As a member of a homeowners association, you have access to lots of information the associations residents. From personal information to financial transactions, you bear a lot of responsibility for protecting their data. If your HOA were to experience a security breach, would their information be secure?
Think for a moment about the data that you store on your association's residents. If your files were to make it into the wrong hands, an identity thief could instantly have access to owners' full names, social security numbers, current and former addresses, dates of birth, credit history, contact information, and more. It's all of the information that they would need to piece together the identities of countless people who trusted you with their information.
Next, think about the financial transactions that pass through your office each month. From owners' dues to contractors' paychecks, think about the impact that it would have on your association for the security of those accounts to be compromised. How long would it take for you to get back on your feet?
What about the years' worth of taxes and records that you keep on file? What kind of havoc could a cybercriminal wreak on your association if they had access to this information?
Why does cybersecurity fail to garner the concern it warrants among homeowners associations? First, there's the misconception that small businesses (a designation that includes your HOA) can fly under the radar. Second, there's a fundamental misunderstanding of the value of the data that we possess. Let's dig into both of these important topics to set the facts straight.
Did you know that email addresses, phone numbers, and billing addresses are all digital currency that's in high demand among hackers? This type of data, known as personally identifiable information (PII), is sold between hackers on the "dark web," the digital black market for stolen identities, fake passports, hitmen, and more.
Every time there's a data breach, there are thousand—perhaps millions—of people willing to pay for this leaked information. Once hackers get their hands on your log-in information, they'll proceed to test it on thousands of websites. They're not doing this manually either—they have software that does it for them instantaneously. So by using the same log-in information across countless sites, when one company inevitably has a breach, you've given hackers the keys to all of your accounts in one fell swoop. You can find out if your account info has been leaked on the site Have I Been Pwned.
There are also people working to piece together information that they collect about you from multiple online sources into whole identities—from your photo and address to your social security number and date of birth. In the social media era, this information is surprisingly easy to gather and extremely attractive to identity thieves. If a breach occurs in your association, everyone whose information you've saved is exposed to a great deal of risk, and you're exposed to a tremendous amount of liability.
HOAs are already attractive to cybercriminals because of the sums of money they process and the sensitive data they collect. When that's combined with a dearth of security measures, it creates a perfect storm.
Keep in mind that cyberattacks aren't the sole concern here. Just 48% of data breaches in small businesses are perpetrated by malicious hackers, meaning that just over half of all data breaches result from improper storage and handling of sensitive data. We'll go over what you need to do to prevent a nightmare from happening in the second half of this post.
Here are the most common cyberattacks that your association should familiarize itself with and protect itself against.
You'll receive an email inviting you to participate in a scam masquerading as a fantastic deal. You can recognize this type of attack because it'll require you to provide money or bank account info up-front and comes from a complete stranger with questionable grammar.
You'll receive a transactional email letting you know that there's an issue with one of your accounts that requires you to sign in. However, the email is not actually from the company it claims to be from, so when you enter your account details, you're giving sensitive data directly to a cybercriminal. Know how to recognize and avert phishing scams in the next post.
Viruses come in a variety of forms, but they always involve you downloading a file that performs a function on your computer that you didn't intend. A common one right now will pop up in your browser letting you know that you need to update your Flash player. However, rather than taking you to Adobe's website to download the latest version, it'll trick you into downloading a file from a different site (such as flash.com). Once it's on your computer, it could cause scores of unwanted ads to pop up, steal your personal information, or more potentially dangerous actions.
Trojan horses, like their namesake, hide within computer program that you've installed so you don't notice that they've snuck in. After being embedded into legitimate programs by hackers, these files install themselves onto your computer. They can then steal information, delete files, hijack your webcam, and more.
Botnets are "software robots" controlled by hackers that can be used to spread malware throughout your network via emails from your device. They can also be leveraged (along with other people's devices) as part of a distributed denial-of-service (DDoS) attack—the massive cyberattacks that occasionally take down business or government websites.
Now that you understand the dire importance of cybersecurity for HOAs, which measures can you take to improve? In Cybersecurity for HOAs 101: What Your Association Needs to Know - Part 2, you'll find instructions on locking down your association's data, emails, mobile devices, and more.
Landlords and property managers, there's a version of this post for you: Cybersecurity 101: What Landlords Need To Know - Part 1 as well as Cybersecurity 101: What Landlords Need To Know - Part 2.