While cyber threats against community associations may not make headlines, these volunteer organizations are prime targets for cybercriminals because their information technology (IT) systems are typically low-tech and house sensitive information.
Community association board members are not typically elected to their positions based upon their IT expertise, which means the associations don’t usually have a:
- Risk assessment plan to identify system vulnerabilities
- “Go-to person” qualified to manage cybersecurity tasks
- Technician qualified to handle a data breach, or
- Documented security-incident response plan
Because community associations are often ill-prepared to protect themselves from cyber attack, they are particularly vulnerable to the top issues threatening cyber security today.
Top 5 Threats to Cyber Security
#1 Social Engineering Threats
Social engineering uses phone calls and emails to trick people into handing over access to an organization’s sensitive information.
Real-world Example: A board member received an email from someone impersonating the association’s insurance agent who requested a wire payment for the renewal premiums. The board member wired $75,000 to the account of the impersonator.
Ransomware is a form of malware that encrypts a victim’s files. Many hackers send fraudulent emails and when the link is clicked, the malware is downloaded onto the victim’s computer. Once the computer is frozen, the hacker demands a ransom be paid to “free” the files.
Real-world Example: A board member’s computer files were seized after the member clicked on a phony email attachment. The board member was forced to pay $300 in Bitcoin to avoid exposing homeowners’ Protected Personal Information (PPI), including financial records.
#3 Lost or Stolen Laptop
Laptops used for community association work tend to have little or no security protocols.
Real-world Example: A property manager’s laptop was stolen after he left it in his car. Because the passcode was weak and easily duplicated the homeowners’ PPI was put at risk, and the incident could have resulted in a data breach lawsuit.
#4 Email Hacking
Email hacking is a form of social engineering where the hacker gains access to a board member’s email account and sends emails posing as the board member.
Real-world Example: A board member’s email was hacked, and the hacker sent an email asking the board treasurer to cut a check for $10,000 to buy a painting for the lobby of the condo association.
#5 Remote Working
With so many employees working remotely during the pandemic, cybercriminals are taking advantage of less-secure home networks and a general lack of oversight.
Real-world Example: A community association treasurer’s home computer was compromised by a malware program. The invasive software allowed the hacker to access and capture homeowners’ PPI—the very definition of a data breach.
These real-world stories illustrate the many cyber security risks that community associations face—not only the loss of association funds and the personal financial risks to individual homeowners, but also the association’s exposure to potential lawsuits from anyone who suffers damage as a result of a data breach.
Just one stolen laptop, one resourceful hacker, one virus or even one lost record of data can create enormous financial and reputational consequences for an association. With more than 340,000 community associations in the U.S. and attacks on the rise, it’s important to be prepared with the right coverage.