As posted by Skyscraper Insurance community associations such as condominiums and homeowners associations are vulnerable to crime. Like small and medium sized businesses, they have data cyber criminals seek but not the resources for defense like larger organizations. In addition to data loss and theft of funds, associations and their board members can be subject to claims for failure to protect the association and its members from these losses. There can also be penalties for failure to comply with data protection and breach notification statutes.
Associations need to have a cyber security policy. It should include the following points:
- A review of governing documents and local laws.
- List of individuals, by name or position, who handle data and manage security.
- A plan for response to security breach or hacking. Resources are available from authorities such as the Federal Trade Commission.
- Rules for using mobile devices. Only authorized people should have access to confidential information.
- Provide board members with guidelines (new members should receive them as part of needed documents).
- Educate residents about cyber security. Use newsletters, emails, printed notices or tips on websites.
- Make sure software is secure using strong passwords, protections against viruses and malware, encryption and regular backups. If using a third party service provider, the contract should require these protections.
Cyber insurance must cover both first and third party claims. First party coverage should include legal and forensic services, breach notification costs, credit monitoring, regulatory defense and penalties, crisis management and extortion. Business interruption may be needed. Liability insurance must cover officers and directors besides the association; in addition to security and privacy media liability is necessary if the association has a website or uses social med