Get 1 year of free community web site hosting from Community123.com!
Friday, December 03, 2021











HOATalk is a free service of Community123.com:

Easy to use website tools to help your board
Only members have access to all features.
Click here to join HOATalk for Free! Members click here to login and access all features.
Subject: Why HOAs/COAs Need to Take Computer Security Seriously
Prev Next
Please login to post a reply (click Member Login on the menu).
Author Messages
CathyA3
(Ohio)

Posts:2588


12/01/2021 1:31 PM  
It isn't just the obvious targets that get hit:

Ransomware attack exposed personal info of Hancock unit owners


HenryS7
(Arizona)

Posts:73


12/01/2021 1:38 PM  
Posted By CathyA3 on 12/01/2021 1:31 PM
It isn't just the obvious targets that get hit:

Ransomware attack exposed personal info of Hancock unit owners






I don't think most board members store personal information on homeowners on personal computers, if they have a property management company. I know I don't, other than name and address, both which are public information.
SheliaH
(Indiana)

Posts:4284


12/01/2021 1:39 PM  
Thanks for the link. There have been a number of discussions about HOA files and storing them on private drives, the cloud, etc., and while this is very convenient, we sometimes forget there are folks who are VERY GOOD at hacking - if they can get into the Pentagon, why not an HOA property management company? Or a HOA board president might accidentally click on a strange link and presto, you have malware.

This, boys and girls, is why careful thought is vital when considering HOA records (or your own personal records for that matter). It's not just about the "is this legal?" questions.

(Hey, haven't I said this already???)
HenryS7
(Arizona)

Posts:73


12/01/2021 1:44 PM  
This is the type of association records that I have on my computer / cloud drive:

- Maps of community, showing mailbox locations, mulch locations, french drain locations
- Proposals (both unsigned and signed) from vendors for last three years
- PM reports
- Pictures of community
- Meeting minutes, agendas, and powerpoint slides presentations
- Geotechnical reports
- Reserve studies
- Newsletters
- Landscape architecture plans

All are valuable to us, but of little value to others. There is no personally identifiable information other than name and address that would be of value to others.

All of this came to me via e-mail, so if someone hacked into my e-mail they would have all of this plus a lot more.
CathyA3
(Ohio)

Posts:2588


12/01/2021 2:44 PM  
In this case it was the property management company that got hit, not board members' personal computers or cloud accounts. This is why I suggested including security as something we should look at when evaluating a PM.

Usually when companies get hit by ransomware, the big danger is that they lose essential information. It can mean that the info is permanently gone (if they didn't back up their data regularly, for example). Or they can be out of commission while they recover the info they need to do business. The effects can range from nuisance to permanent damage.

There is also the risk that an owner whose personal info was compromised and who experiences identity theft may decide to sue the HOA. Even if the person can't prove that the identity theft resulted from a particular data breach, the HOA still needs to spend money dealing with the lawsuit. I bet insurers were also be looking at this as well.
TimB4
(Tennessee)

Posts:17841


12/01/2021 2:50 PM  
The article did say that the management company was hacked.
However, it could happen to personal computers as well.

Take steps to prevent but also expect that it will happen at some point in time and prepare for it. i.e. expect the best prepare for the worst


Personally, I lobby for associations to maintain paper copies for 5 to 7 years and then digitize and back up the digital copy (I burn data dvds which are kept in the officer binder).
The goal would be to be able to recreate the records if need be.
LetA
(Nevada)

Posts:1462


12/01/2021 3:57 PM  
Would,'t the PMC be the one on the hook? Granted the HOA would be put #1 on the blueback, but during pre trial stage, evidence would point to the PMC. NRS 603A was passed several years ago that places a duty to protect sensitive information on the parties responsible for safeguarding them.
MelissaP1
(Alabama)

Posts:10584


12/01/2021 4:14 PM  
The PM company would be on the "hook" so to speak for this. However, what have the hackers stolen? Their customer's information. Plus where do you think they are going to go to for the "ransom"? Their customers or insurance.

My best advice... Never ever answer those "25 questions you don't know about me etc..." quizzes on social media. I don't use my real name on social media or even my email address. Protect yourself first. Hence why I am not a big fan of giving a HOA PM any more information they need access to. Which is my address/phone #.

Former HOA President
MaxB4
(California)

Posts:1593


12/01/2021 7:41 PM  
I own a PM company, but don't store the same documents that the PM company in the article mentioned. I manage HOA only, never have managed rentals, which is where some of the information stolen might come from. SS# and credit reports of lease agreements would be keep. There is nothing I keep that would be of any value to a hacker. The software I use has there data security and to date, never been hacked.
LetA
(Nevada)

Posts:1462


12/01/2021 8:40 PM  
Most cyber thieves are phishing for financial info to drain bank accounts for quick access to cash. It is a revolving door to banking institutions because banks typically insure credit card transactions more than
they insure checking transactions.. I would pay my assessments with a credit card, but the bank the PMC uses charges $10.00 per transaction. For those of us paying monthly, ten beans is a lot of money for
for a simple transaction that the CCC charges typically 3% for.. It is legal extortion IMHO to charge 10 bucks for.
CathyA3
(Ohio)

Posts:2588


12/02/2021 5:38 AM  
Yes, they look for personally identifiable info that they can sell to bad guys - the bad guys can use this data for further attempts at intrusion (emails for phishing attempts or outright identity theft, for instance). But ransomware also locks up a business's data by encrypting it - this provides a quick payoff if the business pays the ransom, and if not they just move on to the next target. Even if only tiny percentage of victims pays anything, it generates enough profit for the bad actors to keep at it since there seems to be an endless supply of folks who fall for phishing attempts. It's big business for bad guys, and they're good at it.

My employer is diligent about training their people. In addition to required annual security training for everyone, we get regular reminders and warnings from IT and they periodically send fake phishing emails to see who clicks on the links (those who do get extra training). It's often the weak links that provide the most opportunity for crooks.
CathyA3
(Ohio)

Posts:2588


12/02/2021 5:52 AM  
Posted By LetA on 12/01/2021 8:40 PM
Most cyber thieves are phishing for financial info to drain bank accounts for quick access to cash. It is a revolving door to banking institutions because banks typically insure credit card transactions more than
they insure checking transactions.. I would pay my assessments with a credit card, but the bank the PMC uses charges $10.00 per transaction. For those of us paying monthly, ten beans is a lot of money for
for a simple transaction that the CCC charges typically 3% for.. It is legal extortion IMHO to charge 10 bucks for.



I agree that the credit card surcharge is a lot (you should see what my county tries to charge as a "convenience fee" for paying property taxes with a credit card). I use my bank's bill pay system which doesn't charge anything for a transaction.

A number of PMs around here offer the option of ACH transactions (also at no charge). They "pull" the money from your account each month. I prefer bill pay since it's a "push" transaction and allows the payer to control the activity. In general push is safer than pull if you don't 100% trust the puller (and even reputable PM companies that I normally trust can get hacked).
PatJ1
(North Carolina)

Posts:290


12/02/2021 6:33 AM  
I push my HOA payments through my Bank. Our MC charges around 4% for credit card payments processed through the owner-to-bank online payment portal. Credit card information is captured on the bank end. Check payments are mailed to a bank lock box. Only check payments received by the local office in person could cause some concern.

They also offer pulled ACH drafts. I don't do ACH drafts for anything can't I can't log-in and control. Our MC requires that any changes to ACH drafts be mailed and can take 3 days to take effect. Mail in NC has taken up to a month to be received.

Our MC does not handle rentals, therefore no private information like credit reports or S.S.'s are gathered. Names, addresses, email addresses and phone numbers, when provided by owner, are all that are stored.

Board members are volunteers. Many have no idea what they're doing. Educate them. Don't beat them up.
Please login to post a reply (click Member Login on the menu).
Forums > Homeowner Association > HOA Discussions > Why HOAs/COAs Need to Take Computer Security Seriously



Only members have access to all features.
Click here to join HOATalk for Free! Members click here to login and access all features.







General Legal Notice:  The content of forum messages are from the posting member and have not been reviewed nor endorsed by HOATalk.com.  Messages posted by HOATalk or other members are for informational purposes only, are not legal or professional advice and do not constitute an attorney-client relationship.  Readers should not act upon this information without seeking professional counsel.  HOATalk is not a licensed attorney, CPA, tax advisor, financial advisor or any other licensed professional.  HOATalk accepts ads from sponsors but does not verify sponsor qualifications nor endorse/guarantee any sponsor's product or service.
Legal Notice For Messages Posted by Sponsoring Attorneys: This message has been prepared by the sponsoring attorney for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute an attorney-client relationship. Readers of HOATalk.com should not act on this information without seeking professional counsel. Please do not send any sponsoring attorney confidential information unless you speak with the sponsoring attorney or an attorney from the sponsoring attorney’s firm and get authorization to send that information to them. If you wish to initiate possible representation, please contact an attorney in the firm of the sponsoring attorney. Sponsoring attorneys that post messages here are licensed to practice law in a specific state or states as indicated in their message signature or sponsor’s profile page. (NOTE: A ‘sponsoring attorney’ is an attorney that is a HOATalk.com official sponsor and is identified as such in the posted message or on our sponsor page.)

Copyright HOA Talk.com, A Service of Community123 LLC ( Homeowners Association Discussions )   Terms Of Use  Privacy Statement