Did you know that 75 percent of Americans worry about cybercrime relating to having their personal, credit card and financial information stolen by computer hackers?
Interestingly, HOAs collect personally identifiable information (PII) from members and sometimes even visitors, for the purpose of operating the community. Data collected could include:
- Personal telephone numbers
- Driver’s license number
- Personal address
- Financial account number
- Credit card number
- Face images
- Signatures
The challenge then becomes, if as an HOA you collect PII and associated data, you are also responsible for keeping that information safe and away from those who would steal it for any purpose it was not intended.
How do you do that? First let’s start by understanding what cybersecurity is.
Table of contents
- What is cybersecurity?
- Cybersecurity threats facing HOAs
- Proactive cybersecurity protection for HOAs
What is cybersecurity?
Cybersecurity are plans and applications put in place to actively protect digital systems, networks and programs from attacks by hackers.
In other words, it is a framework of guidelines and best practices that organizations follow to help protect the information they store from being stolen.
For example, if an HOA board member sends an email to a homeowner, that email should be protected with a framework (guidelines and practices) that prevents a third party from intercepting that email, collecting the information and/or impersonating the sender.
If the framework is not in place or effective it could lead to identity theft, fraud and other cybercrimes, otherwise known as online crimes.
Now, we’ll look at how HOAs can be vulnerable to cyberattacks.
Cybersecurity threats facing HOAs
HOAs are susceptible to cybersecurity threats just like any other organization that collects data. Not only is it a crime, but cyber attacks also cost millions of dollars in victim losses.
In fact, Personal Data Breach was ranked as the fourth most costly victim losses in the US in 2023, behind Investments, Business Email Compromise, and Tech Support.
Chart Source: Statista
Small or large, it makes no difference. HOAs of any size can be vulnerable to cybercrime if any part of the business is done online.
Here are some common cyberthreats faced by HOAs:
Demanding payment/ Ransomeware
Think of a hostage situation. In this case, the cybercriminal encrypts files on your network so you can no longer access them. These files often contain important financial data files, like bank account numbers. Then the criminal demands payment from you to get the files back. You end up paying for a decryption key.
Break ins / Data breaches
When HOA private information is breached, it means there has been unauthorized access, exposure, disclosure or loss of personal information. When that information falls into the hands of those with bad intentions, it can be used for a whole array of crimes, including even being sold to third parties internationally for the purposes of identity theft and other crimes.
Email fraud/Phishing scams
Fraudsters will target people through online communications like email and trick them into giving them sensitive information like their banking details. They use manipulation and threats to convince the recipient to do what they want, which is more often than not, sending money to them.
Senior citizens are especially vulnerable, with over 17 thousand cybercrime complaints reported by victims over 60 in 2022, and many seniors live in HOA communities.
If these cyber scams happen to any of your HOA members as a result of an interaction with your HOA, members will lose trust in your HOAs ability to keep their information safe, and it will reflect poorly on the entire association.
So, what can HOAs do to reduce, if not stop, cyber attacks from happening to the association and their members?
Be proactive!
HOAs must engage in proactive cybersecurity protection
You can’t sit and wait for a cyber attack to happen, instead consider the following proactive measures to put in place today.
Start by having a plan.
Here’s what proactive HOA cybersecurity practices look like.
1. Know where you stand in the online world
Have an audit done of your current online operations to see if what you are using is working and where gaps may be. This may require a professional IT consultant who will perform a risk assessment to pinpoint your vulnerabilities to hackers.
2. Do what you can to help yourself
There are things you can do that don’t require any special assistance. For example, use complex passwords that require uppercase and lower-case characters, along with numbers and special characters. These types of passwords are harder for hackers to crack.
Make sure your HOA WI-Fi is not open but uses strong passwords and encryption which again makes it more difficult from anyone to use your WI-FI and steal data.
3. Invest in built-in property management software protection
When choosing a property management software provider, select one with the best cyber attack protection already included.
Property management software is necessary for HOAs to help effectively manage their communities. Digital software features may include an online:
- File library that holds sensitive documents and records
- Payment feature to make collecting fees easier with credit card payments
- Violation management process with sensitive information
- Communication though email lists and texts
These and other features can contain personally identifiable information. Therefore, the HOA must proactively make sure those details are protected in the online software.
For example, some property management software providers assure that all stored data on their system is secure and include:
- Data encryption
- Firewalls
- Two-factor authentication
Opting for the most comprehensive built-in cybersecurity property management software will give your HOA and members piece of mind.
4. Adopt a cybersecurity framework
If you are not already using a cybersecurity framework, you might want to choose one of the most popular ones used by many organizations. This framework was created by the National Institute of Standards and Technology (NIST) and provides rules, guidelines and standards for organizations and is considered the gold -standard.
Source: Balbix.com
Again, this NIST framework is something a professional IT consultant can help you implement and maintain. Expert assistance is recommended to make sure you cover all the bases.
5. Update guiding documents with a cybersecurity policy
Your HOA policies should be updated to reflect your cybersecurity plan of action and what you’ve implemented. The policy should also identify:
- Personally identifiable information your HOA handles
- Cyber protective software your HOA uses to safeguard information (Firewalls, Monitoring systems, Prevention systems)
- Action plan if a cyber crime or breach takes place.
6. Communicate to staff, the board and members
Making everyone aware of the types of cybercrimes that could take place will reduce the chance of the board, staff and members getting scammed.
Let them know the types of information your HOA asks for and how you ask them to provide it, so that if they receive a communication the looks or sounds different they should be suspicious and bring it to the HOAs attention.
If a cyber scam does take place in your HOA community, don’t be embarrassed and hide it. Instead, expose it and share it with everyone, removing personally identifiable information first, so that everyone will be aware of it and be more careful.
7. Verify identity with two different pieces of information
Multi-factor authentication is one of the simplest ways to prevent fraud. If the board or a member needs to access sensitive information, make sure the HOA access portal requires two pieces of identification to get it.
Beyond a username and password, the person may be required to enter their email address and cellphone number. This additional information makes it harder for a hacker to access information.
8. Software updates
Sometimes the software your HOA is using may send a pop-up message asking you to update your existing software. Don’t ignore it. The updates may include new and better security features. If you are not sure the update request is from your vendor, contact the vendor to confirm.
9. Special access only
The board and project managers may need to get into certain files that contain sensitive information, such as when a member will be away from their home or members who are in arrears. The nature of this information should be limited to only those who need to know.
Another example is when some board members need access to vendor invoices and payments, but not all of them. The best property management software will include access controls so only certain individuals who have been given access by the administrator can access the information.
Limited access to certain information helps to ensure it is kept confidential on a need-to-know basis.
10. Consider additional insurance
Your HOA has insurance that covers a multitude of things, did you know you can also add cyber insurance to your HOA policies. This insurance helps to cover any financial loss that may take place due to a cyber breach or fraud. It can help pay for things like:
- Legal services
- Refunds to members
- Investigations
With the growth of cybercrimes, cyber insurance is a wise investment.
Cybersecurity practices for today’s HOAs
Securing your HOA’s personally identifiable information and data in today’s modern times is a must. Implementing modern and strong cybersecurity practices is part of a board’s fiduciary responsibility because it serves in a position of trust and must act in the best interest of the HOA and its members. This means protecting the corporation and homeowners to the best of its ability in the online world.
The cybersecurity practices noted above provide an excellent overview of what your cybersecurity plan should cover. Of course, your HOA can customize these practices by adding to it and going deeper according to your cybersecurity needs.
Cybersecurity practices safeguard your HOA data assets for a stronger and safer community.
