Legal

Cybersecurity is Not Just an Issues for Big Corporations

Data breaches and cyber attacks are routinely in the news and most of us understand that they pose a per­sistent threat. As is often the case with bad incidents, however, people tend to think that it will not happen to them. As a result, they may not take sufficient steps to protect themselves. That is a dangerous approach, and community associations need to recog­nize that they could be easy targets for cyber criminals and are also subject to unin­tentional breaches.

Cyber crime is one of the fastest growing areas of economic crime, and there is no reason to believe that it will slow anytime soon. Community associations and management companies are logical targets in that they maintain sizeable bank accounts (funded by member assessments!) as well as data­bases containing detailed information on their members, which often includes bank­ing, credit card, or other financial informa­tion that is attractive to crooks. In addition, many people have access to the association’s sensitive information, including a rotating roster of volunteer homeowners who serve on the board of directors. It is easy to imag­ine a scenario in which a board member’s or manager’s laptop or portable device contain­ing the association’s financial information as well as member information gets lost or stolen, resulting in the emptying of the as­sociation’s accounts and/or efforts by bad actors to compromise association members’ identities. Equally plausible is a hack into the association’s (probably not well-secured) systems, providing the hacker with all the information he needs to inflict significant harm on the association and its members. It is imperative for association leaders and the professionals who provide guidance and support to associations to recognize the po­tential for data breaches and cyber attacks, take steps to minimize the likelihood of such breaches and attacks being successful, and be able to swiftly and adequately respond if a breach or attack occurs.

Financial gain is the biggest driver behind cyber attacks. It is important to keep in mind that even if the association does not possess direct financial information re­garding its members, that does not reduce an association’s attractiveness as a target. Cyber criminals do not just mine for data that is directly linked to financial access; they also mine for gateway data that can be helpful in their efforts to ultimately gain such access. People often use the same or similar passwords to access a variety of their accounts, such as social media, email ac­counts, and even access to the association’s website. If a cyber criminal gains access to the association’s member database, that can provide the criminal with names, email ad­dresses, birthdays, phone numbers, associ­ation passwords, and other information that the criminal can then use in his efforts to ultimately achieve a financial gain. Accord­ingly, even non-financial data must be pro­tected.

Association leaders should evaluate their digital infrastructure in much the same way that they evaluate the physical facili­ties for which the association is responsi­ble. The manner in which sensitive data is stored and shared should be reviewed, and short-term and long-term planning should take place to ensure that cybersecurity be­comes a regular part of the association’s operational considerations. The associa­tion should evaluate the desirability of ob­taining cybersecurity insurance and should consult with its vendors to ensure that any such vendors who have access to or control of any of the association’s sensi­tive data have taken reasonable steps to protect that data. Most important, associa­tions should be aware that cyber attacks and data breaches are not just things that happen to big corporations, they can and do happen in our industry as well.

 

By Michael C. Gartner, ESQ.
Michael is a partner with Whiteford, Taylor and Preston, LLP, and represents common-interest communities in general business affairs and litigation. He previously served on the Quorum Editorial Committee, including as the com­mittee’s Co-chairman and Communications Council Chair. He currently serves on the WMCCAI’s Board of Directors.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *