In a technologically-driven world, cyber criminals have no shortage of potential targets to keep busy. With growing awareness and increasingly effective protections within large corporations, these criminals are zeroing in on handpicked targets, stealing larger sums of money and personal data from small businesses and unsuspecting individuals.
Because they store valuable Personally Identifiable Information (PII) such as names, addresses, email addresses, and phone numbers of association members, HOAs are a prime target for cybercrime. Also, they are largely run by volunteers or very small management companies who may underestimate the risks, and who have limited security expertise and financial resources to combat skilled cyber crooks.
Data and Money Theft
HOAs that house electronic data and conduct transactions online are inevitably susceptible to a data breach. Every day, cyber criminals hack into unprotected (and even protected) systems to steal personal identification, health information, and intellectual property. With so many third-party vendors involved in the management of an association, financial fraud is a constant threat.
An estimated 75 percent of all organizations experience data-related violations each year. These thefts are debilitating to any business and cost organizations billions of dollars every year in investigative and legal fees, not to mention their good reputations!
What Can my Association do to be Protected?
First, it is best to understand what criminals are looking for, then map out where such data is actually located. When targeting an HOA, criminals are looking for general PII they can use for identity theft, payment information such as credit card or checking account numbers, or company financial information, like association bank accounts.
They may even target the association’s vendor by way of the HOA’s identity. It is best to understand where this data the criminals use is actually housed. If data is stored on computers or local servers, they are at the highest risk, even with firewalls and anti-virus systems. If your association is managed by a management company, thoroughly investigate their systems and where they store this type of information.
Whether professionally managed or self-managed, take these measures (among many others) to protect yourself and your data:
- Use cloud-hosted HOA management software.
- Use a third-party payment processing service or software.
- Use a software system to delivery mass communication to your community by email or text.
- Protect your software systems with Single Sign-On (SSO) and/or Multi-Factor Authentication (MFA).
- Never store homeowner payment information on your computers, server, or unencrypted in your HOA management software.
- Use a cloud file storage solution, such as SharePoint.
Do I Need Cyber Crime Coverage?
This type of insurance is becoming increasingly popular, but it is one of the more misunderstood types of insurance coverages. With cybercrime dominating today’s headlines, insurance carriers are creating coverage to protect businesses from the residual effects of a cyber attack. However, most insurance agents are unclear on how cybercrime insurance applies to an HOA. As we have discussed, where data is stored is the determining factor here. If your homeowner, vendor, and payment data is managed by a professional management company and/or stored in a third-party cloud software, then cybercrime coverage may not benefit your HOA. However, if the HOA itself owns computers or servers and stores any of this information locally on those devices, cybercrime coverage is necessary to protect your community.
Cybercrime coverage may also protect your HOA’s failure to administer a required identity theft prevention program or comply with privacy policies and state breach-notice laws.
Understandably, this can get confusing! Working with an HOA specialty insurance agent can help clear this up. Your account manager with Blue Lime Insurance Group has been trained on how all types of coverages specifically apply to HOAs. With 5 million cyber attacks occurring daily, this is an important topic! Knowing whether your association needs this coverage could either protect your community or save your community from paying for a coverage you don’t need.