The world used to be a simpler place, especially when it comes to protecting private information. Did you know that identity theft is the most wide-reaching and damaging crime in the United States today? Most likely you do, considering the frequency of reports of credit cards being stolen and membership data being exposed online by hackers. (Click here to see a current accounting of all data breaches in the country. Warning, this is pretty scary stuff.)
While the CAM industry might not be on the front lines when it comes to data and information breaches, data security is important. Bank account and credit card numbers you collect in processing assessments are particularly vulnerable. Also vulnerable are homeowner addresses and contact information. Identity thieves can use that info to get new credit cards in the affected person’s name.
In one survey, CAM professionals cited data security as one of the more pressing issues facing the CAM management industry today. A single data breach can lead to loss of trust from homeowners, loss of the community as a client, and potential legal troubles for you. It’s your responsibility to manage your own sensitive information and that of your clientele, to keep it out of criminal hands.
You can identify areas where your systems are vulnerable with an internal security audit. Here are a few of the more frequent causes of breaches today, and steps you can take to prevent them:
Nobody likes to think of their friends and neighbors as thieves, but it is a serious issue. The Federal Bureau of Investigation has cited insider threats as the most common risk for data theft. (Click the link to see why people do it, and behavioral indicators of potential thieves.) In a community association, an insider threat could come from an employee, a board member, or even a disgruntled homeowner.
Prevention Measures: Trust, but verify. Make sure that you are vetting your employees and putting controls in place to protect sensitive information. Restrict access to accounting records to only the personnel who should be accessing it. Make sure your accounting software has full user logs, and CHECK THEM regularly.
Most employees don't think about security on a daily basis. They have so much going on, they click OK on popups and open email attachments without thinking of the potential security ramifications. Negligence was the most common cause of data breach. Phishing attacks, viruses and keyloggers tend to capitalize on negligence and a lack of awareness by employees.
Prevention measures: Train your employees and educate yourself in the best practices of safe data management to mitigate this threat. Look into new options for accepting payments, such as a Bank Lockbox or Online Payments via an owner portal to eliminate the problem at the source.
If you are running your own network and you do not have concentrated security in place, this is one that can really catch you off guard. According to USA Today, “The most successful identity thieves have learned that it's more lucrative to hack into businesses, where they can steal card numbers by the thousands or even millions.” Hackers tend to go for the low hanging fruit or, in other words, the least-protected entities. Your unprotected server, lack of a firewall and easy to access wifi connection stand as an open invitation to hackers.
Prevention Measures: Simply having security strategies and solutions in place can help camouflage a company from threats that emerge on the web. The best way to protect yourself is to put your sensitive client data in a secure, offsite location (such as a private cloud) where security measures are more direct and frequent.
If you do choose to maintain the data on your own servers, make sure that you are keeping up with vulnerabilities and regularly updating all systems. That includes updating virus signatures, operating systems, firmware, and software to get the latest security updates.
On a positive note, studies indicate that business leaders are beginning to understand the gravity of the security conversation and are taking more proactive and comprehensive steps to protect their firms.
The time is right to focus on implementing more effective data security controls. Consider adding these prevention measures in your community association management business to keep your data, and that of your clientele, out of the hands of malicious entities.