Homeowners’ associations are an ideal target for cyber-attacks. Why? HOAs have the vulnerability factors criminals look for: they have databases full of valuable information, including homeowners names, addresses, social security numbers, credit histories, credit card numbers, and dates of birth. This is all the data hackers would need to steal homeowners’ identities and commit a variety of fraud-related crimes.

For every data breach your HOA suffers, there is a market of criminals willing to buy this valuable information. To avoid this scenario, you need to ensure your management company has the resources to protect you.

How to Protect Your Data

As an HOA board member, you consider a number of factors when it comes to choosing a management company. One of the most important, but often overlooked is data security. Your management company will likely keep a detailed record on every homeowner in your community. So it’s your responsibility to select a company that will keep that data safe and secure. Here are some important questions to ask:

How are the systems hosted? Is the management company hosting them on-premises, in a datacenter, or are they hosted in a cloud-based service? Cloud computing is a great way for businesses to streamline their IT infrastructure, but online web services are still prone to system outages and security breaches. What is their investment in cybersecurity software, and what is the level of physical protection against break-ins and fires?

How often is data backed up and what is the management company’s disaster recovery plan? The SSAE 16, SOC 2 and SOC 3 auditing standards provide a list of stringent controls for auditing datacenters. Two of the most important criteria are security and availability. If the system goes down, your HOA is at high risk of data loss. Before you sign on with a management company, find out how quickly your data would be accessible again in this scenario.

Does the management company accept credit card payments online? Who is the payment processor? If the system allows for the storage of credit card information for recurring payments, does it meet PCI encryption standards? Credit card fraud is one of the biggest issues in cybersecurity. Your homeowners want the convenience of being able to pay their assessments online, and they want the peace of mind that they’re making a secure transaction, protected against thieves. Ask your management company about their vendors.

Keeping sensitive data out of the hands of cyber criminals is one of the most important considerations in running an HOA and in choosing an HOA management company. Call CMA to learn more about the extraordinary measures we take to protect our clients.

Ray Caprio

CMA Information Systems Supervisor