Cybersecurity Awareness in Multifamily

Cybersecurity Awareness

Cybersecurity Awareness may not be on our minds all the time, but it is definitely on the minds of the “bad guys.”  Cybersecurity is not something about which we can afford to be uninformed or complacent.

Why is Cybersecurity Awareness important to me?  All of the tools used to combat cybersecurity threats (firewalls, encryption, antivirus software, etc.) are not enough to overcome an individual employee who is not informed of and alerted to the threats. It is critical to understand the dangers:

  • There is an ever-increasing sophistication of cybersecurity threats.
  • Help protect yourself and your assets.
  • Downtime and recovery.
  • Company and public image.
  • 43% of cyber attacks affect small businesses – including PROPERTY MANAGEMENT!
  • You can have the best security in the world, but nothing will give you 100% protection.  In this case, your staff is the last line of defense.

What knowledge and skills are needed to be a “Human Firewall” for cybersecurity awareness?  A firewall is a network security device that monitors traffic to or from your network.  It allows or blocks traffic based on a defined set of security rules.  To be a “Human Firewall,” you need:

  • A stop-and-think mindset… and common sense.
  • Basic understanding of how cyber attacks take place.
  • To recognize the tell-tale signs of an attack, so you don’t get tricked.

Common Pitfalls – Malware, Phishing, and Social Engineering

  • Malware and ransomware are software intended to harm your computer and systems.
  • Social engineering is a social technique used to illicitly obtain information or money via email or phone.  This is the most common form of attack in 2022.
  • Cyber attacks are highly profitable.  These attacks are now an $8 billion industry.

One serious threat is web attack scareware.  They trick you into calling “Microsoft” and paying money to fix a fake issue.  They want remote access to your computer to “fix” the issue.  Web pages may look similar to real pages and want your login information, such as for Office365 or Facebook.  Checking any box on an online ad may trigger a deceptive report of malware on the computer.

Scareware can happen even if you have good security software installed.  It can originate from streaming podcast sites or web advertisements.  Be extra cautious!   Don’t click anything!  Ctrl-Alt-Delete is your friend!  Kill the task as soon as you suspect any problem.  If that isn’t possible, hold down the power button on your computer to power cycle your computer.  If scareware is still present after you reboot, call your IT support team. 

Ransomware is a $2 Billion a year industry.  It can install software that monitors and records your keystrokes.  It will encrypt your files and hold them hostage until you pay a fee in Bitcoin to have your files unencrypted.  The average cost to unencrypt files is $2,500.   Even backups can be encrypted, so it is a very serious event.  There are few firewalls or antivirus programs that protect against ransomware.  These criminals even have “friendly” tech support numbers to call to assist you in paying the ransom.

There can be physical cybersecurity threats as well.  Is someone looking too closely over your shoulder?  Make sure no one is “tailgating” you – going through a door behind you when they should be using their fob to get in.  Make sure you lock your computer screen as soon as you step away.  Always ask vendors for credentials and verify the purpose of their visit, especially if they are working on telecom, door access, or other amenities with technology.

Cellphones and mobile devices are vulnerable as well.  iPhones tend to be easier to secure, but that is no guarantee.  Use your own cell phone network rather than free Wi-Fi.  Keep your phone updated for the best protection.  Never “jailbreak” a phone, as that invites trouble. 

Property management companies are often phishing targets, and they need to know everything about cybersecurity awareness.  Hackers often learn the organizational structure of your company from your own website.  They study your vendors and processes, then use stolen information from the dark web to create realistic signatures and emails.

Common types of phishing seen by property management companies include:

  • Fake emails from executives or regional managers to property staff asking for “favors”’
  • Fake emails from your IT department saying your credentials are expired.
  • Fake invoices from vendors with suspicious attachments.
  • Fake documents are being sent from a property scanner.
  • Fake voice mail attachments.
  • Extortion emails.  These are rare but effective!

Be on the lookout for emails with fake sender domains.  An email from a Hotmail or similar email address should trigger extra caution.   Anything other than “.com” is cause for concern.  Strange country codes or domain names are a big red flag!  Bad grammar is also a dead giveaway of a dangerous email.  If you hover over a bad link, it will reveal the destination, which will not be the real company site.  If an email is portending to be from someone within your company, but it comes with an “External Email!” warning, that is a tell-tale sign.

The Latest Threats and Trends for Cybersecurity Awareness in 2002

  • Adobe Sign Scam:  This is where legitimate systems other than Office365 are used to distribute phishing emails.  The attacker gets access to the address book of the company and also gets access to Adobe Sign.  It creates a document that looks like a DocuSign asking for a signature to receive an ACH payment.  It includes a link to view the document, redirecting to a fake Office365 login page, where they steal your credentials.
  • Text Message Scam:  The attacker obtains a database of users at a property management company which includes their cell phone numbers.  They then create fake texts from the CEO or management asking for favors.  These databases are widely available on the web and can be purchased through the dark web or through legitimate data mining companies specializing in the multifamily industry.  The attacker can learn the organizational structure from the company website or from a mailing list.  Report these messages as junk and don’t reply.  Use a template to send announcements to your staff.   

What can you do to improve your cybersecurity?

  • Think before you click! 
  • Use passwords and password managers like Lass Pass.
  • Use two-factor authentication.
  • Separate business and personal emails and passwords.
  • Utilize security software.
  • Keep your OS and programs updated.
  • Use encryption.
  • Be the human firewall!
  • Call your IT or CTS anytime you have doubts.

Password Security Tips:  Passwords offer some protection, but they are not foolproof.  Keep your passwords private.  Don’t write them down.  Use a password of at least 12 characters, including a combination of letters, numbers, and unusual symbols.  Don’t use dictionary words.  A strong password should look random.  Long phrases or sentences following these rules work, too, such as Th1$IS@n3Xample!  Change your password regularly – every 30, 60, or 90 days.

Passwords are like underwear!  Never share them with others!  Don’t leave them out for everyone to see!  Change them regularly!

Cybersecurity threats are rising, but you are not defenseless against them.  Be alert and vigilant.  Don’t ever get careless about threats.  Listen to your own instinct and act on any doubts. 

Cybersecurity Awareness

Travis Street

President | CEO

CTS Multifamily IT Solutions

Read more like this from Edge2Learn

Click here to access additional Leasing Training Resources

Edge2Learn is an eLearning company whose focus is the Property Management Industry and specializes in property management training and multifamily education. With almost 40 years of experience and a commitment to increasing industry excellence, we are passionate about engaging learners to maximize benefits for both companies and employees. Aligned with a well-respected industry leader, Ellis, Partners in Management Solutions, the Edge2Learn platform provides a turnkey solution for clearly identified needs and opportunities. We prepare learners to deliver a superior customer experience and reduce corporate liability risks and employee turnover.