A Cybersecurity Guide for Multifamily Leaders

In today’s evolving technological landscape, cybersecurity is no longer a nice-to-have but a need-to-have for every organization. This holds especially true as the capabilities of sophisticated hackers and malicious actors continue to evolve. To safeguard your organization from potential risk, it’s essential to have a scalable cybersecurity strategy to keep personally identifiable and proprietary information secure.

While most in the multifamily industry have transitioned from antiquated paper trails containing prospective residents’ personal information to a digitized format, new solutions that promise a better and faster way to complete tasks are arising every day. As you consider new solutions, while also prioritizing the protection of vital information, here are some key insights into what multifamily executives need to consider when evaluating and implementing new software programs and the cybersecurity guidelines that accompany them.

Meeting challenges

Phishing messages have recently become one of the most common cyberattacks in the world. During a phishing attempt, a hacker pretending to be a trustworthy source will initiate communication with an unsuspecting individual and trick them into revealing sensitive information. The most common type is when employees receive an email or text that looks like it’s from a familiar source but instead includes malicious links designed to steal passwords, credit card numbers or login credentials.

Despite ongoing education around phishing attempts, it continues to be an effective low-cost, high-reward scam for hackers to execute, especially with the emergence of artificial intelligence integrations that make them look even more realistic. According to a survey by cybersecurity company, Lookout, although 96 percent of security leaders believe employees can spot phishing attempts, about 6 in 10 companies reported falling victim to executive impersonation scams through text or voice.

Cyberattacks like this are evolving quickly and becoming more sophisticated, requiring companies to be as diligent as ever. For multifamily companies working with countless outside vendor partners and being responsible for highly sensitive employee, business and resident information, protection is paramount and an investment in sophisticated cybersecurity measures and proper training is a must.

Mitigating risks

For daily organizational security, all systems used in multifamily organizations should include both multifactor authentication and single-sign-on capabilities. These security measures have become basic requirements in most corporate settings, especially if there is personally identifiable information at play.

In multifamily, cybersecurity measures should be consistently implemented and followed across the organization. Anything connected to the internet—such as printers, conference phones, smart TVs and security cameras—can be a breach or entry point for cyber attackers. There are a few specific industry best practices that should be followed by property owners and managers that can help limit the risk of malicious attempts.

• Limited data access. Often referred to as “least privilege access” among IT experts, this reduces risk when integrated across systems used by employees. By only granting employees access to systems needed to perform their jobs, it limits the points of entry and decreases the likelihood of information falling into the wrong hands.

• Restrict access to company-owned devices: To further maintain control, online databases should only be accessible by devices owned and managed by your organization. This limits the potential for breaches, as hackers would need to gain access via a physical company managed device.

• Exit policies and procedures: This is critical for protecting both resident and organizational data. In the high-pressure environment of the multifamily industry, swift action may be needed to prevent potential threats. Enabling instant revocation of digital access helps stop malicious activity before it compromises cybersecurity.

Evaluating and implementing new tools

While having these general security measures in place is important, it’s equally critical to evaluate the security of the software tools themselves. Today’s multifamily industry demands cutting-edge solutions that enhance efficiency, but never at the expense of security.

Similar to how limiting points of entry mitigates risk, so too does limiting software products that interact with your database. By consolidating to only a handful of providers that solve your software needs, you can streamline processes and better maintain who has access to what.

It’s also important to properly vet software solutions that you are considering rolling out to the broader company. Clearly define the non-negotiables or the characteristics a tool must have in order to be considered (single sign-on, multifactor authentication, data loss protection, 24/7 support, etc.). This helps determine early on if the tool even meets basic organizational needs and can be considered.

Testing and phased rollout

Once decided, test the solution with smaller groups within the organization to identify any bugs or inefficiencies. Before doing so, however, be sure to have a well-thought-out plan about how the tool is expected to impact the beta group’s day-to-day work and outline the intended outcomes. Using a smaller test group at first will help validate the efficacy of the technology before being distributed more widely to the rest of the organization, with proper training and support to guide the rollout.

If the chosen software does not integrate well with your company’s workflow, it is perfectly acceptable to end testing and move on to another option. It takes an organization with strong values to step back, discontinue use of the product in testing, communicate what you learned and move on to something else that will better serve the needs of the company.

Proactivity is the key

The multifamily industry faces increasingly complex security threats that demand proactive, modern solutions. Working closely with in-house information technology teams and a trusted third-party partner to evaluate your current security measures and help guide you in the right direction can be the difference between averting a cybersecurity threat and managing a full-blown crisis.

As cyber threats grow more sophisticated, prevention efforts must evolve faster with proper safeguards in place. Proactively investing in security up front is not only more cost effective but also key to long-term, future-proof success. By adopting these best practices and strengthening your digital defenses now, you can ensure peace of mind for your employees, partners, residents and the organization at large.

Dan Melton is the associate vice president of technology at Village Green, a property management company based in Farmington Hills, Mich. Dan spent much of his career in sales, having risen through the ranks over 16 years at Village Green and influencing Village Green’s innovative approach to technology at the corporate and property level. Village Green employs approximately 1,200 people and operates a broad range of asset classes within a portfolio comprised of approximately 50,000 apartments nationwide.