What do the US Government and the Ashley Madison website have in common? No, not that! The answer we’re looking for here is that they have both been recent victims of massive cyber security breaches. What started as big scandalous security failures at retailers like Target and Home Depot has spread like an infection across the cyber landscape and today the announcement that a large organization has suffered a massive security breach (*cough*T-mobile*cough*) doesn’t even seem like big news.
According to CYREN’s 2015 Cyberthreat Yearbook, successful cyber attacks on businesses of all sizes have increased by 144% over the last four years. And multifamily, a target rich enterprise if there ever was one, is not immune. In the face of a fast-growing problem, is there any hope?
There is, actually. As Matt Sorenson, division president of the Utah State Bar’s Cybersecurity & Data Privacy Section told apartment professionals at the 2015 Entrata Summit last month, these hacks aren’t happening because hackers just too smart and sophisticated for us to defend against. “Nearly every breach is successful because of some failure inside of a company, whether it was poor email training or IT maintenance,” he said.
Many of the most costly data breaches are the direct result of human error; something like an employee clicking on a link in a phishing email or connecting an infected personal device to a company network. That’s why properly training personnel and implementing best practices can go a long way toward keeping your company’s and your residents’ data safe.
So, what are those best practices? One of the first things each property management company must do is make sure that third-party vendors are not creating security gaps. “It’s very important to vet out your vendors,” said Jay Kenney, chief information officer for Lincoln Property Company, noting that the most recent breach against Target occurred through a vendor that had access into the payment systems of the company. “Make sure they pass their audits, their SOX and PCI audit. All good companies encrypt their data. How is the data they store protected? Your data at rest should be encrypted as well.”
Entrata’s own VP of engineering, Ryan Byrd, points out that putting a few additional plays into practice can effectively deter the majority of cyber attacks, including:
- Expect the worst and plan for it, have a Recovery Strategy for your data (keep off-site, disconnected backups) and a Lockout Plan for when you believe you’ve been hacked and an Incident Response Plan you test annually.
- Use multifactor authentication to log into your key systems (pick two: Knowledge, Possession, Inherence, Location, Time).
- Educate your users! People will disappoint you with their poor technology security decisions.
- Scan your systems and patch them regularly.
- Always use HTTPs.
The cyber security landscape will keep changing as will the threats and security challenges that an increasingly connected world creates. By maintaining vigilant awareness, keeping security policies updated, and regularly training users about current threats and vulnerabilities, property managers can effectively keep their own and their residents’ data more secure. Want to learn more? Join us for a free webinar on Tuesday, October 27 at 10:00 a.m. MDT for a detailed discussion of cyber security in the multifamily arena.