10 Ways to Protect Your Community Association’s Data
Handling countless pieces of information and processes a day is part and parcel of the job at community management companies. The data you are responsible for managing is sensitive to your company, resident, employees, board members, and other stakeholders. You’re documenting resident personal and financial information, staff information, board meeting minutes, maintenance contractors, budgeting, marketing, the company website, and the list is endless. So how do you protect your community, employee, and the organization’s assets from cyber threats?
First, here’s what you need to know about cyber crime and the extent of its impact on businesses, according to PWC’s Global Economic Crime Survey.
- Cyber crime is the second-most reported economic crime in 2016.
- Criminal’s focus has shifted more toward the digital landscape in the past year.
- 32% organizations surveyed reported they have been affected by cyber crime. 34% think they will be in the upcoming years.
- Astoundingly, only 37% of organizations reported having a response plan to combat cyber attacks.
- ⅓ of the respondents reported more than $100 million in losses.
- The strongest impact cyber crime had on these businesses were:
- Damage to reputation
- Increased legal, investment, or enforcement costs
- Service disruption
- Theft of company or personal information
- Regulatory compliance risks
- Financial loss
- Intellectual property (IP) theft
Here’s what your team can do to minimize cyber risks and its impact to the company:
Perform a security audit regularly
The purpose of a security audit is to review existing data systems and processes to identify any potential threats. The security audit should assess:
- All company-internal infrastructure – Are internal servers, company website, hardware, software, and firewall all secure?
- Personnel – Who is responsible for making IT-related decisions? Who do they report these decisions to?
- Third-party applications – research all the third-party software applications personnel use for security features. Contact your currents software companies as soon as possible to confirm they are using the latest HTTPS, and hash encryption security measures.
- Frequency of the security audit – How many times a year and is it sufficient enough?
- Who is legally liable for information theft and other damages occurred from cyber criminal activities?
Establish an IT team or hire an IT staff member
A residential management company will strongly benefit from creating an IT team or assigning an individual to manage the company’s intranet structure and third party apps. The individual/team should have or gain a strong understanding in the company’s technology infrastructure along with data disaster prevention and recovery.
Establish security policies for your team
A policies document should encompass all the do’s, don’t’s, and best practices for keeping company and personal information safe. For example, do not open any suspicious links in emails or websites. Don’t allow anyone to remotely access your device unless it’s from a verified source and is compliant with company policies. Provide employees with information on how to detect malware attacks, such as Heimald Security’s 14 Warning Signs guide. Furthermore, these policies should be enforced through a top-down approach, with inclusion from the C-level suite to all staff.
Establish strict access controls
Establishing controls and permission-level access to software use and other company information heightens employee accountability and stops sensitive information from passing through the wrong hands. Supply the required access of information to executives, managers, personnel, board members, contractors, and residents.
Backup all data regularly
Are your documents currently stored on your device’s hard drive? If yes, then you may find it beneficial to back it up on a cloud storage system, an external hard drive, USB drive, or auto-schedule syncs regularly to a cloud system. Additionally, if you are using a property management system or plan to in the future, use a cloud-based system. A cloud-based system has many benefits: frees up the company systems’ bandwidth, access via multiple devices, ease of collaboration with others, and can oftentimes reduce the size of your IT department as cloud software auto-updates.
Share financials with stakeholders via password protected access
Certain states mandate (including Florida, recently) that residential management associations must provide financial reports to residents in a password-protected site. Determine how to securely provide this information to your residents and provide a separate password for each resident. Encourage your residents to create a secure password by mandating character specifications. A strong password that meets safety standards contains a capital letter, lower case, number, symbol, and be over 8 characters.
Install an antivirus software
To prevent benign or malicious attacks on your device, install a trusted antivirus software and encourage your staff to do the same. Perform scans regularly and on an incident basis, should you or any of your staff open a suspicious email link or website.
Inform employees of any ongoing malware attacks
It’s always best to keep your employees informed of any ongoing malware attacks. Send you staff emails with a news article specifying the details of the malware attack. Include in the email company resources and policy guides to help keep them safe and compliant.
Inform residents of security policies and best practices
It only benefits your community to extend the same concern of security policies for your residents as you do for employees. Updating a best practices guide with expert tips from your IT personnel or team can help residents stay safe while browsing on the net.
When in doubt, ask!
Data security is a growing field as new challenges continue to arise. As a manager, you may not know every detail there is to know, and that’s okay. Utilize the expertise of your staff and perform some research to keep up with latest updates on cyber-security. The main takeaway is data loss prevention – enable your staff by providing them with the tools and information to keep theirs and the company information safe from cyber attacks.
Pilera is an all-in-one community and property management solution that helps community managers, board members, and residents to enrich community life. We use some of the latest technology and security standards such as HTTPS security and SSH certificates to make it safe for both residents and managers to perform all activities on our platform.