Previously, we shared a blog post with you that illustrated the cybersecurity challenges and threats that data breaches can cause within Homeowners Associations. In it, we provided actionable advice on how to be proactive in protecting community data.
Fast forward nearly a year later and cybersecurity continues to be a hot topic within the managed community industry. The reality is that many of these small-to-medium-size businesses continue to be underprepared for a potential cyberattack. Problems run the gamut from those that have gone as far as to invest in and purchase a cyber liability policy but have not followed up with bolstering computer security, to those that have yet to even add something like multi-factor authentication to their HOA member portals.
What would make HOAs such a target besides small business vulnerabilities and easy access? HOA databases and accounting software platforms are data goldmines, filled with the kind of data people want to buy on the “dark web.” Think about it – hundreds, if not thousands, of homeowners whose data includes bank and payment card information as well as personal data like Social Security Numbers, dates of birth, and credit histories.
This is what makes money, so cybercriminals are going to target HOAs like they target other industries with similar goldmines (i.e. healthcare industry, online retail businesses). The targets are essentially anywhere that has these databases filled with information that others can use to buy things with other people’s money.
The impact of doing nothing to very little cannot be over-dramatized. That’s because there are many reports of what has happened when cybersecurity has been put on the backburner including email breaches, sensitive data theft, and ransomware attacks. All of these can result in a damaged reputation and huge hit to the financial health of an HOA.
According to a 2022 Cyber Claims Report by Coalition, a digital risk insurance provider, small businesses are facing increased risk and costs. They noted that, “during the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.”
The report added that there are “high-profile attacks targeting organizations with weak or exposed infrastructures — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors.” Dragos, another cybersecurity firm, found that “80% of service engagements have a lack of visibility across OT networks, making detections, triage, and response incredibly difficult at scale.”
Besides the data breaches, HOAs are becoming increasingly aware of the credible threat and significant cost of ransomware attacks. With this type of cybersecurity threat, a fake email is sent with an attachment or link to a managed community employee, Board member, or anyone else that may appear to have system access. If that person accidentally clicks on the link or attachment, then the cybercriminal can gain access to sensitive data that belongs to your management company, employees, or HOA.
Sounds horrible, right? Just wait because it gets even worse. From there, the cybercriminal shuts off all access to the organization’s own data. To get that data back, the organization must pay a ransom, such as some type of financial sum. Sometimes, the cybercriminal still does not give access back to the data and just takes the ransom and runs.
You don’t want this to happen to your management company or the HOA you manage. Ransomware payments are a real issue.
On top of that, there are other digital fraud attacks to look out for and act on. For example, invoice fraud is on the rise. This includes invoices from fake vendor or those from what looks like a legitimate vendor but for a higher dollar amount than the agreed upon amount where the HOA does not notice and simply pays the fake vendor. Employees can be involved or it may be the work of an outside criminal. Either way, it’s another reason you need to act sooner than later to protect yourself and the HOAs you manage.
The previous advice we provided on getting additional external support still stands. However, we also recommend ramping up consistent team training about cybersecurity. It’s also important to find a trusted partner who can connect you with the proper security tools such as cloud storage, multistep log-in verification, and a consultative approach to be vigilant about cybercriminals.
As part of our co-op, members have access to expertise, advice, and solutions that can help better improve a company’s cybersecurity processes immediately. Learn more about becoming an Innovia member.