords 101:
Common Types of Cyberattacks
Here are the most common cyberattacks that you should familiarize yourself with and protect yourself against:
Cyberattack #1: Email Scams
You’ll receive an email inviting you to participate in a scam masquerading as a fantastic deal. You can recognize this type of attack because it’ll require you to provide money or bank account info up-front… and the fact that the offer is coming from a complete stranger with questionable grammar.
Here’s an email scam example that I pulled from my own inbox:
Here’s another example of an email scam:
Cyberattack #2: Phishing
You’ll receive a transactional email letting you know that there’s an issue with one of your accounts that requires you to sign in. However, the email is not actually from the company it claims to be from; so when you enter your account details, you’re giving sensitive data directly to a cybercriminal. Keep reading for tips on how to recognize and avert phishing scams in the next post.
Here’s a phishing example from my inbox:
Here’s a sneakier phishing attack masquerading as a transactional email from American Express. This could trip you up if you have an AmEx account; but if you take a moment to carefully read the message, you’ll realize that something seems fishy.
Cyberattack #3: Viruses
Viruses come in a variety of forms, but they always involve you downloading a file that performs a function on your computer that you didn’t intend. A common one right now will pop up in your browser letting you know that you need to update your Flash player. However, rather than taking you to Adobe’s website to download the latest version, it’ll trick you into downloading a file from a different site (such as flash.com). Once it’s on your computer, it could cause scores of unwanted ads to pop up, steal your personal information, or more potentially dangerous actions.
Cyberattack #4: Trojan Horses
Trojan horses, like their namesake, hide within computer program that you’ve installed so you don’t notice that they’ve snuck in. After being embedded into legitimate programs by hackers, these files install themselves onto your computer. They can then steal information, delete files, hijack your webcam, and more.
Cyberattack #5: Botnets
Botnets are “software robots” controlled by hackers that can be used to spread malware throughout your network via emails from your device. They can also be leveraged (along with other people’s devices) as part of a distributed denial-of-service (DDoS) attack–the massive cyberattacks that occasionally take down business or government websites.
Now that you understand the dire importance of protecting yourself from security risks, which measures can you take to improve? Check back next week for step-by-step instructions on locking down your data, emails, mobile devices, and more.
Robin Burinskiy is the Senior Content Writer and Managing Editor for the All Property Management Blog and Buildium Blog. She cut her teeth as a marketing copywriter at Wayfair and TechTarget, and she spends her free time perfecting her lifestyle blog, Feather & Flint. She holds degrees in psychology, sociology, and songwriting.