The Coming Kidnapping of Condominium Associations

Let's be clear. Your computer, where you store your condominium association's records, or the association's computer system, will get hacked. Make no mistake about it. To pretend otherwise would be a mistake. For example, I guarantee almost all of you have already been hacked on a smaller scale. Anytime you have had a “bug” in your computer, you have been hacked. But there's a worse storm coming, usually for larger condominium associations, but not always, just ones with some money, which means yours. Cyber crimes are on the rise.

According to the Identity Theft Resource Center, cybercriminals shifted away from individuals, such as stealing identities, in 2020. The ITRC found individual cyber crimes fell by 66% in 2020 from 2019, but ransomware and phishing attacks rose. Why? As the ITRC noted, one ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years. So it was just good criminal business to switch from individuals to larger groups, where there is more money, like your condominium association.

And if you think your condo association is too small to be a target, think again. The ITRC noted the average ransomware payout has grown from less than $10,000.00 in 2018 to more than $233,000.00 in 2020. So, if you have “merely” tens of thousands of dollars in your Reserve Account, and many have well over $100,000.00, consider yourself both lucky and forewarned.

The most vicious kind of cyber attacking is via ransomware. It is a malicious software that locks up a computer's data until a ransom is paid. How does it happen? There could be any number of ways, such as piggybacking onto a vendor's email with an invoice sent to your association. But the most common way is by simply clicking on a link or an attachment in an unsolicited email.

If it happens, ignore the attacker for there is no guarantee if you pay the ransom you will get your data back. (And believe it or not, if you pay the ransom you may run afoul of federal anti-money laundering laws.) Get a specialist such as a computer forensics person who may be able to track it, remove it (or find the hacker) and/or shut it down.

How do you find such an expert? Well, it's not likely your IT person. Check with your insurance carrier. As noted, cyber attacks such as ransomware are much more prevalent now, so your insurance company has likely had some other insured who has suffered as you are now suffering. So, it can likely recommend someone who has helped in other cases. And call your local police department. If they don't have a computer forensics person, at least they can investigate the crime.

Also, immediately disconnect the network so you have a stand alone, self-contained computer. Do not just shut it down. You want to make sure it cannot spread to the computers on your network or other associations or other persons. And if you just shut it down there's a good chance someone will start it up again.

Ways to help prevent such attacks include changing the Association passcodes regularly. And back up back up critical data on a regular basis, so if you are the subject of a ransomware attack, you can use the backup information and the damage to your association may be minimal. That way you can quickly restore most association operations. Make sure it is stored off line and completely severed from the working network.

And if you have a computer person in your community or on your board, you can have that person split the network into smaller ones, such as bills, deposits, reserves, operating account, etc.

Finally, set up a system with a multi-factor authentification system. That sounds really technical, but you have experienced a form of it already. For example, when you log into your bank account you have a user name, and then a second authentication factor, such as the name of your first pet or a PIN. Set up your association the same way.

I don't know of any condo associations that has yet been hacked, but wouldn't it be nice to be ahead of the curve for a change?