Is your Data Secure?
Did you ever stop to consider the amount of sensitive personal information that comes through your leasing office on a regular basis? Rental applications, leases, rent payments, and other documents are often chock-full of the kind of information that identity thieves and hackers find most appealing. Data is in demand, and a simple filing cabinet with lock and key are no longer adequate forms of data storage and security. These are the days of ubiquitous spy technology. Every person who steps into your leasing office is likely carrying a powerful, unobtrusive camera. An act as simple as leaving a completed application on a desk in a busy office could mean exposing the customer’s sensitive personal data.
We’ve worked with our IT experts to help identify the threats to data security that pose the highest risk in the leasing office, as well as some common-sense tips for dealing with those risks:
Passwords. Weak passwords, shared passwords, passwords written on post-it notes, all of these problems are so common as to be nearly universal, making this one of the greatest risks to data security. Passwords are designed to protect what the IT world refers to as “endpoints”, the devices like computers, laptops, tablets, and smartphones that we use to access the systems and data that we need to do our jobs. And a single unsecured endpoint can put an entire system at risk.
The solution is fairly straightforward. Use long, complex passwords and change them regularly. Never write them down or share them. Ever. For any reason. If you use software that allows you to access all of your tools from a single interface that’s even better: fewer passwords to keep track of. But if your collection of passwords is just too much to memorize, use a password management system to store them all securely.
Software and Applications. Hackers are always searching for new weaknesses in existing systems that they can exploit to get your data. Software providers and operating systems are regularly issuing updates and patches to protect you. However, your endpoints can become vulnerable if your software isn’t kept up-to-date or if you allow your users to install applications that aren’t properly vetted.
To protect yourself, put policies in place to deter users from downloading applications that may introduce vulnerabilities to your system and make sure to update your software to the latest version: including browsers, flash, pdf readers, and of course, good anti-virus and malware protection software. You’re also safer with SaaS systems (Software as a Service) that provide a separation of service by interacting with your data through a browser, protecting you from insecurities at individual endpoints.
Mobile Devices. Is your phone secure? Do you use a pin, password, or biometric key (like a fingerprint) to protect it? If not, stop what you’re doing and set up that password right now. Same goes for your tablets. We use our mobile devices for countless transactions, including online purchasing, bill payments, point-of-sale payments, and with apps like SiteTablet, you could conceivably do the bulk of your property management tasks on a tablet. The bad guys know precisely how powerful these portable tools are, and so they target them. If not by stealing them outright, they can easily load skimming technologies to your mobile devices that puts virtually all of your data at risk. Trust us, when it comes to your mobile devices, that password, PIN, or biometric key is your best friend.
Email. Security systems and firewalls are very effective, and make it hard for any outsider to get at your sensitive data. Unless you give them permission, that is. Which is precisely why so many hackers use a simple email as a delivery system. They count on your trust and curiosity to click a link or open an attachment that gives them a free pass to your entire system. If there’s ever a good time to be paranoid, it’s when you’re opening your email.
Train employees in safe email practices. Never open attachments or click on links from suspicious emails, and if a message seems fishy, delete it without opening.
Paper. Just because your pen and pad aren’t connected to the world-wide web, that doesn’t mean they’re safe. Paper just isn’t very secure. In fact, identity theft happens largely through misplaced paperwork. Picture all of the forms, post-its, and photocopies of social security cards or drivers licenses that are lying on desks or stacked on filing cabinets in your office right now. Now, imagine that the resident talking on his phone, or the prospective renter who’s texting her boyfriend, or even the teenager who comes in to water the plants and is always checking out Facebook, is actually a nefarious hacker. It’s ridiculously easy for any one of them to surreptitiously snap photos of highly sensitive information.
The best solution, of course, is not to write that kind of information down in the first place. Enter or scan sensitive data directly into your digitized system, not onto paper. Make sure your software offers immediate encryption so that the protection begins as soon as the entry is made, rather than after it has been transferred to your database. And institute a clean-desk policy. If something absolutely must be committed to paper, make sure it’s securely filed immediately and never left unattended or unsecured.
Property Management Systems. We’ve already talked about the importance of using a SaaS system and immediate encryption to protect sensitive resident and prospect data. Your technology providers play a huge role in maintaining the security of your data. Those huge breaches at Target Home Depot resulted from a weakness in a vendor’s system that hackers were able to exploit. System security is just as important as endpoint security.
Make sure your providers provide adequate security controls around your data, including role-based permissions ensuring that only the proper people have access to those databases. Ask about their SOC1 and/or SOC2 audits, and if they’re handling payments make sure they can provide a current PCI audit. Your vendors should be able to demonstrate that they’re following best practice industry security standards at any time.
Training. If there’s one thing that’s certain about technology today, it’s that tomorrow something will be different. Providing regular, on-going security training to your teams can help you keep up with an ever-changing world of risks, threats, and capabilities. Services like the SANS Institute can provide affordable, basic security training for your entire company based on current threats. That awareness, combined with mindful policies and strong systems, can go a long way toward thwarting an attack on your data.