Protect Your HOA or Management Company Against Data Breaches and Other Types of Cybercrime
For community management companies, your employees are your greatest assets. But did you also know they can be one of your greatest liabilities when it comes to keeping your data secure? Even the most well-intentioned staff members can make a simple mistake that opens your company up to a cybercrime. They can inadvertently jeopardize security by clicking a link, downloading an attachment or being too trusting of an email sender or caller.
That’s what happened to thousands of people in a widespread 2017 cyberattack identified by the Federal Communications Commission (FCC). In that scam, the criminals simply called their victims over the phone and asked, “Can you hear me?”—tricking the person on the other end into saying “yes” into the phone. According to Data Breach Today, the response was recorded and reused as a voice signature in an attempt to make unauthorized charges on personal and business credit card accounts.
Cases like these are good reminders that threats do not always occur from software vulnerabilities. Most business owners are surprised to learn that many breaches happen not from directly hacking into a computer software system but due to human errors like this.
At Alliance Association Bank, we are committed to maintaining robust cybersecurity practices to help keep private client information private. It all starts with the realization that anyone—from the newest intern to C-level executives—can become a target of digital crime and leave your company exposed.
According to an IBM 2019 Ponemon Cost of Data Breach Study, the average consolidated cost of a data breach is around $3.92 million. Records or data stolen loses money, and the average amount of money lost for each record or piece of information stolen comes to $150. A breach has other costs as well: time and clients. According to the report, the average time a breach takes from identification to containment is 279 days—that’s more than three full quarters of your year. And companies that experience a breach have 3.9% abnormal customer turnover.
In 2018, hacking remained the most common kind of data breach, exposing more than 16 million consumer records, according to the Identity Theft Resource Center. Hacking accounted for 39% of breaches—down from 59% in 2017. Helping to explain that change, unauthorized access was blamed for 30% of breaches in 2018, vs. 11% in 2017.
But it’s important to note that nearly a quarter of all breaches are a result of human error. So, what can leaders in the community management industry do to help protect your company?
Create a Protection Plan
Errors happen, but you can defend yourself against cybercrime by knowing the dangers and implementing best practices to prevent breaches.
The Department of Homeland Security urges all CEOs to ask themselves the following questions:
- How is our executive leadership informed about the current level and business impact of cyber risks to our company?
- What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
- How does our cybersecurity program apply industry standards and best practices?
- How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
- How comprehensive is our cyber incident response plan? How often is it tested?
Cybersecurity Is Everyone’s Responsibility
At Alliance Assocation Bank, we advise our clients to understand that cybersecurity is NOT simply implementing a checklist of requirements and expecting to breach-proof your business. A successful strategy should be part of an organization’s governance, risk management and business continuity framework. It also involves employee education and ongoing management of cyber risks.
Make sure to stay informed through real-time and trend data on cyber events, lean on business-line managers to help identify potential supply chain risks created through third-party vendors or cyber dependencies.
Above all, regardless of company size, be sure to implement these simple practices to help reduce the risk of cybercrimes at the office and when doing business remotely from mobile devices or home offices:
- Double Check Data Requests. Teach employees phishing protection basics, such as looking carefully at senders’ email addresses for misspellings and never giving out confidential information to unknown callers or emailers. Set expectations that staff report any phishing attempt or other scam immediately—no matter how small it may seem.
- Designate Specific Computers for Banking and Business Activities. Restrict personal activities on these systems such as internet browsing and access to personal email boxes.
- Review Financial Statements as Soon as They Arrive. Monitor monthly statements for discrepancies and unknown activity.
- Install and Maintain Anti-Virus/Anti-Spyware. Ensure you have a layered security approach that includes anti-virus/anti-financial-malware solutions appropriate to your environment and update them regularly.
- Back Up Data. Perform regular backups of critical data and store data in multiple locations.
- Use Caution with WiFi Hotspots. When accessing business-related accounts and documents using WiFi at a coffee shop, airport or any public space, practice extra caution.
- Enable Security Features on Home Networks. Prevent unwanted access on home networks by enabling security features, using a strong password and encryption.
- Use Care When Social Networking. Do not reveal sensitive information when using social networks such as Facebook and LinkedIn. Modifying settings to prevent strangers from viewing your page is also recommended.
At Alliance Association Bank, we work hard to help our clients in the community management industry learn about the risks associated with cybercrime and implement tools to manage risk. With sophisticated fraud protection features built into our products and services for HOAs, CICs, PUDs, management companies and more, our clients can take a step toward protecting confidential information and prevent breaches.