Are you a landlord or a property manager? There’s a special version of this post just for you: Cybersecurity for Landlords 101
Cybersecurity for HOAs: What’s at Stake?
Think for a moment about the data that you store on your association’s residents. If your files were to make it into the wrong hands, an identity thief could instantly have access to owners’ full names, social security numbers, current and former addresses, dates of birth, credit history, contact information, and more. It’s all of the information that they would need to piece together the identities of countless people who trusted you with their information.
Next, think about the financial transactions that pass through your office each month. From owners’ dues to contractors’ paychecks, think about the impact that it would have on your association for the security of those accounts to be compromised. How long would it take for you to get back on your feet?
What about the years’ worth of taxes and records that you keep on file? What kind of havoc could a cybercriminal wreak on your association if they had access to this information?
Why does cybersecurity fail to garner the concern it warrants among homeowners associations? First, there’s the misconception that small businesses (a designation that includes your HOA) can fly under the radar. Second, there’s a fundamental misunderstanding of the value of the data that we possess. Let’s dig into both of these important topics to set the facts straight.
Cybersecurity for HOAs 101:
What Kind of Data Do Hackers Want?
Did you know that email addresses, phone numbers, and billing addresses are all digital currency that’s in high demand among hackers? This type of data–known as personally identifiable information (PII)–is sold between hackers on the “dark web,” the digital black market for stolen identities, fake passports, hitmen, and so, so much more.
Every time there’s a data breach, there are thousands–perhaps millions–of people willing to pay for this leaked information. Once hackers get their hands on your log-in information, they’ll proceed to test it on thousands of websites. They’re not doing this manually, either–they have software that does it for them instantaneously. So by using the same log-in information across countless sites, when one company inevitably has a breach, you’ve given hackers the keys to all of your accounts in one fell swoop. You can find out if your account info has been leaked on the site Have I Been Pwned.
There are also people working to piece together information that they collect about you from multiple online sources into whole identities–from your photo and address to your social security number and date of birth. In the social media era, this information is surprisingly easy to gather–and as you can imagine, it’s extremely attractive to identity thieves. If a breach occurs in your association, everyone whose information you’ve saved is exposed to a great deal of risk–and you’re exposed to a tremendous amount of liability.
So HOAs are already attractive to cybercriminals because of the sums of money they process and the sensitive data they collect–and when that’s combined with a dearth of security measures, it creates a perfect storm.
Keep in mind that cyberattacks aren’t the sole concern here. Just 48% of data breaches in small businesses are perpetrated by malicious hackers–meaning that just over half of all data breaches result from improper storage and handling of sensitive data. We’ll go over what you need to do to prevent a nightmare from happening in the second half of this post.
Cybersecurity for HOAs: Common Attacks
Here are the most common attacks that your association should familiarize itself with and protect itself against:
Common Security Attack #1:
You’ll receive an email inviting you to participate in a scam masquerading as a fantastic deal. You can recognize this type of attack because it’ll require you to provide money or bank account info up-front–and the fact that the offer is coming from a complete stranger with questionable grammar.
Here’s an email scam example that I pulled from my own inbox:
Here’s another example of an email scam:
Common Security Attack #2:
You’ll receive a transactional email letting you know that there’s an issue with one of your accounts that requires you to sign in. However, the email is not actually from the company it claims to be from; so when you enter your account details, you’re giving sensitive data directly to a cybercriminal. Keep reading for tips on how to recognize and avert phishing scams in the next installment of this series.
Here’s a phishing example from my inbox:
Here’s a sneakier phishing attack masquerading as a transactional email from American Express. This could trip you up if you have an AmEx account; but if you take a moment to carefully read the message, you’ll realize that something seems fishy.
Common Security Attack #3:
Viruses come in a variety of forms, but they always involve you downloading a file that performs a function on your computer that you didn’t intend. A common one right now will pop up in your browser letting you know that you need to update your Flash player. However, rather than taking you to Adobe’s website to download the latest version, it’ll trick you into downloading a file from a different site (such as flash.com). Once it’s on your computer, it could cause scores of unwanted ads to pop up, steal your personal information, or more potentially dangerous actions.
Common Security Attack #4:
Trojan horses, like their namesake, hide within computer program that you’ve installed so you don’t notice that they’ve snuck in. After being embedded into legitimate programs by hackers, these files install themselves onto your computer. They can then steal information, delete files, hijack your webcam, and more.
Common Security Attack #5:
Botnets are “software robots” controlled by hackers that can be used to spread malware throughout your network via emails from your device. They can also be leveraged (along with other people’s devices) as part of a distributed denial-of-service (DDoS) attack–the massive cyberattacks that occasionally take down business or government websites.
Now that you understand the dire importance of cybersecurity for HOAs, which measures can you take to improve? Read Part 2 now?for step-by-step instructions on locking down your association’s data, networks, emails, mobile devices, and more.
Robin Burinskiy is the Senior Content Writer and Managing Editor for the All Property Management Blog and Buildium Blog. She cut her teeth as a marketing copywriter at Wayfair and TechTarget, and she spends her free time perfecting her lifestyle blog, Feather & Flint. She holds degrees in psychology, sociology, and songwriting.