954-866-1600    Get SUPPORT

Evolution Networks Blog

Evolution Networks has been serving the South Florida area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How Prepared is your HOA to Protect Sensitive Information?

evolution-networks-stay-safe-from-cyber-attackers

All homeowner associations have access to sensitive owners' data. From social security numbers and driver license information to credit card numbers, you are responsible for keeping them out of the wrong hands by boosting your cyber security efforts.

According to RiskBased Security, in the first half of 2019, over 3,800 breaches were reported, exposing over 4.1 billion records. How prepared are you to protect sensitive information? As technology advances and HOA relies on digital services and products, the risks of data theft increase every day.

Let's talk about ways to improve cybersecurity for your community and protect sensitive association data from hackers in 2020.

1. Clarify Security Procedures

Each homeowner association should have certain security procedures. Limit access to sensitive information to people, who can't avoid working with it.

Document rules about access clearance. There shouldn't be any misunderstandings about the procedure.

Make it clear to the board members that data access restrictions aren't set up due to a lack of trust but to enforce cybersecurity measures.

2. Employ Strict Password Protection

All applications and documents must be protected by passwords. Uploading documents to a cloud is a convenient storage method. However, sharing access without a password makes it a risky one.  

You have to create strong passwords that contain symbols and numbers. Never use the same combination for several purposes. If you are having a tough time creating and remembering numerous strong passwords, you can take advantage of password managers.   

3. Limit BYOD (Bring Your Own Device)

When HOA members are using personal devices to access sensitive information, they are putting the data at risk. Large companies work out complex BYOD (Bring Your Own Device) policies to ensure all their information stays safe.

If you aren't ready to invest time and money in such a policy, access all the data from properly protected office computers.

4. Consider Cyber Liability Insurance

Cyber liability insurance protects you in case there is a data breach. Depending on the policy type, it can cover immediate financial losses related to the breach as well as claims that may occur because of cyber-attacks. For example, if a homeowner sues the association for problems encountered due to data loss, the insurance covers the expenses.

If you decide to pay for such insurance, make sure to discuss it in detail. Such policies aren't standardized and may contain unique terminology. They can also be based on a retention/deductible, an amount you have to pay before the insurance company makes its payment.  

5. Destroy Old Files

As soon as you don't need the information anymore, destroy it. Keeping old files just because you don't have time to deal with them increases your vulnerability.

Make sure to erase files fully. Clicking "delete" simply sends them to the trash bin. Clearing the trash bin won't do it either. You need to remove the information without the possibility of recovery, which would require using a third-party shredding tool.

6. Update Your Software

According to a survey done by Voke Media, about 80% of companies that experienced breaches could have prevented them with a software update.

The key reason to update any software you use on HOA computers is to improve cybersecurity. Don't miss or ignore updates.

By the way, if you are still working with Windows 7, it's time for an upgrade since Microsoft has stopped supporting it recently.    

7. Consult an IT Expert

If you don't have a staff IT expert, you should outsource IT-related tasks. This specialist should consult you on cybersecurity measures and offer solutions for HOA data protection. 

Cyber security is quickly becoming the top concern for the majority of companies all over the world. Implementing the above security measures today can help you avoid serious consequences in the future. 

Evolution Networks has the measures and solutions for protection of your HOA data.  Get in touch with us and we will guide you through the steps to get and stay compliant and secure. Contact us here.

0 Comments
Continue reading

Why do HOAs need to know about Cyber Security?

Evolution-Networks-HOA-Cyber-Liability

Because everything is digitized, sensitive online information is subject to a cyberattack. Cyberattacks are “an attempt by hackers to damage or destroy a computer network or system,” according to Google.

This warrants serious concern for homeowners associations that digitally systemize resident information, including full names, current and former addresses, social security numbers, credit history, and contact information.

On top of sensitive resident information, most homeowners associations keep important HOA financial documentation on an digital system. From HOA fees to contractor paychecks to annual taxes, HOA finances would be a big loss.

What information do cyberattackers want?

Hackers are looking for personally identifiable information (PII) to sell on the “dark web.” The dark web is a digital black hole for stolen identities, fake passports, and other illegal activities. This means that resident information is in-demand currency.

If a cyberattack occurs in your HOA community, PII of former and current residents is at risk. This puts your community at a liability, and you in a courtroom.

What are common cyberattack methods?

The most common method of a cyberattack is an email scam like phishing. This is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers,” according to Google.

With the help of All Property Management, here’s a recap list and a few new tips for the best cybersecurity for HOAs:

Email Cybersecurity

  • Set up a spam filter.
  • Don’t open an email if you don’t know the email address.
  • Don’t digitally share sensitive information with any contact that you don’t recognize.
  • Don’t open zip files, download attachments, or click links from untrusted emails.
  • Set up a Google Alert for big data breaches and ransomware attacks.

Password Protection

  • Create strong password for any digital system in an HOA. A lengthy password that consists of a short, memorable sentence (also known as a passphrase) is better than a single word.
  • Incorporate as many letters, numbers, and symbols as each system allows.
  • Don’t use any dictionary words or names unless they’re part of a passphrase.
  • Use a mix of capital and lowercase letters.
  • Avoid using a common password.
  • Don’t reuse passwords or use a master password for multiple systems. If a hacker finds out the master password, all sensitive information is compromised.
  • Use a password management software like 1Password to create and store secure passwords for use across all systems. 1Password also stores usernames, account numbers, and other pertinent information.
  • Change the default password on the router. Anyone who tests the router has access to the entire digital community otherwise.

HOA Board Member Training

  • Limit who has the WiFi password. Visitors should be on a separate network.
  • Train all HOA board members on the importance of password protection, potential of cyberattacks, and best cybersecurity measures.
  • Decide which board members can access sensitive information. This minimizes who knows master passwords.

Software & Data Measures

 

  • Update all system software as soon as possible. An update creates a stronger version of the software. By choosing to update later, you’re using a weaker, more susceptible version.
  • Invest in an antivirus software to scan for potential Trojan horses, ransomware, and other cyberattacks.
  • Don’t hold onto records longer than required. This minimizes what could be stolen in a cyberattack.
  • Back up any data onto an offsite location. If you back it up to a cloud solution, talk to the provider about cloud security.
  •  

    Source: IKCommunity

    If you feel that your HOA could use a little more attention when it comes to Cyber Security, we're here to help.  Let's schedule some time to discuss.  Evolution Networks

    0 Comments
    Continue reading

    Cyber Security Protection and Compliance for HOAs is a Must Have

    hoa-cyber-security

    Community associations and board members can land themselves in hot water and find themselves liable if a cyber attack occurs. In addition to the loss to the association if funds are stolen, there may be compensation to owners if thieves steal their funds or personal information.

    Board Members Can Be Liable

    Community associations and board members can land themselves in hot water and find themselves liable if a cyber attack occurs. In addition to the loss to the association if funds are stolen, there may be compensation to owners if thieves steal their funds or personal information. There is also the expense to defend a potential lawsuit and resulting reputational damage to the association. Penalties may also be assessed if the targeted association failed to comply with state data-protection statutes. These statutes vary, which is why it’s important for an association to understand its obligations under the law.

    The Importance of Cyber Security

    To help mitigate risk, it’s important for the association to have a cyber security policy in place. This includes:

    • Review governing documents and local laws. These official documents will set up a foundation for adding a new cyber security policy.  
    • Determine which individuals will handle the data and which individuals will ultimately manage cyber security. Keep close tabs on who gets access to sensitive data and who gets administrative privileges.
    • Outline a plan of action if security breaches or criminal hacking occur.
    • Set up a list of rules for using association mobile devices or computers to ensure that unauthorized people will not be able to access confidential information.
    • Establish a data breach plan. To prepare for a potential data breach, there are several resources from trusted authorities like the Federal Trade Commission (FTC). The Online Trust Alliance has an online guide about data breach preparation and the FTC offers resources that explain the process of securing association data and protecting customer data.
    • Provide board members with a set of guidelines. These cyber security principles can help community associations better understand new policies and see how to respond to potential cyber attacks and data breaches. They are key to bringing everyone onto the same page regarding cyber security policies and procedures.
    • Teach residents about cyber security. Educating residents about cyber security should be a priority for the association. This can be done via the community’s newsletter, emails or letters directly to residents, along with tips posted on the community website.
    • Ensure that the association software is secure, with features that defend against malware and protect sensitive and confidential information.  This includes creating strong passwords, updating software regularly, investing in an anti-virus solution, encrypting all data, and ensuring regular back-ups are being made, among other measures. Make sure the management company will not be sharing the association’s private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.

    Secure Cyber Liability Insurance

    In addition to having a cyber security plan in place to help mitigate the risk of a breach, it’s also critical for an association to carry Cyber insurance. Note that General Liability insurance does not cover the impact of a data breach on the association. A Cyber policy includes first-party and third-party coverages. First-party coverage is for losses and damage to the business, while third-party coverage is for losses that an outside entity incurs due to a cyber event. A policy can be designed to pay for first-party expenses that include:

    • Legal and forensic services to determine whether a breach occurred and assist with regulatory compliance if a breach is verified
    • The costs involved to notify affected customers (homeowners, condo owners) and employees
    • Customer credit monitoring
    • Regulatory defense & penalties – coverage for defense costs and fines or penalties for violations of privacy regulations
    • Crisis management and public relations to educate customers about the breach and rebuild a company’s reputation
    • Business interruption expenses as a result of the breach
    • Cyber extortion reimbursement for perils including credible threats to introduce malicious code; pharm and phish customer systems; or corrupt, damage, or destroy your computer system

    A Cyber policy can also be designed to pay for the following third-party expenses:

    • Judgments, civil awards, or settlements a client is legally obligated to pay after a data breach
    • Electronic media liability, including infringement of copyright, domain name, trade name, service mark, or slogan on an intranet or Internet site

    Policies, including the scope of coverage, terms, sub-limits, deductibles and other important factors, vary from one carrier to the next and it’s important to work with an experienced insurance professional in designing a Cyber insurance solution that meets the needs of the association.

    Source: NI

    0 Comments
    Continue reading

    If you use Microsoft Office 365, you need to be aware of this new attack.

    office-365

    A  spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers.

    Researchers at Ironscales discovered the campaign targeting several thousand mailboxes at nearly 100 of the email security firm’s customers, Lomy Ovadia, Ironscales vice president of research and development, said in a report posted online Monday. Other industries being targeted including telecom and insurance companies, he said.

    The attack is particularly deceiving because it deploys an exact domain spoofing technique, “which occurs when an email is sent from a fraudulent domain that is an exact match to the spoofed brand’s domain,” Ovadia wrote. This means even savvy users who check sender addresses to ensure an email is legitimate might be fooled, he said.

    The attack is comprised of a realistic-looking email that attempts to persuade users to take advantage of a relatively new Office 365 capability that allows for them to reclaim emails that have been accidentally marked as spam or phishing messages, according to the report. The messages come from sender “Microsoft Outlook.”

    “Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” Ovadia wrote. “As inferred by the message, the link will redirect users to a security portal in which they can review and take action on ‘quarantined messages’ captured by the Exchange Online Protection (EOP) filtering stack, the new feature that has only been available since September.”

    Once a user clicks on the link, they are asked to type in legitimate Office 365 login credentials on a fake log-in page controlled by attackers to harvest and likely sell on the dark web, according to Ironscales.

    One interesting aspect of the campaign is its success in getting past secure email gateway (SEG) controls. Typically, exact domain spoofs aren’t very hard for them to detect, according to Ironscales; the company found in previous research that this tactic was represented in less than 1 percent of total spoofing attacks that bypass SEGs in a given year.

    “Even non cloud-native and legacy email security tools are fairly efficient at stopping these sorts of attacks,” Ovadia noted. “The reason why SEGs can traditionally stop exact domain spoofing is because, when configured correctly, this control is compliant with the domain-based message authentication, reporting & conformance (DMARC), an email authentication protocol built specifically to stop exact domain spoofing (SPF/DKIM).”

    However, Ironscales found that Microsoft servers are not currently enforcing the DMARC protocol, which means the exact domain spoofing messages get through controls such as Office 365 EOP and Advanced Threat Protection.

    “Any other email service that respects and enforces DMARC would have blocked such emails,” Ovadia wrote. “It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.”

    The situation is particularly curious as Microsoft is typically one of the top domain names if not the top domain imitated by hackers in phishing campaigns, he observed.

    To mitigate attacks, Ironscales advised organizations to configure their email defense and protection systems for DMARC, which should detect and reject emails coming from the latest Office 365 campaign, according to the report.

    “Advanced mailbox-level email security that continuously studies every employee’s inbox to detect anomalies based on both email data and metadata extracted from previously trusted communications can help stop email spoofs that slip through the cracks,” Ovadia added.

    0 Comments
    Continue reading

    Tip of the Week: Simple Practices to Secure Your Wi-Fi

    Tip of the Week: Simple Practices to Secure Your Wi-Fi

    Wi-Fi has swiftly become one of those amenities that we just expect to have, including in the workplace. While it does make work around the office more convenient, it should not be at the cost of your security. To help prevent this, we’re reviewing a few key Wi-Fi security considerations to keep in mind.

    0 Comments
    Continue reading

    Promoting Data Privacy

    Promoting Data Privacy

    Today, everything we do on the computer and on our phones creates data. Organizations that are good at utilizing this data, often look to capture everything that they can. This can leave the individual searching for a way to keep his/her data secure. Let’s take a look at some of the best practices used to prioritize individual data privacy.

    0 Comments
    Continue reading

    Baseline Cybersecurity

    Baseline Cybersecurity

    More than any time before, cybersecurity has to be a major consideration for businesses. It is, in fact, one of the biggest problems the modern business has to face day-in and day-out. Shortage in cybersecurity talent and antiquated strategies are making it difficult for businesses to find the knowledgeable resources that will help them work to secure their network and data from threats to the business.  

    0 Comments
    Continue reading

    The Technology That Protects Your Payment Cards

    The Technology That Protects Your Payment Cards

    These days most consumers lean heavily on their payment cards. Whether they use credit cards, debit cards, or gift cards, consumers today are much more apt to use their card then they are to use cash. Why is this? Convenience mostly, but also there is a belief that using a payment card is more secure than walking around with a wad of cash in your pocket. Today, we will get to the bottom of the matter.

    0 Comments
    Continue reading

    Tip of the Week: Warning Signs of a Phishing Attack

    Tip of the Week: Warning Signs of a Phishing Attack

    The modern cyberattack is more of a slight of hand than it is a direct attack. With encryption protecting a lot of business data, hackers need to find ways to circumvent that technology. They often do this though phishing. This week, we will take a look at some of the warning signs of phishing to help give you a little better awareness. 

    0 Comments
    Continue reading

    Armored Car Cybersecurity

    Armored Car Cybersecurity

    It’s fair to say that most business owners aren’t cybersecurity experts. That’s why there is such a large investment in cybersecurity solutions. That outlay is justified, sure, but is it effective? Today, we’ll talk a little bit about network and cybersecurity, and how all the capital investment in the world may not actually keep your network secure. 

    0 Comments
    Continue reading

    4 Timeless Cybersecurity Rules to Live By

    4 Timeless Cybersecurity Rules to Live By

    Cybersecurity has become an overly complicated, increasingly important part of our lives. These days, many people are concerned about their privacy; who is collecting their data, what data is being collected, how to prevent information from being stolen, how to prevent breaches, etc. Then there are the traditional threats like malware, ransomware, and phishing that are not only becoming more common place but are capable of doing more damage. 

    0 Comments
    Continue reading

    Google Password Checkup Tool Works to Keep You Secure

    Google Password Checkup Tool Works to Keep You Secure

    Imagine a world where there wasn’t a singular dishonest being. Passwords would simply vanish from our everyday lives, as we would not be paranoid of a breach or other forms of cybercriminal activity. The harsh reality is this will never become reality. Even worse, the cybercriminals don’t just skim for lack of passwords. Instead, the dishonest criminal goes even further; they take advantage of common or recurring passwords. So how do you know if your password practices are leaving you vulnerable? Google is here to help. 

    0 Comments
    Continue reading

    DHS Cybersecurity Shortage a Major Problem

    DHS Cybersecurity Shortage a Major Problem

    Cybersecurity is a big point of emphasis for the modern IT administrator. For the private business, it’s important for enough to be done in order to secure the business’ assets, and the integrity of the network itself. Unfortunately, when looking at public computing resources, there isn’t enough talent available to properly secure the systems that government entities rely on. 

    0 Comments
    Continue reading

    Tip of the Week: Get Better at Managing Your Mobile Data

    Tip of the Week: Get Better at Managing Your Mobile Data

    You may not think much about managing mobile data, but if your business routinely transmits sensitive data over the Internet, you should. Today, businesses of all types are using the Internet as a tool to drive their sales and marketing processes, but they don’t often consider the threats that come in when they use it for productivity. Today, we will go over what a Mobile Information Management solution is, and how to leverage it for your business. 

    0 Comments
    Continue reading

    Cybersecurity Insurance Gaining Steam

    Cybersecurity Insurance Gaining Steam

    Controlling your organization’s data relies on keeping your network and computing infrastructure free from threats. Early detection allows your business to actively confront risks before they develop into major issues. However, threats are becoming more difficult to detect in early stages, and one hidden threat could doom your entire business. 

    0 Comments
    Continue reading

    Don’t Be Snagged by This Google Calendar Phishing Scam

    Don’t Be Snagged by This Google Calendar Phishing Scam

    Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.

    0 Comments
    Continue reading

    For Cybersecurity Awareness Month, Keep Looming Threats in Mind

    For Cybersecurity Awareness Month, Keep Looming Threats in Mind

    Any business in operation today needs to keep modern realities concerning cybersecurity at top-of-mind if they are going to successfully maintain the business going forward. One major issue to be cognizant of is the increasing prevalence of phishing attacks.

    0 Comments
    Continue reading

    Celebrating Cybersecurity in Professional Services

    Celebrating Cybersecurity in Professional Services

    The professional services space is filled with important information. Lawyers, accountants, doctors, and many more professionals have access to some of the very most personal information available. For this reason, they are continuously targeted by hackers. Since October is cybersecurity awareness month, we thought we would take a look at modern cybersecurity practices to see which ones were working best for professional services firms. 

    0 Comments
    Continue reading

    When It Comes to Payment Cards, Frank Abagnale Gives Credit Where Credit is Due

    When It Comes to Payment Cards, Frank Abagnale Gives Credit Where Credit is Due

    With more than $16 billion being scammed from more than 16 million people, there is clearly an issue at hand that could use some expert insight. Those who are familiar with Steven Spielberg’s Catch Me If You Can might know that the movie was based on the memoirs of Frank Abagnale, former con man and longtime security consultant of the FBI. With his 45 years of experience with the bureau, Abagnale can safely by considered an expert in cybersecurity and fraud protection.

    0 Comments
    Continue reading

    Building a Secure Wi-Fi Network

    Building a Secure Wi-Fi Network

    Maintaining network security is always a priority for the security-minded company, but if your organization’s strategy is to fly under the radar, you need a new plan. No business is too small to be a victim of a network breach. What most people who are tasked with coming up with a network security strategy for a small business don’t always realize is that threats are everywhere. Today, we’re going to take a look at planning a secure and reliable Wi-Fi strategy that doesn’t inherently add to your business’ risk. 

    0 Comments
    Continue reading