February 2023

DIGITALLY EXPOSED

With over 80% of costs attributed to labor, the num ber one security vector facing all of us is social engi neering. Social engineering is a deception to manipu late individuals into divulging confidential or personal information that may be used for fraud. Rather than hacking a system, cybercriminals rely on human error. They have found that tricking a human is more effortless to breach than a system. As has been demonstrated over and over, cybercriminals know this. For example, the Verizon Data Breach Investigations Report notes that 85% of all data breaches involve human interaction. More specifically, of the type of security incidents that are the most popular, 71% of the incidents are financially related. 5 Currently, as highlighted by iProperty Management HOA statistics, the community management industry collects $103 billion per year from. 6 Unfortunately, the volume and amount collected can attract cybercriminals who may see community associations as easy targets. What trusted practices should an association or property management company consider in securing proprietary information including financial, personal, or infrastructure: 1. Know your software platform: Know the software used to manage your community association or port folio of associations. Is your software current with the latest digital standards and constructed to detect and resist cyber-attacks? A data security breach can compromise trust, integrity, and availability for your association or management company. Additionally, it can be timely and costly to recover from damage 2. Conduct proactive software provider internal employee security training: In too many cases, security theater is more of a reality than the actual practice of training and ensuring employees are prepared and vigilant with many of the new and quickly evolving social engineering tactics. Software providers must incorporate internal employee train ing for cyber security threats. One way to ensure compliance and constant awareness of new and evolving threats is a tool called Knowbe4.com. The tool helps raise awareness and simulates common security threat scenarios to test the employee’s pre CONT I NU E S ON PAGE 34

By Ryan Fleming, EBP, JGS Insurance a Baldwin Risk Partner

T he term cyber gets thrown around constantly, and for good a reason. Understanding what the term cyber means is the first place to start when determining how exposed you, your community or your business may be. In a time where technology drives everything we do; we are all exposed to loss to one degree or another. The main differences are how we use, collect, store and protect it. We all possess some kind of data, but too often, how we handle it becomes a secondary thought when we are primarily running our lives, communities or businesses. Our data is exposed to cybercriminals who specifi cally look for weak processes and technology, as well as simple mistakes that could have been avoided. It’s as simple as losing a mobile phone with community residents’ names and addresses. Data at risk typically includes personally identifiable information (PII). Once breached, there are massive costs such as total loss or damage, data ransom payments, reputation dam age and notification requirements which may include credit monitoring fines, etc. Now that we know we are all exposed, the good news is that there are insurance policies that can help to defer the costs associated with a data breach. Of course, policies can’t fix your processes or prevent mistakes, but they can mitigate the losses that may arise after the event.

Who_I_am/iStock/Getty Images Plus

33

F E B R U A R Y 2 0 2 3