In today’s wired world, hackers are stealing data more often and in more sophisticated ways from all types of organizations, and with the volume of data managed by community associations — from association documents to homeowners’ personal information — community associations are treasure troves of data that are ripe for security breaches. When that data fall into the wrong hands, consequences include crime, lawsuits, loss of trust in the association, and more.
And if you think only large associations have to worry about this risk, think again: according to Symantec’s 2016 Internet Security Threat Report, 62 percent of data breach victims are small to midsized enterprises, and the average cost of such an attack is $38,000.
Learning about data security and protecting your association and your homeowners from a breach falls squarely within a board member’s fiduciary duty. By taking the following steps, you’ll rest easier knowing that your community is digitally defended.
1. Check local, state and federal law. Ask your attorney, or review applicable laws to see what types of data your community is responsible for securing. Bear in mind that personal data can include anything from obviously sensitive information, like bank account numbers and signatures, to HOA-specific data, such as access codes or passwords. The law will also spell out any specific steps your association is responsible for taking in order to properly protect your homeowners.
2. Set clear rules. Sit down with your board and community manager and define what kinds of documents and data need to be protected. Document rules about who can access that data and for what specific purposes. Make sure that everyone on the board is clear about the security procedures.
3. Password protect data – wherever it’s stored. It might be tempting to conveniently share a folder on Google drive, but once you do that, the information could easily be shared by anyone else with access. Consider it cheap insurance to spring for an encrypted cloud service to protect electronic files. Additionally, don’t email unencrypted, or non-password protected files. You can quickly encrypt files with easy-to-use encryption applications.
4. Destroy unnecessary information. The less information you have to leak, the less your association is liable for. Destroy or arrange for the destruction of any records containing information your association doesn’t need. Shred any paper documents and fully erase any digital files. It’s not enough to simply click “delete.”
5. Buy the right insurance. Speak with your community association insurance provider and ask them whether any of your policies cover the damage that could result from a data breach or digital attack. If it isn’t, now’s the time to get your community and your board covered just in case.
6. When technology evolves, evolve with it. Outdated platforms, processes and protocols can leave your association wide open for a breach because once systems are outdated, the system’s creators generally concentrate their efforts on ensuring compliance in their most updated platform, leaving older versions vulnerable to the newest security threats. This is where a security-driven management partner helps. One of the responsibilities of a community management partner is to ensure your association’s data is safeguarded. Associa does this with a number of measures including: housing a physically secure data center with tightly controlled access permissions, industry-leading proprietary software, and maintaining GAAP compliance.
The truth is, because of fast-paced technological advancements there are always new threats to data security, which means that there is no “set it and forget it” method for maintaining your association’s data security. But, by adhering to these security precautions, you can greatly reduce the risk of your homeowners’ data getting stolen or leaked.
About the Author
Michael has focused on all aspects of security at Associa since 2010. Before that, he worked in a variety of security roles in the banking and medical industries as well as the security software industry itself. His experience includes online fraud protection, customer privacy, breach prevention, incident response, detection, analysis, investigations and more.More Content by Michael Applegate