5 Key Questions HOAs and Community Associations Can Ask to Avoid Hacking and Cyberfraud
March 14, 2022
Homeowner associations and community management companies may not be the most obvious targets of cybercriminals. But as cyberattacks become more and more common, your association could land in the crosshairs.
According to the Identity Theft Resource Center (ITRC), data breaches increased in 2021 by more than 68% compared to the previous year. Cyberattacks — the leading cause of data exposure or loss — increased significantly, and new types of hacker attacks were gaining ground. For 2022, ITRC predicted that ransomware attacks would be the #1 cause of data security compromises, with phishing coming in #2.
The U.S. Small Business Administration notes that 88% of small business owners worry that their business is vulnerable to an attack, and a recent study found that 1 in 3 U.S. small businesses do have weak points in their systems. That means that community management companies, many of which fall into the small and medium-sized business category, are at risk for cyberattacks.
Protect your association and members with a cybersecurity plan
Today, cybercriminals continue to adapt their methods and look for new ways to access sensitive data. So, what can you do to protect your organization from cyberfraud? For starters, community management companies would be wise to consider these questions:
Does our data security program apply industry standards and best practices? Do we test for vulnerabilities? How do we stay up to date?
Do we have a comprehensive cyber incident response plan? How often is it tested? Are association staff and board members trained and informed about how to respond?
What are the current level and potential impact of cyber risks on the associations we manage?
How many and what types of cyber incidents do we detect in an average week? What is the threshold for notifying our executive leadership?
What is our plan to address identified risks? How is our executive leadership informed about potential and identified cyberfraud?