“Cyber crime” seems like the latest buzzword in the news, and it’s steadily gaining more traction. The biggest stories we hear typically involve large corporate retailers, like Target and Home Depot, as victims, though some outliers for 2017 have included ride-share technology Uber and credit bureau Equifax. Too often, community associations erroneously assume that their low-key, non-profit status keeps them safe from cyber crime, when in reality HOAs and other associations are at a particularly high risk of attack.
Here are the three major ways community associations are exposed to criminal liability in cyberspace.
Employees (and Volunteers)
By far, the biggest risk to HOAs is internal. This defies the conventional cyber crimes we see reported in the news, but hackers are not the biggest threat for these kinds of entities. Instead, we see employees—whether employed directly through the association or through a management company—as the leading perpetrator. Volunteers who work with records, computers, or any financial information may also commit cyber crimes.
In these scenarios, an employee or volunteer can engage in wire fraud, embezzlement, vendor fraud, falsified invoices, forgery, theft, and computer fraud. All of these are relatively easy ways for less-than-scrupulous people to access liquid assets using cyber technology. Since most HOAs are required by law to have a significant reserve fund, they are particularly vulnerable to repeated, small thefts that the criminal hopes go unnoticed.
Another potential risk is the use of the HOA’s resources to commit crimes against victims other than the HOA itself. For example, an employee or volunteer may use an electronic database to access a resident’s personal information in order to commit identity theft. In certain cases, the HOA may be held responsible for not securing sensitive data.
Third Party Attacks
Most HOAs contract with a management company for on-the-ground support for the community and its residents. In the event that this management firm’s data is breached and the community’s information exposed, the HOA itself may be sued alongside the responsible party. Though in most cases the HOA is not held criminally liable for third party breaches, some cyber insurance policies will cover civil liability costs, such as the attorneys’ fees incurred defending against claims of negligence.
Phishing
While the top threats to community associations tend to be internal or closely linked to the organization, there is still potential for outside hacking. The most common method used here is phishing, which involves sending an e-mail that contains malicious software. Unwitting employees and volunteers may open these e-mails and infect the workplace computers with malware that can steal identities, financial information, passwords, and other sensitive data.
Other times, the cyber criminal simply pretends to be an important third party vendor who needs information. In these cases, they may impersonate a security firm, management company, lawyer, regulator, or otherwise “trustworthy” positions.
HOAs can be held financially responsible for losses incurred through any of the above cyber crimes. Without the right cyber liability policy in place, the losses can wreak total havoc. However, a well-chosen cyber liability policy will cover all of the costs associated with cyber crimes, allowing the HOA to recover its losses and save its reputation.
About Kevin Davis Insurance Services
For over 35 years, Kevin Davis Insurance Services has built an impressive reputation as a strong wholesale broker offering insurance products for the community association industry. Our President Kevin Davis and his team take pride in offering committed services to the community association market and providing them with unparalleled access to high-quality coverage, competitive premiums, superior markets, and detailed customer service. To learn more about the coverage we offer, contact us toll-free at (877) 807-8708 to speak with one of our representatives.