Preventing Community Association Cybercrime
Distinguished Programs recently passed along another piece on Cyber Security with respect to Community Associations. This is a very important piece of the risk management portfolio and should not be overlooked. Here is what they had to say:
Recent data from Verizon indicates that Small and Midsize Businesses (SMBs) suffer the lion’s share (58%) of malware infections. In fact, the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report states that the percentage of small businesses that experienced a cyber attack rose from 55% in 2016 to 61% in 2017.
Why the spike in targeting small businesses? Simply put, SMBs, including community associations, present more vulnerabilities, with less sophisticated cyber defenses in place, making it easier for cyber-criminals to infiltrate. Association funds/accounts can be targets of cyber or computer-related fraud if proper safeguarding procedures are not in place and in forced. It’s also important to be aware that associations store valuable data on their computer systems, for example, their owners’ bank account and routing numbers, credit card numbers, social security numbers, and email addresses. Thieves can use this private info to steal identities and drain bank accounts, which is an exposure that should be considered with Cyber Liability coverage.
PROTECT YOUR INFORMATION FROM CYBER THIEVES
Implementing common-sense cybersecurity measures is critical, therefore, in helping to prevent cyber losses. Here are several tips your association can adopt to curb cybercrimes:
• Establish a cybersecurity policy. If you already have one in place, be sure to review your security measures periodically.
• Change passcodes and update computer virus protection software regularly.
• Follow statutory requirements for collecting, storing, and destroying personal information. Have the board approve a formal, written retention-and-disposal policy, specifying how long information will be held and how it will be destroyed. Have an attorney review this.
• Collect only the data you need and store it only for as long as necessary.
• Limit access to personal information to board members, association representatives, and employees who have a business-related “need to know.”
• Ensure that all individuals with access to the information understand the privacy regulations and the importance of complying with them.
• Encrypt email communications containing confidential or personal information.
• If your association processes owners’ payments online, do so via a separate computer that isn’t linked to your central server.
• Establish protocols to protect laptops, cell phones, and other mobile devices used by board members or others with access to confidential information.
• Train employees and board members on how to recognize phishing scams and other cyber threats.
• Take security risks seriously—don’t underestimate the threats and don’t assume your community is immune from them.
• Purchase Association Cyber Liability insurance and Association Crime/Fidelity coverage enhancements to help offset the costs involved in a loss.
• Cyber Liability coverage can include forensics to determine how a breach occurred, notification expenses, penalties, crisis management, third-party liability, and more.
• Crime and Fidelity coverage can help indemnify theft or fraud of association accounts with the proper coverage enhancements.
The strongest weapon against cyber-crime is knowing the type of threats that exist and taking preventative steps to avoid them. Your community’s members, and their wallets, will thank you.
Thanks for reading!