Cybersecurity and the Apartment Industry
Cybersecurity and the Apartment Industry
The world can be a scary place—for your data. We don’t have to look any further than the spate of recent attacks against Target and Sony to accept the realty of today. With future cybersecurity breaches a certainty, the big question is not if there will be another attack but, who? Wonder if we will ever find out who the hackers were that got into Hillary’s private server. Also, the Democratic National Party got hacked and heads rolled. Even on a personal basis of being notified by my human resources department that my health care provider Anthem (Blue Cross / Blue Shield) has been hacked…. Gee!
We might think we in the apartment industry will not be a target but, think about it, we are the guardians of much sought after data. Do you think the hacker would value the social security numbers, driver’s license numbers, and banking numbers? We harvest most of this information with most of our rentals. A lot of our site associates might prove somewhat naive regarding prospect and resident cherished data. As owners and operators, we all need to set standards that will be maintained with our associates, systems and risk management.
Owners and operators are now taking seriously their reputations / brand images and the risks to apartment firms as they integrate more advanced and mobile technologies in their operations and collect more information about their residents and employees to try to serve them better.
At the 2015 On-Site User Retreat, On-Site hosted a panel discussion covering common incidents in the world of cyber security and best practices for protecting the sensitive information housing providers collect.
And from that discussion, here are three simple things you can do today in taking affirmative steps in securing your data:
Copiers have hard drives. Dispose of them securely. Whatever was recently scanned or copied is still there.
Phishing attack. This is an area the multifamily associate more than likely will demonstrate their naivety:
Emails that ask you to reply with your username/email and password.
Emails with links to fake login or password reset pages.
Emails with links to view or download a file from someone you don’t know.
Links on social network posts or comments that lead to fake login or password reset pages.
Fake email from the presumed associate with wiring instructions.
Develop a password policy and enforce it. It is truly a discipline that must be incorporated at the home office and at site level. In 2014 Splash Data developed a listing of the worst pass words for that year.
Do any of these pass words look familiar to you?
The fact is that sooner or later the cybersecurity breach can occur. When it occurs, are you prepared to deal with it with the right insurance coverage and response team? You are exposed by the growing presence of “Bad Guys”, employee mistakes, vendors and ransom ware. That risk doesn’t just come as a hit to your brand or reputation. With the average legal and other associated costs of a data breach at $188 per record, according to the 2013 Cost of Data Breach Study from the Traverse City, Mich.–based Ponemon Institute, losing your residents’ data could have a major impact on your bottom line. With just 2000 resident records this could turn into a $375,000 exposure. You might think about it as losing a four-unit apartment building with no insurance coverage. Also, take it to account that such data breaches have already occurred as reported by Multi Family Executive to Essex Property Trust. (http://www.multifamilyexecutive.com/technology/data-breach-at-essex-property-trust_o)
There are products and services that are available that will assist you in meeting these challenges. By partnering with the right multifamily insurance specialist that understands the exposures and has the capability in delivering a specifically targeted product and service, you will be in a much better position in meeting this ever increasing challenge.
Help from Onset to Conclusion
Responding to a cyber event and navigating federal, state and international laws, as well as any contractual obligations, governing notification requirements and remediation can be complex and time consuming for an organization.
The Cyber Breach Response Team that provides expert legal services and technical support designed to assist policyholders who have identified a data security breach. The Team works closely with a policyholder’s management team, in-house and outside cyber-security experts, law enforcement and government regulators to accomplish compliant and timely public reporting as required. The Team is well-equipped to defend litigation, including national consumer class action litigation.
In the event of a security breach, a breach coach privacy attorney will be assigned to the case and promptly respond to and investigate any suspected or actual event. An attorney that has experience in the exposure and that has the right team support to meet the challenge.
Cyber Policyholder Services
Work closely with policyholders and, when necessary, forensic and crisis management consultants to identify the cause of the breach, determine its scope, and formulate the appropriate response to the incident.
Position communications to be protected by the attorney-client and work product privileges in order to minimize the amount of information that must be made available to third parties in the event regulatory action or litigation ensues.
Coordinate with law enforcement where appropriate.
Formulate compliant notification letters to affected individuals and implicated regulatory bodies.
Identify and retain, where appropriate, credit/identity monitoring and restoration services to be offered to affected populations.
Arrange for the appropriate call centers and FAQs to respond to inquiries.
Develop and manage appropriate responses to post-notice inquiries received from affected individuals and regulators.
Defend policyholders during formal regulatory and payment card industry investigations and enforcement actions, and in the event of class action or other litigation.