When most people think of cyber crime, they think of the large-scale breaches that have made headlines for targeting major corporations. However, for every Equifax, Target, Yahoo, or Wells Fargo mega-breach, there are countless small businesses and associations falling victim to cyber attacks every day. In fact, an estimated 43 percent of cyber attacks target small businesses.
You might not expect homeowners’ associations to even fall on a cyber attacker’s radar, but unfortunately this is not the case. In addition to being smaller entities that may not have the manpower, abilities, or funding to establish thorough, up-to-date cyber security measures, HOAs and other community associations store a wealth of sensitive data in their databases. Depending on how many residents are in the association, an attacker could access a virtual goldmine of sensitive information such as Social Security numbers, credit card numbers, bank account details, tax information, past and present addresses, and other personal details. In order to protect residents and reduce the risk of claims, every association should have a robust cyber security plan in place.
Recognizing the Most Common Attacks
In 2018, the number of methods for breaching a network has reached a record high. Trying to be equally prepared for all of these types of attacks can be a daunting task, especially for a smaller association. You can begin by narrowing your plans down to these most common cyber attacks against associations:
- Scam emails
- Trojan horses
Preparing for an Attack
The first step is familiarizing all association members of the above techniques. Not all cyber attacks rely on exploiting software insecurities; a great deal of breaches are the result of an unwitting employee giving information or access to who they presume is a legitimate vendor, customer, or employee. Associations should have regular cyber security training sessions to help their members detect a breach. In addition, software should be regularly updated and assessed for potential weak spots.
Recovering from an Attack
There are three main steps to recovering from a breach: identifying and assessing the issue, shutting down the attack, and moving forward. Once a breach has been detected, an association should have a protocol in place to shut it down, change passwords, and find what caused it to occur in the first place. Once the association is secure, all members should meet to discuss what caused the breach and how to prevent it in the future.
One very important thing for association members to know is notification laws. Forty-eight U.S. states (as well as Guam, the Virgin Islands, Puerto Rico, and the District of Columbia) have enacted legislation requiring organizations to notify individuals who have been affected by a breach of the organization. These laws typically include:
- The definition of a “breach”
- Definitions and examples of “personal information”
- Requirements for notication (such as who must be notified, when they must be notified, and how)
- Who must comply with these laws
- Any exemptions to the above provisions.
Make sure to take a look at the laws for your state so you will be aware in the event of a breach.
About Scott Litman Insurance Agency
At Scott Litman Insurance Agency, we are dedicated to protecting HOA’s like yours. We have a unique understanding of the industry and the common risk exposures that you face in your daily operations. In fact, we find that 90% of the policies we review are missing coverages that violate the Covenants, Conditions and Restrictions (CC&R), exposing the board, HOA and management to lawsuits– which is why our comprehensive policies are tailored to meet your specific needs at competitive prices. For more information about our products, contact our experts today at (818) 879-5980 ext. 201, or fill out our online form.