Protecting Residents’ Data

At the recent NAA Apartmentalize conference, cybersecurity expert Mark O’Cleirigh of Erin Meadows discussed how to take an active role in mitigating a cyber attack at your community.

In the age of the iPhones and Alexa, the internet has greatly increased the ease and efficiency of many aspects of the apartment industry. However, with the benefits also come some major potential calamities, as Mark O’Cleirigh, general manager at Erin Meadows LP, explained at the recent NAA conference in San Diego.

O’Cleirigh specializes in cybersecurity and urged independent rental owners to not only be cognizant of the threats of data breaches, but also take an active role in mitigating the risk of a cyber attack. Apartment owners maintain more personal information of their clients than in almost any other industry, and that makes them prime targets for cyber attacks. He categorized three types of data present in the apartment industry: restricted data, confidential data and non-confidential data.

Restricted Data

Restricted data is the most sensitive data that apartment owners and managers collect and includes information such as social security numbers, bank account information, and driver’s licenses. This data should always be saved and sent using secured and protected networks including cloud-based platforms. While not completely impervious, cloud-based systems offer significantly more security than local networks and drives. If restricted data is hacked, you must inform your residents.

Confidential data

Confidential data includes important resident and corporate data but does not require notification if breached. Examples of confidential resident data include addresses, birth dates and gender, while corporate confidential data may include company financials or employee communication and procedures. This data should also be stored remotely through cloud-based systems to ensure maximum security.

Non-confidential data

Non-confidential data is information that is publicly available, including property names, photos, and apartment listing information. Such data does not pose a security threat if breached, and therefore can be saved on mobile devices and local drives.

In addition to knowing your data and how best to secure it, O’Cleirigh stressed the importance of maintaining strong cybersecurity policies within your company. Strong password, e-mail and software policies that limit potential data breaches can only limit the likeliness and breadth of a data breach.

Having a long and detailed password that includes letters, numbers and symbols, and must be changed routinely is the best approach. Also it is important to train your management and staff to identify suspicious e-mails. Phishing and e-mail attack campaigns are becoming more sophisticated, and a higher level of scrutiny is needed when opening e-mails, especially for those coming from outside your company. Finally, routinely updating virus protection software will limit potential data breaches of internal data stored on your company’s computers.

O’Cleirigh also urged owners to prepare a cybersecurity defense plan, so that in the event of a data breach, your management team has practiced the procedures and can implement them smoothly. Your plan should include contacting legal counsel, securing the physical data and machinery through which the breach occurred, notifying the appropriate parties both internally and externally if necessary and reporting the breach to law enforcement. In certain situations, it is imperative that you inform your residents. In such instances, quick and direct communication is important not only for your reputation, but also to begin the recovery process following the cyber attack.

With such a significant amount of critically important resident data, property owners and managers should not take the growing threat of cybersecurity lightly, and they should instead focus on securing their information as much as possible, while also preparing a recovery plan if a serious data breach were to occur.