There is no question that digital solutions and online platforms can save tons of time for homeowners associations. Every paper process that can be replaced with a digital solution is probably worth exploring. The only problem with online solutions versus traditional paper document storage is the increased risk for hacks that put member and association information at risk. For all those HOAs that have moved into the digital age, it is vital to have strategies for keeping all your essential data as secure as possible. Here are some key details on the best practices for HOA cyber security.
Review All Association Data
Any good cyber security plan needs to include all the key points of data and where exactly it is stored. If your HOA has not taken a recent inventory of all potentially vulnerable data and platforms utilized by the association, here are a few things to make sure you have all key details summarized:
- Online bank account(s)
- Credit card account(s)
- HOA employment records
- Payroll management systems
- HOA management company portal
- Online document storage
- Online signature and contract management
- Contact management system
- Website host
- Include list of all administrators
- Email provider/platform
- Include any additional access points like phones, IMTP third party programs
Outsource the IT Department
Few, if any, associations can afford to have an in-house IT department and it would be an unnecessary expense in nearly all cases. There are excellent IT firms that specialize in providing their clients with all the tools and resources to overcome any IT challenges or issues. These firms can assist with implementing the best practices and provide real-time assistance if anything happens. They are also experienced with stress testing existing systems for any vulnerabilities and monitoring all third-party systems being utilized for any known hacks. An experienced outside IT team can assist with selecting the best systems to meet your needs and responding quickly to any potential issues.
Draft and Implement a Cyber Security Policy
Every HOA needs a cyber security policy in place to make sure the board of directors and members are aware of the processes and policies being used to protect their private data and association accounts. A quality cyber security policy should include specific security risks and the process in place to protect against those risks. This is a good practice for quickly addressing any breaches of security or data. It also helps protect the association against claims of negligence should any hack or data breach occur. Start with the assumption that even the most secure systems can be hacked and define the process to mitigate potential issues as quickly as possible.
A forward-looking cyber security policy will address specific data and systems that require protective measures and what kind of liability insurance is required to cover potential risks. It should detail who has access to which systems and data. The policy should also cover the process the HOA will take to dispose of any old data or documents. Working through this process in detail can help identify current systems that need to be updated and data/documents that require additional security measures.
Utilize Best Security Protocols
One of the aspects of a strong HOA cyber security policy is standardizing the appropriate protocols for all key systems. This should start with making sure that strong passwords are used for every online system or account. It should also detail how often these passwords will be updated and how all required parties will get access to the updated passwords. As more HOAs move most processes online, there is a need to monitor what devices have access to key systems and make sure there are protocols in place to grant or revoke access as needed. This same process should identify and detail what software systems are used by the association and set reminders for any required updates. Most software updates address any bugs or security risks that must be performed to keep your data secure.
Consider All Legal Obligations
Associations and planned communities have detailed obligations to represent their members interests, and this includes protecting all their personal information. Since HOAs will have access to a lot of personal information, like full name, address, phone number, social security number and more, it is vital to make sure that all your cyber security policies, software usage, and online data storage are in line with the legal obligations to your members. This is an area of your cyber security policies and protocols that should be reviewed with an HOA law firm.
At Halk, Oetinger, and Brown, we only represent Arizona associations and planned communities. We can assist with drafting a cyber security policy and security protocols to make sure they address all legal obligations to your members. Schedule an initial consultation with our team of experienced attorneys today by submitting a message on our contact us page.
Halk, Oetinger, and Brown shares this article for informational purposes only and does not create an attorney-client relationship.