By Laurie Mega
A property management business gathers a lot of valuable information from tenants and owners. That information is used to collect rent, transfer money, keep emergency contacts, and verify prospective tenants.
Information such as credit history, social security numbers, addresses, and credit card numbers should be kept only as long as you need them and then deleted. But as long as this information is in your possession, you need to do everything you can to protect it from hackers.
In 2019, 86 percent of cyberattacks were financially motivated, according to Verizon. All of that data you hold is very valuable to hackers, who can either use it to commit identity theft or sell it to the highest bidder on the dark web.
It’s important that both you and your staff are aware of the dangers. Your staff should have a basic knowledge of cybersecurity and what they can do to protect tenants and owner data.
Threats to Your Business
Before you can train your staff on how to prevent cyberattacks, they first need to know what they’re up against.
Of course, there are hackers who simply access your network remotely (usually through your wifi) and try to guess your passwords to get at the information. But there are more sophisticated ways they can gain entry to your system, as well.
First, let’s talk about what malware is since it’s involved in so many different kinds of cyber threats. Malware is a program that hackers use to infect computers.
A piece of malware can be programmed for a number of ill-begotten goals. It can track keystrokes to get passwords and other important information. It can download files from your computer. Or it can lock your computer entirely, holding it hostage until you pay a ransom to hackers.
There are different types of malware, such as trojan horses, viruses, and botnets. Some are meant to merely cause mayhem by slowing down your system or preventing apps from working, while others, like trojan horses, hide inside your computer system stealing information.
Malware can be picked up through a phishing scam or a malicious website.
A phishing scam is usually an email or a message through social media that entices the recipient to click on a link. Scammers do that by pretending to be someone the recipient knows or an institution they trust, such as a bank or a local municipal department.
The link usually downloads some kind of malware, or it may direct you to a site and prompt you to enter private information. For example, a hacker may send an email posing as your bank, requesting your account or social security number (or both) to complete a transaction.
Note that a reputable bank would never ask for that kind of information in an email. A hacker would then use that information to access your accounts or even steal your identity. If they get the information for your business account, they could do serious damage to your business.
A malicious website may look legitimate on the surface, but it’s really set up to do harm. Some are simply there to disseminate false information or fake news. But others lure in users with promises of useful downloads that really hide malware.
A lot of times, these sites show up as ads in social media feeds, particularly Facebook.
When students were first sent home during the COVID-19 outbreak, for example, numerous ads popped up on Facebook for websites with free downloads for teaching resources. The sites looked legit, but when an unsuspecting parent tried to download a worksheet, they were hit with malware, instead.
Finally, there are good old fashioned phone scams. You’ve probably received one of these, where a robotic voice or even a real person threatens you with the freezing of your assets, the possibility of malware on your computer, or even your arrest if you don’t give up vital information to help them fix the problem.
Educate your staff on how to recognize phishing scams through emails, social media, and phone calls. The National Cybersecurity Alliance provides resources to help you get started.
How to Train Your Staff
Once a hacker is in your network, they can access your information as well as that of residents, prospective residents, and owners, as well as your own.
If a well-intentioned staff member receives any of these scams and gives up company information, it could put your business, your residents, and your owners at risk. That’s why it’s important to make your employees aware of the risks and how to avoid them.
Knowing is half the battle. The other half is a good defense.
Strong Passwords and Two-Step Verification
Train your staff on using strong passwords and two-step verification. Strong passwords are random and are made up of enough characters to contain a variety of letters, numbers, and special symbols, such as # and @.
Weak passwords are shorter, using just letters, and are related somehow to you, your business, or your employees. For example, you wouldn’t want to use a password like propmanagement123. It’s too obvious.
You and your staff shouldn’t use the same password across apps and programs, either. Make every password unique to make it harder for hackers to get into multiple systems.
Finally, train your employees on two-step verification and use it wherever you can. When you enable two-step verification, after you enter a password, the app or account you’re using sends a security code to your phone or email. Only after you enter that code can you access the program.
Restrict Internet Use in the Office
It’s important to teach your staff how to recognize a bogus site. But even the savviest user can be fooled into clicking on what looks like a legit site. That’s why you should consider restricting internet use on company devices.
Allowing staff to use the company network for personal browsing may seem harmless, but it can put your company and your data in danger. If an employee falls for a phishing scam from their personal email or clicks on an ad from their social media newsfeed, it can affect your computer system.
There are plugins that can assess a website’s security before you even click on it. Avast, for example, is a Chrome plugin that assesses the safety of websites on Google search results page. Safe pages will appear in search with a green check mark next to them. Websites that appear to be unsafe will appear with an orange x. Questionable sites will have a gray question mark.
A plugin like this can be really helpful for keeping staff off of questionable websites. But it doesn’t work for sites navigated to through social media platforms such as Facebook or Pinterest.
Use Encryption, Anti-Virus Software and Firewalls
There are safety measures you can put in place to keep your data secure, as well. Firewalls restrict incoming and outgoing network activity based on a set of rules that you set up for your network and your devices.
If a piece of malware should breach your network, antivirus software can help identify and eliminate the threat.
Finally, and this is particularly important when you’re handling tenant data, use encryption software to secure data entered into your website.
Of course, you may have thought to implement all these measures on your desktop or laptop computers in the office. But did you think about your mobile devices in the field, as well? Phones and tablets are especially vulnerable to attacks since they often connect to public wi-fi.
Make sure your employees are using only company-issued devices to access your network and that the devices are as protected as your in-office computers.
It’s not enough to educate yourself on keeping your data safe. Your staff has to be in the loop, as well. They should be able to recognize phishing scams and know to stay away from shady sites. They should know how to create strong passwords, and ensure the proper software is installed on their company devices.
It’s really hard to keep hackers at bay once you’ve become a target, but arming your staff with the right knowledge and tools will go a long way in helping you protect data for your business, your owners, and your tenants.