Cyber Criminals Could Come for Your Community Association — and You!
A recent survey conducted by the Foundation for Community Association Research found almost half of the community association respondents didn’t have policies and procedures in place to safely collect and store homeowners’ personal data. This week, we’ll explore why that’s a problem.
It’s true that associations often operate on the more low-tech side of things, but that doesn’t mean they’re not vulnerable to cyber crime. In fact, community associations may be even more vulnerable than the large retailers, financial behemoths, and other organizations that make the headlines when victimized.
Perhaps the primary reason associations are vulnerable is their mistaken belief that cyber criminals view them small potatoes not worth the effort. “They don’t consider themselves a target because they don’t think they have important information, but they do have sensitive information,” says Jonathan Gallo, of counsel with Vandeventer Black in Norfolk, Va.
Stephen Marcus, founding partner of Marcus Errico Emmer & Brooks, P.C., which represents 4,000 community associations in Massachusetts, New Hampshire, and Rhode Island, agrees: “Whether it’s banking or credit card information from owners or other information on owners like email addresses or Social Security numbers, associations have access to a lot of information that should be secured.”
Moreover, most associations aren’t particularly IT savvy and lack the defensive resources of a larger organization. That makes them “low-hanging fruit” for cyber criminals, Marcus says. “They’re easier to break into, and they don’t have employees with the necessary experience.”
And, compounding the potential damage, community associations usually don’t understand how little protection they have. The losses caused by a cyber crime generally aren’t covered by fidelity, directors’ and officers’, and other types of insurance. These policies typically have exclusions for cyber incidents or provide very limited coverage.
To learn about some of the most significant cybersecurity risks confronting associations and community managers — and how they can reduce such risks — take a look at our new article: