Protect your HOA from Data Breaches
The threat of cybercrime is real. The risks of a data breach are higher than ever. As an HOA board member, you already have so much to worry about. Accidents, lawsuits, injuries, and neighbor disputes. Nowadays, cybercrime is one more thing to add to your list.
Protect your HOA from Data Breaches
HOAs handle a lot of personal information daily that cyber-criminals are looking for:
- Names and addresses
- Bank account information
- Social security numbers
- Credit card numbers
- Credit histories
Cyber theft continues to become more sophisticated and the risks for a data breach get higher each year. More than half of the HOAs in the country currently have policies and procedures to keep and store homeowner data. Yet, fraud and theft are the top concerns. Ransomware, hacking, and phishing are the most commonly used forms of hacking according to a report by the Foundation of Community Association Research. A new type of data breach known as social engineering is quickly rising to the top of the cybertheft ranks. A cybercriminal sends an email that evokes fear or urgency in a board member, essentially conning him or her into divulging personally identifiable information.
According to reports:
- 71% of all data breaches are financially motivated
- 52% of all breaches occur from unauthorized user access to a network illegally. (both outside the organization and from within)
- 32% of breaches occur due to phishing. (a cybercriminal sends an email that mimics a trusted resource. It is believed to be authentic and a board member provides login credentials giving the thief access to information.
- 58% of small-sized businesses experienced data breaches last year, so it is not all about the big corporations. Smaller companies are less likely to have the resources available to protect their data.
A breach of a small or medium business can bring on average $1.43 million in costs. Costs include compensation to association members, fines for stolen credit card information, and legal defense costs. No matter how well-intentioned board members may be, they are always one email away from a potential data breach. That’s why protecting your association and its board is essential. Thankfully, you can take steps to protect both your personal liability and that of the association in the event of a breach.
Protecting Against a Breach
The first step is to review your association’s insurance coverage. The association’s directors and officers (D&O) policy may not necessarily offer protection. These policies provide liability coverage for claims when board members act wrongfully. Cyber liability needs to be specifically listed for coverage. The association’s crime and fidelity policy are designed to protect the money in the association’s accounts. This may provide some cybercrime coverage depending on the endorsements included in each association’s plan. Make sure that your association’s crime policy includes the following:
- Computer fraud: Covers loss of money, securities, and property as a result of using a computer to fraudulently transfer funds from inside or outside of the association.
- Funds transfer fraud: Covers losses resulting from theft of association funds by means of fraudulent communication (phishing email or scam).
- Fraudulently induced transfers: Covers losses due to any act that influences a person to take actions that may or may not be in their best interest (social engineering scam).
You should also look into cyber liability coverage if it’s not specified on the D&O policy. When looking for this coverage remember that you need coverage for:
- first-party (losses and damages to the association)
- third-party (losses and damage to outside entities)
These will cover many of the expenses that can occur from a data breach, including:
- legal and forensic services
- regulatory expenses
- notification costs
- crisis management
- credit monitoring
Most cyber liability policies will include a retroactive date which is important because 56% of all breaches take several months to discover. Be sure to discuss this with your insurance company. In addition to reviewing the association’s insurance coverage, there are additional steps you can take to improve data security and reduce the risk of a data breach. Make sure all personally identifiable information is encrypted and stored on a secure server.
Use complex passwords with a combination of lowercase letters, uppercase letters, numbers, and special characters. Implement two-factor authentication that requires users to log in twice from two different devices. Give administrative privileges or personally identifiable information access only to board members whose specific roles require it. If possible, resource an outside cybersecurity firm that can monitor association data and alert the board of any concerns. Homeowners trust their HOA board to keep their information safe. You cannot stop a cybercriminal from trying to hack, but you can protect your organization. Take the necessary steps to prevent cyberattacks and protect board members and residents from the dangers and expenses of a data breach.