It might be hard to imagine your condo corporation being targeted for cyberattacks. However, your board stores valuable resident, personal and financial information that’s hard to resist for hackers. Here we look at common condo corporation vulnerabilities and cyber security solutions to help ensure your condo board actually is safe against cyberattacks.

Phishing/Fraudulent Links

Phishing and other fraudulent acts focus on human vulnerabilities using deception and emotional manipulation to encourage staff and residents to compromise security. This might include Social Engineering Attacks (SEA) using emotional persuasion. For example, creating a sense of urgency for a non-existent emergency to pressure recipients to click malicious links/files

Solution: Sharing security tips in resident communication, and thorough training of staff and board members is your best defense against this threat. Helping team members recognize fraudulent emails will reduce the risk of people clicking dangerous links.

Insider Threats

Bad actors can take advantage of their positions with access to things such as passwords, online banking, and personal information. Because the individuals involved already have access, they can be particularly threatening and cause significant damage. Both intentional acts and negligence present insider threats.

Solution: Increase restrictions on access controls to limit who has access to sensitive information. Make it clear to new hires and board members you have security measures in place such as monitoring to prevent internal fraudulent activity with a zero-tolerance policy. Again, training measures are key, stressing the importance of staff and board members’ roles in protecting sensitive information.

Outdated Software

Software updates identify security weaknesses in the current version and improve protection against cyberattacks. However, it also takes improving criminal methods into consideration to help outsmart cyber criminals.

Falling behind on software updates opens an avenue for hackers who understand known vulnerabilities and use them to access your network. Outdated software also increases the risk of ransomware, making it easier to compromise your network.

Solution: Ensuring you have protocols in place that address operating system and application updates provides a “patch” for known vulnerabilities.

Firewall Misconfiguration

Firewalls are your first line of defense against unauthorized network access. The following issues are common contributors to firewall misconfiguration:

• Lack of updates that reduce features that protect against new threats
• Lack of understanding of revised security best practices designed to protect against new threats
• Poor security policies due to a lack of understanding of the applications that run in the network
• Too many applications or SaaS (software as a service) often forgotten due to board member churn

Solution: Use a property management company to conduct an audit to identify vulnerabilities, including unpatched software and misconfigured hardware. They can also oversee your firewall configurations, tailor them to your network’s needs and update security rules and policies to improve their relevance. You can also introduce board member succession planning to ensure critical applications and SaaS information is passed on from director to director.

Poor Protocols

Issues such as weak passwords and authentication protocols make it easier for hackers and internal fraudulent activity to infiltrate the network. In hand with older systems and software that lack advanced security features, it becomes easy to access information.

Solution: Have a strong password requirement with regular password update prompts. Use multi-factor authentication with levels of role-based access. Introduce protocol training to reduce risks of poor password management.

Network Access Points

Issues such as open Wi-Fi networks for guests and the Internet of Things (IoT), such as smart technology, create entry points for unauthorized access and malware.

Solution: Introduce strict access controls and assess wireless networks to ensure proper encryption is protecting the network. Monitoring is also critical to spot suspicious behaviour and react quickly. Also, always change default passwords on all IoT devices in the community, using a separate network for these devices if possible.

Ransomware

Ransomware uses malware to encrypt files to make them unusable until a “ransom” is paid to release them. With the personal information stored by condo corporations, this is particularly dangerous to all tenants and owners in the community.

Common approaches include:

• Email phishing using malicious links and files
• Remote desktop protocol (RDP) attacks accessing files when board members are working remotely
• Taking advantage of security weaknesses

Solution: Training in hand with the improved security protocols will reduce the risk of ransomware breaches.

Your Condo Board’s Role in Cyber Security

Condo boards can take the following steps to protect your condo corporation’s sensitive data:

• Develop a cyber security policy for your condo
• Provide security training for all board members
• Verify the security of your property management software
• Hire a condo property management team to assess security measures, introduce new protocols based on your IT requirements and respond quickly to IT issues

Cyber criminals continue to pivot in response to improved cyber security measures and technology. As a result, working with a property management company to introduce security measures and protocols will allow you to stay one step ahead of new threats to mitigate risks for cyberattacks.

The condo experts at CPO Management Inc, a full-service property management company in Toronto and the GTA, can introduce effective cyber security protocols and strategies including regular audits and updates that improve resilience. Reach out to us today to learn more about our condo services.