How to Protect your Homeowners Association from Cyber Theft?
Technology as great as it is comes with risks. The risks of getting hacked online or a data breach are higher than ever these days. As a Homeowners Association board member, this is one of many risks you may worry about. You already have enough to worry about such as accidents, injuries, and potential lawsuits. Data security is just one more thing to add to your list. Homeowner Associations (HOAs) handle a lot of personal information daily that cyber-criminals would love to get their hands on, such as:
- Homeowners names and addresses
- Social security numbers
- Bank account numbers
- Credit card numbers
- Credit histories
How To Protect your Homeowners Association from Cyber Theft?
Cyber theft becomes more sophisticated every day and the risks for a data breach increase. With each new firewall or security system, hackers develop a new way to break through. More than half of Homeowners Associations in the U.S. currently have policies and procedures to keep and store homeowner data. Regardless, fraud and theft are the top concerns. Ransomware, hacking, and phishing are the most commonly used forms of hacking according to a report by the Foundation of Community Association Research (FCAR).
- 52% of all breaches occur from an unauthorized user accessing a network illegally. This can be done externally and within the association.
- 32% of breaches occur due to phishing, where a cyber criminal sends an email designed to mimic a trusted resource. When a board member believes it is authentic and provides login credentials, the data becomes accessible to the thief.
- 71% of all data breaches are financially motivated.
- 58% of small-sized businesses experienced data breaches last year, so it is not all about the big corporations. Thieves believe that smaller companies have fewer resources available to protect their data.
Small breaches can cause big expenses. A breach of a small or medium business can bring on average $1.43 million in costs. On average costs can occur for breaches in smaller companies. Costs include compensation to association members, fines for stolen credit card information, and legal defense costs. An emerging type of data breach is called social engineering. A cyber criminal sends an email that evokes fear or urgency in a board member, essentially conning him or her into divulging personally identifiable information. No matter how well-intentioned board members may be, they are always one mistaken email away from a scam and a data breach. That’s why protecting your association and its board is essential. Thankfully, you can take steps to protect both your personal liability and that of the association in the event of a breach.
Protecting Against a Cyber Theft
Review your association’s insurance coverage. Do not just assume that the association’s directors and officers (D&O) policy offers protection. These policies provide liability coverage for claims when individual members (or the board) fail to act or act wrongfully. They do not necessarily cover cyber liability unless it’s specifically listed within the policy. The association’s crime and fidelity policy is designed to protect the money in the association’s accounts. This may provide some coverage depending on the endorsements included in each association’s plan. You want to make sure that your association’s crime policy includes the following:
- Computer fraud: Covers loss of money, securities, and property as a result of using a computer to fraudulently transfer funds from inside or outside of the association.
- Funds transfer fraud: Covers losses resulting from theft of association funds by means of fraudulent communication (phishing email or scam).
- Fraudulently induced transfers: Covers losses due to any act that influences a person to take actions that may or may not be in their best interest (social engineering scam).
Homeowner Associations also should consider investing in cyber liability coverage if it’s not specified in their D&O policy. Look for policies that provide coverage for:
- first-party (losses and damages to the association)
- third-party (losses and damage to outside entities)
These will cover many of the expenses of data breaches, including legal and forensic services, regulatory expenses, notification costs, crisis management, and credit monitoring for all who were involved. Most cyber liability policies will include a retroactive date which is important because 56% of all breaches take several months to discover. In addition to reviewing the association’s insurance coverage, there are additional steps you can take to improve data security.
- Make sure all personally identifiable information is encrypted and stored on a secure server.
- Use complex passwords with a combination of lowercase letters, uppercase letters, numbers, and special characters.
- Implement two-factor authentication that requires users to log in twice from two different devices.
- Give administrative privileges or personally identifiable information access only to board members whose specific roles require it.
If possible, resource an outside cyber security firm that can monitor association data and alert the board of any concerns. The risk of data breaches grows every year, and homeowners trust their Homeowners Association board to keep their information safe. Take the necessary steps to prevent cyber attacks and save board members and residents from expensive headaches down the road.