Understanding cyber liability and the risks to your HOA or property management company.
You’ve undoubtedly read about the high-profile hacks and data breaches that have occurred over the past few years – millions of accounts compromised and credit card numbers stolen from Target, Home Depot, TJX, Yahoo, and other large companies. While big companies make big headlines, no business or organization is too small to be hacked – and hackers often find smaller businesses to be easier prey. That means community associations, property management companies, association banks, payment processors, and other community support organizations are all at risk.
What is cyber risk?
Almost any business that utilizes technology faces cyber risk, defined as the risk of financial loss, business interruption, or reputation damage due to technology system failure. The most publicized risks are hacks and other cybercrimes, but systems outages and employee mistakes can also put your community association or property management company at risk. Here are a few examples that may hit closer to home:
- System failure – the server that stores member information crashes without a timely backup process in place.
- Security breach – a board member’s computer is affected with a virus, which then spreads to association members through an email.
- Privacy breach – a property manager’s laptop is stolen, containing access to member data.
It’s not my fault!
What happens if a community’s online payment processing company or management software (CINC, TOPS, etc.) is hacked, causing financial data to be stolen? As a board member or property management company, you’re not responsible for someone else’s problem, right? Surprise! Even though you’re not the keeper of the system, you are still considered the keeper of the data.
When a breach or other issue occurs, investigators (and lawyers) will “follow the liability trail” and look at all parties involved. In this example, that may include the property management company that contracted with the provider as well as the community association (and board) that contracted with the property management company.
If your association or company is even held to be partially liable, the costs of a data breach or loss can be staggering:
- Direct expenses – stopping the breach, repairing or replacing systems, communicating with clients, credit monitoring, etc.
- Indirect expenses – fines, damages, and defense costs associated with your (direct or indirect) failure to secure data.
Minimizing cyber risk in your community association or property management company
The responsibility starts with you – board members, property managers, and property management company executives. While IT security is important, look beyond that to assess other potential risks in your association or company. Here are a few ideas for minimizing the chances of a data breach or loss, and minimizing the financial impact if an event does occur.
- Document your risk management strategy – requirements for storing and using homeowner personal and financial data.
- Protect devices and data with the latest versions of security software and appropriate monitoring services.
- Maintain secure backups of files and critical hardware, such as servers.
- Train your team – employees and board members are often the weakest link.
- Insure against cyber loss. The majority of general liability policies exclude this coverage. Consider adding inexpensive cyber liability coverage for as low as $50.
- Ensure that vendors have similar documented security protocols and cyber coverage
Need help? Contact the experts
The exposure and expense associated with a data breach or loss can be substantial. If you have security or liability-related questions about your association, property management company, or affiliated vendors, help is available. There are a number of local IT services companies that can assess system security. Your attorney may be able to answer questions about potential liability. Ask your insurance agent if you have the right type and amount of cyber liability coverage. Please don’t wait!