An article titled “Real Threats” in the July/August Community Manager Magazine [Best Practices for Community Association Managers] highlighted the 2018 Survey of Cyber-security in Community Associations by the Foundation for Community Association Research.
To help your board we’ve summarized the main points from the 7 page report and the article in the following recommendations to prevent cyber theft at your community:
The Foundation for Community Association Research Surveyed more than 60 community association managers, board members and professionals who support associations to identify the risks and liabilities associated with using technology to conduct association business.
Wikipedia defines Cybersecurity as the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from the disruption or misdirection of the services they provide.
The Top 3 Cybersecurity Concerns from the Survey:
52% Fraud, theft (the primary concern cited overall)
51% Storing and destroying records properly
– Also communicating or posting residents’ personal information
50% Theft or misappropriation of association financial records
How Can We Protect Associations?
The Real Threats article quotes presenters of an educational session titled: “Techno-Dilemmas: How Community Associations Can Manage Risks Associated with Technology Use and Abuse” at CAI’s 2018 Annual Conference and Expo in Washington, D.C. “All three presenters urge associations to get some type of insurance coverage to protect the association and its board against all varieties of cyber-attack, making sure both data and funds are protected… In many states, any type of wire fraud, data breach, or other form of cyberattack requires an association board to notify all members…. If you don’t contact people, you can be sued, or fines and penalties may be levied. And directors can be sued under their directors and officers (D&O) policy because the failed to properly supervise the information.”
Keys to Minimize Cyber Threats to Associations
- Education, training and seminars for community association officers and managers
- Password-protected community website, documents and emails
- Appropriate insurance coverage and consultations with insurance agents
- Restricted access to association records and data
The Following are Recommended Procedures to Safeguard Against Unauthorized Electronic Bank Transactions:
Require to people to authorize transactions over a certain amount.
Maintain phone numbers and email addresses for authorized requestors.
Refuse request from anyone other than authorized sources.
Require the bank to get verbal authorization, including the amount and purpose, to release funds.
Limit the amount of a single transaction or the aggregate of multiple transactions within a short time.
Allow wire transfers only to established and reliable association vendors or payees.
Other Recommendations to Safeguard Against Electronic Bank Transactions:
Reconcile financial records daily or weekly to guard against unauthorized transactions. Most accounting software can be programmed to do this automatically and flag unusual transactions.
Review and update association policies and procedures for authorizing electronic financial transactions. For example, policies should require authorization from two people for large transactions and prohibit wire transfers except in emergency situations.
Require additional authorization to issue electronic payment to a new payee.
Provide formal security training and written guidelines for those who handle financial information and transactions.
Establish association-specific email accounts for board members and key volunteers to use for association communication.
Use strong and effective software protection and competent IT support.
What will you do to prevent cyber theft at your community? If you are interested to learn more you can read the full report.
Use Services that Protect You
When looking at management companies or financial management services to help your community find out about how their systems will help protect your association. For example our company Community Financials has procedures in place to follow many of the outlined recommendations. Our management accounting software, online bill approval system, web portal /payment portal and banking partner integrate many of the recommendations. By combining these industry leading systems we provide greater protection to our clients. Start asking good questions and find out if you are protected?