Hackers and malware are everywhere. Whether you’re a small business being taken advantage of with ransomware, or even the U.S. government sitting on sensitive information of staff with security clearances, you’re at risk. Condo Associations and Homeowners Associations are potentially juicy targets for hackers for a number of reasons. First, you have valuable information that hackers want. You have names, addresses, phone numbers, license plates, potentially even social security numbers. You likely have billing and banking information for Owners and the Association. Finally, you’re in a sweet spot of likely not quite big enough to invest in cybersecurity, but you have valuable data. Don’t be caught unaware – make sure you have good approaches for Condo Association cybersecurity.
Practice Basic Cybersecurity Hygiene
Make sure you are following basic cybersecurity tips with your hardware in your Condo’s offices.
These steps include:
- Keep your business network (i.e., the office network) separate from any networks Owners use. Use a different password with stronger password requirements than is typically used for Owner networks.
- Ensure all of your operating system software is up to date and that you have up-to-date virus/malware protection software.
- Implement a firewall system, and further consider locking it down to prevent employees from browsing malicious sites (known lists are here) or engaging in peer-to-peer activity.
- Enable two-factor authentication (2FA) wherever possible. If you have an Association email account, social media account, banking, etc., use 2FA for all of them. There is no excuse for not implementing this vital security feature.
If you start out by following these basic steps, you’ll be ahead of the game with Condo Association cybersecurity.
Provide Strict Access Controls and Secure Sensitive Data
Hardware and software are important, but ultimately it’s usually people who – wittingly or unwittingly – are often the cause of many cyber breaches. Ensure you’ve got basic – or better – controls to minimize the damage that can be done. Here are tips to ensure you’re protecting your secure and sensitive data:
- Don’t keep sensitive Owner personal or billing information on a computer multiple people have access to, or on a shared account. If you have an “office computer” that all of your staff uses, that’s not the place to keep sensitive files. Your maintenance staff likely does not need to have access to a computer with billing information, for example.
- Ensure everyone understands what data is sensitive (i.e., billing and banking information), who is allowed to handle it and how it should be protected.
- Ensure employees understand why you have content-filtering policies or software in place, and that work computers are for work only. Get them basic training – at a minimum – on avoiding spam and phishing emails. It seems obvious, but the reason phishing attacks are common is because they work.
- Encourage employees to change passwords often. This is easy but needs to be enforced, as people get lazy.
- Encrypt sensitive data, which can be done to the data itself (i.e., encrypt and password-protect the files themselves), or the hard drive as a whole. You also want to back up the data – either to a secure cloud location or on a secondary (also encrypted) hard drive.
This is by far the toughest part of Condo Association cybersecurity, but it is the most important. Make sure your people are trained and you’re investing in the right protections.
Hire Professional Help – With Good Requirements
If you believe your team can’t handle cybersecurity on their own, you can look to hire an IT company to help. The important part here is to ensure that the company you hire is actually helping you solve the problem and not just selling you services you don’t need. Make sure that you provide them with concrete requirements. Outline the specific data you’re trying to protect, and ask the options they would offer. It may make sense to hire technical representation before engaging with a company. Many providers may just slap up basic firewall software and an operating system and call it a day, which is not sufficient. Use this article and the resources below as a way to prompt a conversation with IT providers on what you’re trying to do and secure.
A Little Can Go a Long Way
While criminal hackers are undoubtedly advanced and good at what they do, the reality is that most hacks come from people doing dumb stuff. Your job is to stop prevent things like like clicking suspicious links or going to illicit websites while at work. You can greatly improve your Condo Association cybersecurity by preventing your staff from making such mistakes. While no one likes to have to pay more, investing in cybersecurity is a classic situation where an ounce of prevention is worth a pound of cure.
For more information, here are articles to help you dive deeper on Condo Association cybersecurity: