By Andrew Vera, American Momentum Bank

Cybersecurity threats and internet fraud are on the rise. While it’s the large-scale cyberattacks that make news headlines, in reality, according to Accenture’s 2023 Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses.

Homeowners’ personal and financial data are especially vulnerable in today’s high-threat cyber environment. Community association management companies and self-managed associations cannot be too careful when protecting themselves and their homeowners from theft and fraud.

Below are a few potential theft and fraud risks associations and management companies should be aware of, as well as tips for mitigating them.

Foreign Outsourcing

Some management companies are outsourcing accounting services to countries outside of the U.S. in an effort to significantly reduce payroll expenses. These overseas companies and individuals have access to associations’ financial information, including homeowners’ personal data and bank accounts.

Association boards should ask whether their management company is outsourcing work to organizations outside of the U.S. and, if so, ask additional questions to help ensure that their association and homeowners are protected from potential security and fraud risks.

Examples of questions to ask community association management companies outsourcing their accounting services overseas include, “What legal protections roll down to homeowners in the event of fraud or identity theft?”, “What protections are in place for associations if funds disappear?” and “What cyber insurance coverages may be applicable in various theft or fraud circumstances?”.

Data Breaches 

Any organization that collects Personally Identifiable Information (PII)—names, social security numbers, driver’s license numbers, addresses, birthdates, etc.—is at risk of a data breach. That includes associations and CAMs that collect this type of information from homeowners.

The costs of a data breach can be steep. Expenses can include, and are not limited to, hiring attorneys, computer security experts and PCI forensic investigators; providing credit monitoring to victims; and fines and penalties issued by regulatory agencies. 

Community association management companies and self-managed associations can protect homeowners from a data breach by having a layered cybersecurity program in place that includes monitoring, detecting and preventing data breaches.

Spear-phishing

When criminals send someone a fraudulent email that appears to be from a trusted sender to induce them to reveal confidential information or perform an action that seems legitimate, this is considered spear-phishing.

For example, a CAM employee or association board member receives an email that appears to be from a colleague. The email asks the recipient for a list of homeowners’ personal information, such as names, account numbers and access codes. Thinking this is a valid request, the recipient sends the requested information, which then results in fraud or theft for the homeowners.

Training CAM employees and association board members on detecting fraudulent emails is critical to protecting homeowners’ PII. Various organizations offer cybersecurity awareness training to help people identify fraudulent emails, prevent potential cybersecurity attacks and protect sensitive information.

Malware/Spyware

Malware is malicious software designed to infiltrate, damage or disrupt computer systems. It can pose a significant threat to associations and homeowners by stealing sensitive data, compromising operations and causing financial losses. 

One type of malware is spyware, which is unwanted software that infiltrates a computer and allows the criminal to secretly monitor and collect user data. CAMs and associations are at risk of cybercriminals using spyware to collect information that will allow them to access PII and bank accounts.

Again, training employees and association board members on how to detect fraudulent emails and potentially malicious files can offer stronger protection against cyberattacks. Remember, spyware and spear-phishing attempts are only successful if an unsuspecting employee or board member follows through on the cybercriminal’s request.

In addition, it is vital to have a solid IT security infrastructure and processes in place – including IT detection software, content filtering and web blocking – to help block fraudulent emails and malicious files or sites.

Additional Ways to Protect Against Cybercriminals

CAMs and self-managed associations can also help protect themselves and their homeowners against cybersecurity risks by:

• Working with their bank to implement a system of checks and balances to protect against fraudulent activity. For example, before completing large transactions, perhaps the bank requires call-backs or codes for approval. 

• Investing in cyber insurance, which is protection from financial losses caused by cyberattacks, data breaches and other cyber-related incidents. Cyber insurance helps organizations mitigate their exposure to risks by transferring financial liability related to cybersecurity and privacy events.