You likely don't think of your email inbox as a treasure trove of sensitive data that hackers would love to get their hands on. However, a landlord's communications often involve personally identifiable information (PII)—tenants' full names, social security numbers, current and former addresses, dates of birth, places of employment, credit history, contact information, and more. It's all of the information that hackers need to piece together the identities of countless people who've trusted you with their information.
Next, think of all of the financial transactions that you engage in each year. From rent payments and security deposits to payments to contractors, think about the impact that it would have on you for the security of those accounts to be compromised. What about the years' worth of taxes and property records that you keep on file? What kind of havoc could a cybercriminal wreak on your business if they had access to this information?
A recent Multifamily Executive article observed the following:
"Maybe if we don't talk about the potential for data breaches in the apartment industry, the identity thieves won't know we're here. That seems to be the attitude among apartment operators when it comes to data security and the potential for resident information being compromised or stolen."
Why does cybersecurity fail to garner the concern it warrants among landlords? There's a dangerous misconception that individuals and small businesses can fly under the radar because hackers aren't interested in the type of data that they possess. Let's dig into this important topic to set the facts straight.
Did you know that email addresses, phone numbers, and billing addresses are all digital currency that's in high demand among hackers? This type of data, known as personally identifiable information (PII), is sold between hackers on the "dark web," the digital black market for stolen identities, fake passports, hitmen, and more.
Every time there's a data breach, there are thousands—perhaps millions—of people willing to pay for this leaked information. Once hackers get their hands on your log-in information, they'll proceed to test it on thousands of websites. They're not doing this manually either—they have software that does it for them instantaneously. So by using the same log-in information across countless sites, when one company inevitably has a breach, you've given hackers the keys to all of your accounts in one fell swoop. You can find out if your account info has been leaked on the site Have I Been Pwned.
There are also people working to piece together information that they collect about you from multiple online sources into whole identities—from your photo and address to your social security number and date of birth. In the social media era, this information is surprisingly easy to gather and extremely attractive to identity thieves. If a breach happens to you, everyone whose information you've saved is exposed to a great deal of risk, and you're exposed to a tremendous amount of liability.
So landlords are already attractive to cybercriminals because of the sums of money they process and the sensitive data they collect—and when that's combined with a dearth of security measures, it creates a perfect storm.
Keep in mind that cyberattacks aren't the sole concern here. Just 48% of data breaches in small businesses are perpetrated by malicious hackers, meaning that just over half of all data breaches result from improper storage and handling of sensitive data. We'll go over what you need to do to prevent a nightmare from happening in the second half of this post.
Here are the most common cyberattacks that you should familiarize yourself with and protect yourself against.
You'll receive an email inviting you to participate in a scam masquerading as a fantastic deal. You can recognize this type of attack because it'll require you to provide money or bank account info up-front and comes from a complete stranger with questionable grammar.
You'll receive a transactional email letting you know that there's an issue with one of your accounts that requires you to sign in. However, the email is not actually from the company it claims to be from, so when you enter your account details, you're giving sensitive data directly to a cybercriminal. Know how to recognize and avert phishing scams in the next post.
Viruses come in a variety of forms, but they always involve you downloading a file that performs a function on your computer that you didn't intend. A common one right now will pop up in your browser letting you know that you need to update your Flash player. However, rather than taking you to Adobe's website to download the latest version, it'll trick you into downloading a file from a different site (such as flash.com). Once it's on your computer, it could cause scores of unwanted ads to pop up, steal your personal information, or more potentially dangerous actions.
Trojan horses, like their namesake, hide within computer program that you've installed so you don't notice that they've snuck in. After being embedded into legitimate programs by hackers, these files install themselves onto your computer. They can then steal information, delete files, hijack your webcam, and more.
Botnets are "software robots" controlled by hackers that can be used to spread malware throughout your network via emails from your device. They can also be leveraged (along with other people's devices) as part of a distributed denial-of-service (DDoS) attack—the massive cyberattacks that occasionally take down business or government websites.
Now that you understand the dire importance of protecting yourself from security risks, which measures can you take to improve? In Cybersecurity 101: What Landlords Need to Know - Part 2, you'll find instructions on locking down your data, emails, mobile devices, and more.