search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Why do Condominium Associations and their Managers Scott Andrews and David Leonhardt


We get asked this question all the time when we bring up the subject of cybersecurity. Let’s say that a homeowners’ association has 100 or maybe 200 owner/members along with their credit card or banking information, emails and possibly other personal information. The association is ultimately responsible to its owners for security of their data. Then they give that data to a management company that also handles similar data from maybe 100 other associations. What could possibly go wrong?


Need Cyber Protection? your IT folks, and here are a few “meta tags” that you should query them about: two-factor authentication, password policies, next- generation antivirus, Office365 Secure Score, operating system and application patching, sequestered backup systems, firewall gateway protection and last, but not least, who’s this Bob guy?


OK, SO YOU GET THE POINT. WHAT IS YOUR RISK, ANYHOW?


You may think, “Oh, we’re a small association or management company. We’re not a target.” Yet sometimes it is precisely because you are under the radar that you are a target. You have less sophisticated firewalls and security, so when a hacker sends a phishing email that convinces one of your users to click on a bad link, then Bingo—you have a virus that is fishing around in your server and sending another malicious virus to all your email contacts.


SCENARIO


So, here’s how it goes; you’ll see an email from your old friend Bob and sure enough that really is Bob’s address, and the email has a URL link or a document attached. You know Bob, you trust him, and so you think nothing of it and start clicking. Hmmm . . . well I guess the document is protected so when the very-official-looking box pops up to request your login credentials you dutifully enter your username and password. Game over. You’ve been hacked, and now a lot of things are happening very quickly:


1. Your credentials are being used to access your company’s remote access solution. Heaven help you if you don’t use two-factor authentication, because if not, the bad guys are now roaming around, stealing valuable data or simply encrypting it knowing that you’ll pay the ransom. Especially when you discover that the first thing they did was wipe out your backup system.


2. Your email account is being modified such that emails from your contacts, co-workers and other folks are now being automatically forwarded and deleted. The hackers are covering their tracks, just like any household thief hangs a curtain in front of the broken window, preventing your contacts from warning you about the shattered glass on your porch.


3. All of your contacts and all of the folks in your inbox are receiving an “important” email from you with an attached URL or document. They trust you and so....lather-rinse-repeat. And for the occasional person who realizes this is a bad thing, their reply email saying “Hey,


I think you’ve been hacked!” never arrives because the hackers covered their tracks in step 2 above.


TECHNICAL IMPACT It’s a mess. Your data is scrambled, likely compromised, and productivity grinds to a halt. Recovery efforts will be measured in days—not hours—and depending on how well-defended your backup system was you may be starting from scratch, restarting from yesterday or you might be frantically reading about how bitcoin works such that you can pay the ransom.


DON’T BE A VICTIM


There are a lot of tools that can improve your ability to defend against these attacks, but those are going to vary widely depending on the nature of your environment. Oh and by the way, this is just one attack vector and there are hundreds. Now’s the time to talk to


You can be held liable for big money and you have a duty to notify all affected parties which first means you have to figure out how you were hacked and what data was compromised. That means hiring a forensic computer guy and a lawyer who specializes in sorting out the legal requirements started in motion by the” hack”. Meanwhile, you are down for the count. Then of course there is the public relations nightmare and loss of reputation.


HOW DOES INSURANCE HELP YOU?


Privacy Protection: Liability coverage will defend and pay damages for violation of any privacy law protecting against disclosure of Personally Identifiable Information or confidential corporate information. Will generally cover claims for violation of privacy laws, negligence, breach of contract, and negligent network security, for transmission of malicious software, denial of service attack against a third party, unauthorized transmission or disclosure of Personally Identifiable Information, or prevention of authorized access to any computer system.


Breach Costs: Necessary costs incurred in response to a breach that triggers notification obligations under federal, state, or local statute. May also cover costs where the breach can be shown to simply pose a significant risk of financial, reputational or other harm to affected data subjects. Costs may include:


• Computer Forensic Costs to confirm a breach and identify affected data subjects.


• Notification costs to satisfy notification obligations including legal costs, breach response call center and costs to notify a data subject.


• Credit or Identity Protection Costs to provide each data subject with typically one year (or more as required by law) of services to monitor and/or protect each data subject’s credit or identity.


• Crisis Management and Public Relations costs to reduce costs of any claim and to assist in reestablishing your business reputation.


Hacker Damage: Reasonable costs with consent of the insurer to repair or replace your website, intranet, network, computer system, programs, or data to the same standard and with the same content as it was before the breach event. May include consulting costs.


Cyber Business Interruption: The loss of income and extra expense such as consulting costs to mitigate the Business Interruption event.


Cyber Extortion: Covers the ransom paid, usually in Bitcoins (do you even know how to buy Bitcoins?) including your costs to pay the ransom.


CLICK ANY SUSPICIOUS LINKS, AND INSURE AGAINST THE INEVITABLE.


SO BE AWARE, WORK WITH YOUR I.T. SUPPORT SERVICE PROVIDERS TO MAINTAIN SECURITY, DON’T


“IT’S NOT “IF” YOU WILL BE HACKED. IT’S “WHEN”. www.wscai.org


27


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36