Data Security

The world is getting more digital. While we’re not at WALL-E levels yet, it’s also not as humorous as it once was. Every week we get a notification telling us how much screen time we used last week and we cringe. And while all of this connectivity is great, it also means that when someone gets into your digital life, they have access to everything if you’re not careful.  The greatest danger is no longer accepting that friend request from a high school alum that has an exciting new opportunity for you.

You may think that data security and private networks are for fortune 500 companies and banks, but the truth of it is that in the HOA industry, most of us have access to millions of dollars of client funds that can be vulnerable if we are hacked. While our industry isn’t in the crosshairs yet, I predict that in the next five years, we will get on the radar of some aggressive groups who realize how much access an HOA management company really has. So without aiming for a degree in internet security, here are five things that you can do in ten minutes or less to make you a much less vulnerable target:

1. Use a Commercial VPN like Nord, Cyberghost, etc

Basically, a VPN is private network formed between your computer and the recipient site that hides the data packets that are being sent. Once you are connected to a VPN, it changes your IP Address to a new one which usually is a different location from where you are currently at. This makes it almost impossible for anyone, even for people that are connected through the same network to intrude and use your personal data. Nord or Cyberghost go for about $5/Mo. If you use it for ten years, you’ll spend around $600. Far less than a single fraudulent spree by hackers with your bank info.

2. Use a two-factor authenticator like Authy for everything that offers 2FA (And most do)

2-Step Verification is an added layer of protection whenever you access your account online. We’ve all gotten the prompts and texts when logging on to our banks, but you can add this to most programs. Using a program like Authy or Google Authenticator generates a random code every 30 seconds that needs to be entered for new logins. Statistics show that about 90% of passwords can be cracked in less than 12 hrs. Add a 2FA backup means exponentially increasing the strength of your systems.

3. Use a password manager with a random password extension like LastPass to vary your passwords

Sadly, the three most common passwords are still 123456, 123456789 and qwerty. Most people don’t want to spend the mental energy to think of and remember new passwords so we end up using the same 3-4 passwords for everything. This is one of the most dangerous practices that needs to be changed. Because when you sign up for a free trial of that Instagram filter software, that password will get sold or hacked easily. Hackers will then use your login email and attempt to log into the 500 most popular sites with that email and password combination. Sadly this works a lot more than you would think.

Changing this doesn’t need to be difficult. Install a password manager that has a Chrome Extension. My team uses Lastpass which not only generates 16 character random passwords, but can autofill your passwords in Chrome, Safari or your phone apps. It will also tell you if you’ve reused these passwords on other sites.  Again, this is $3/Mo. So if you use it for 10 years, it will cost you $360. Compare that with a single unauthorized purchase or ACH transfer.

4. Keep your Antivirus up to date

Yes it’s annoying, yes you can do it tomorrow, but the truth is that Malware is not a static threat. Every day there are new attacks and new defenses. Simply updating your McAfee or Norton when prompted will protect you from a lot of threats.

5. Backup your data every 30 days

There are a lot of programs that will automatically back up your data storage for you on a regular basis. This can limit ransomware from being effective and even reduce the chance of accidentally deleting a file that you will need later.  

6. Don’t use public networks in places like airports/cafes

While 5G has reduced the number of deadzones, we’ve all been tempted to logon to “Guest Wifi” or “Anytown Public Network”. At the risk of breaking out the tinfoil, you don’t want to use those networks unless you are positive that they are secure.

A startling number of people send secure information on these networks, not realizing that hackers have setup an “Evil Twin Hotspot” (Yes that’s what they’re called) and are siphoning information from them. Set up your phone as a mobile hotspot or ask someone on staff what the correct network is.

7. Don’t overshare on social media

Social Media is the single greatest threat to data security today. Except in this instance, you’re freely giving away information to people. First Pet’s name? Let’s scroll through your history. First Job? Let’s create a post asking people for their first job. Good time to attack your work system, let’s see when you’re checked in to a concert or a ball game.

Keep in mind that everything you put on the internet is there for the entire world to see and is there forever. Even if you delete the post, someone can use the Wayback Machine to look at old archives. I’m not advocating shutting everything down (though some of you could use time limits), but change your security settings to Friends or Friends of Friends and stop filling out surveys that are designed to gather your information. Don’t underestimate the data mining capabilities of hackers. It is a multibillion dollar industry.

8. Beware of clicking links and downloading attachments

Phishing emails have been around long enough that most people can spot the signs. Poor grammar, mismatched URL and email domains, vague statements with consequences if you don’t act immediately. Most email programs allow you to mask your outgoing domain so it appears to be coming from the correct sender. But an easy way to solve this is never click on the links contained in the email. If it’s coming from Chase, go to your browser and type in This prevents people from getting your logins when you access their fake site.

9. Use different email addresses for different accounts

Another simple way to protect yourself is to partition your access between email accounts. Have several different emails with varying access levels. For example, I have one email that is only for free signups, inquiries, filling out forms, etc. If someone hacks that account, all they’re getting is a life time of spam. I have another for family stuff like Amazon, Shared Calendar, my kids school newsletters, etc. I have one that is only for bank logins and I only access that from my office computer or laptop, never from my phone or ipad and never on an unsecure network. Doing this ensures that if someone hacks into one email, they don’t get access to everything.

10. Turn off the “save password” feature on Browsers (Google Chrome, Safari, etc.)

This just takes a second. On the list of difficult to hack, public browsers are towards the bottom. Don’t put all of your eggs in their basket. Turn off the save password feature and move them into something more secure like Lastpass or 1pass.

While no system is going to make you 100% impenetrable, these steps will drastically increase your security. Keep in mind that most hackers are lazy; they buy lists of exposed password and cross reference them against every site. The odds of a Hollywood-esque group of hackers in a dark room with 90s grunge music playing in the background, specifically targeting you are very small. So locked down the basics and the odds of you being hacked are greatly reduced.