An article titled “Real Threats” in the July/August Community Manager Magazine [Best Practices for Community Association Managers] highlighted the2018 Survey of Cyber-security in Community Asso ciations
by the Foundation for Community Association Research.
To help your board we’ve summarized the main points from the 7 page report and the article in the following recommendations to prevent cyber theft at your community:
The Foundation for Community Association Research Surveyed more than 60 community association managers, board members and professionals who support associations to identify the risks and liabilities associated with using technology to conduct association business.
Wikipedia defines Cybersecurity as the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from the disruption or misdirection of the services they provide. Businesses can utilize network threat detection software to sweep their networks for potential threats.
The Top 3 Cyber security Concerns from the Survey:
52% Fraud, theft (the primary concern cited overall)
51% Storing and destroying records properly
– Also communicating or posting residents’ personal information
50% Theft or misappropriation of association financial records
How Can We Protect Associations?
The Real Threats article quotes presenters of an educational session titled: “Techno-Dilemmas: How Community Associations Can Manage Risks Associated with Technology Use and Abuse” at CAI’s 2018 Annual Conference and Expo in Washington, D.C. “All three presenters urge associations to get some type of insurance coverage to protect the association and its board against all varieties of cyber-attack, making sure both data and funds are protected… In many states, any type of wire fraud, data breach, or other form of cyberattack requires an association board to notify all members…. If you don’t contact people, you can be sued, or fines and penalties may be levied. And directors can be sued under their directors and officers (D&O) policy because the failed to properly supervise the information.”
Keys to Minimize Cyber Threats to Associations
- Education, training and seminars for community association officers and managers
- Password-protected community website, documents and emails
- Appropriate insurance coverage and consultations with insurance agents
- Restricted access to association records and data
The Following are Recommended Procedures to Safeguard Against Unauthorized Electronic Bank Transactions:
Require to people to authorize transactions over a certain amount.
Maintain phone numbers and email addresses for authorized requestors. As this blog post from 8bit sumo details, your phone is particularly vulnerable to cyber threats therefore it is crucial that you take measures to keep any information retained on mobile devices secure.
Refuse request from anyone other than authorized sources.
Require the bank to get verbal authorization, including the amount and purpose, to release funds.
Limit the amount of a single transaction or the aggregate of multiple transactions within a short time.
Allow wire transfers only to established and reliable association vendors or payees.
Other Recommendations to Safeguard Against Electronic Bank Transactions:
Reconcile financial records daily or weekly to guard against unauthorized transactions. Most accounting software can be programmed to do this automatically and flag unusual transactions.
Review and update association policies and procedures for authorizing electronic financial transactions. For example, policies should require authorization from two people for large transactions and prohibit wire transfers except in emergency situations.
Require additional authorization to issue electronic payment to a new payee.
Provide formal security training and written guidelines for those who handle financial information and transactions.
Establish association-specific email accounts for board members and key volunteers to use for association communication.
Use strong and effective software protection and competent IT support. For example, Longhurst Consulting offer an alternative to break fix support which might be appealing to those looking for IT support.
You might also want to consider doing some research into how hosting solutions such as upgrading your server can protect your business by providing a stronger level of security while at the same time optimizing your website to cope with demand. For more information, head to https://www.hostiserver.com/.
What will you do to prevent cyber theft at your community? If you are interested to learn more you can read the full report.
Use Services that Protect You
When looking at management companies or financial management services to help your community find out about how their systems will help protect your association. For example our company Community Financials has procedures in place to follow many of the outlined recommendations. Our management accounting software, online bill approval system, web portal /payment portal and banking partner integrate many of the recommendations. By combining these industry leading systems we provide greater protection to our clients. Start asking good questions and find out if you are protected?
Having grown a property management business over 16 years I met over 1,000 condo & homeowner association board members and helped 100’s of communities. Many wanted a cheaper alternative to “full management” while making the board’s role doable. Growing a nationwide business that specializes in providing timely, accurate and transparent financial management for communities in order to make it easy and protect their money. Additionally, I’m using my understanding of leading industry systems to also serve community association managers and developers.