“Maybe if we just ignore cyberattacks, the hackers will ignore our multifamily properties.” Ridiculous? Sure. But for years, that seemed to be the opinion of many property operators. Today, cybersecurity for multifamily properties has never been more relevant with cyber risks lurking everywhere.
However, many apartment communities are less than ready to meet cyber threats head-on, despite the risks. In this series, we’ll consult with John Schiel, Principal Information Security Engineer for Cyber Defense with Lumen Technologies and their Quantum Fiber internet service—a well-known provider for multifamily properties. He’ll navigate the current state of cyber threats and what property operators can do to protect their networks and residents.
Cybersecurity for multifamily properties: the numbers
There’s no question that the pandemic triggered an explosion of resident internet use. According to Schiel, a flood of unwelcome online threats has come along with it. “You’ve got more residents on home networks, using a company computer, connecting to business networks through VPNs, and attending web meetings. All these work-from-home and virtual learning tools have increased vulnerabilities.” The sharp upturn in cyberattacks has been alarming. The result is more compromised data than ever before. Some of the numbers:
- Cybersecurity Ventures predicted in 2017 that ransomware attacks would happen every eleven seconds, on average. They also predicted these attacks might cost upwards of $265 billion within a decade.
- The non-profit Identity Theft Resource Center (ITRC) reports that the number of data breaches in the just first part of 2021 surpassed the total number for all of 2020—making it a “record” year.
- A study by security firm KnowBe4 found a 600 percent increase in phishing attacks since the pandemic began. It estimates that over three-quarters of all cyberattacks start with an email.
Multifamily property residents notice these trends, and they’re waking up to how their online data is at risk. A recent online privacy survey found that about three-fourths of us say we are either “very” or “extremely” concerned about privacy and cybersecurity after noticing things like targeted ads based on browsing history or location. Another study showed that nine in ten consumers worry about online security threats, and almost seven out of ten believe working from home has made them more vulnerable.
The statistics are sobering. Why is cybersecurity for multifamily properties still off the radar of many property owners and businesses? Often, it’s due to misconceptions.
Misconception: “We’re not a big corporation—who would target us?”
The truth is, since as far back as 2016, most cyberattacks have been against companies with fewer than 100 employees. Incidents like ransomware attacks can pose a serious existential threat to businesses this size. According to the National Cybersecurity Alliance, more than half of small and midsize companies that suffer a cyberattack fold within six months.
Misconception: “What do we have that a hacker would want?”
Make no mistake. The data multifamily properties and HOAs collect from residents is a treasure trove for cybercriminals. Social security numbers, names, birthdates, credit reports, and employment histories from applications and leases are an identity thief’s dream come true.
A property’s business data would also be in high demand. Archived financial and transaction records stored on a multifamily community’s network or the cloud might include everything from rent payments to banking information, security deposits, and tax records. If compromised, the result could be untold financial and reputational damage and hefty legal bills.
Misconception: “IT stuff is someone else’s problem.”
“Most people think cybersecurity is someone else’s responsibility,” says Schiel. The assumption is that some “IT guy” somewhere is “keeping an eye on it.” Schiel believes shifting this mentality is crucial. Cyberattacks are a potential business problem for everyone. “Internet providers, building owners, management, staff, and even residents all play a role in maintaining a good security posture.”
Malicious actors virtually never attack through a multifamily company’s IT department. Instead, they focus on residents or regular employees with email-based schemes like spear-phishing and ransomware attacks. Catching non-IT people off guard is why 95 percent of security breaches result from human error.
Schiel says getting buy-in and widespread participation is vital. “When everyone cares about security, consistently maintains their hardware, and applies all security patches and application updates, that’s when you can build a solid defense.”
Misconception: “Cyber risks come from outside our property.”
Increasing levels of technology can also mean other unexpected factors deserve a property owner’s attention. Beyond outside attacks, multifamily operators face the possible risk of a cyber threat originating within their community. According to the Digital Millennium Copyright Act, if a resident commits cybercrimes like hacking, data theft, or illegally recording videos of other tenants on an apartment community network, the owner can be held liable.
Quantum Fiber(SM) Connected Communities provides customized fiber solutions for apartments and communities.
In Part 2 of this series, we explore how choosing an internet provider committed to cybersecurity is vital for property owners. Lumen’s John Schiel also outlines layered preventative protections for apartment residents and their communities.
What are the various defensive levels IT security companies offer?
A MF company probably does not need pentagon level encryption, but probably not some company working from their parents basement.
What are the differences and levels of security available for small companies?