Hacking can be defined as the breach of a computer system in an attempt to exploit weaknesses in a network. As online commerce continues to grow and individuals search for ways to make bill paying more convenient, security threats are inevitable. Monetary transactions, including association assessment payments, have become increasingly more susceptible to the risks of cyber threats.

Whether an Association allows members to make payments toward common area assessments online or an Association houses members’ personal information on a computer, hacking can become a real threat. If precautions are not taken, association members may be subject to fraud and/or unauthorized access to their accounts.

In order to keep online payments and members safe from a security breach, entities should remain vigilant. The following are six best practices that property managers and Associations can implement to help safeguard members’ personal and financial information:

1. Caution employees against personal web browsing

Since personal email accounts, social media accounts, and other forms of web surfing are notorious for security breaches, it is important to encourage employees to try to avoid these types of websites while at work. It may be helpful to discuss the difference between safe (secure) and unsafe (unsecure) websites. Discuss the danger of clicking on unfamiliar links or unsolicited messages.

These tools will not only benefit your employee personally, they can also aid and ensure that members’ personal and financial information is guarded against hackers looking for an easy target.

2. Beware of “phishing” schemes

Remind employees to avoid opening suspicious emails that may trick unsuspecting individuals into unknowingly downloading malware (software used to disable or damage computer systems) onto their computers. Hackers can utilize the downloaded malware to identify passwords and other identification markers in order to steal money or engage in fraudulent transactions.

Since these phishing schemes are designed to look authentic, they may be more difficult to avoid. However, the key is awareness.  Remind employees that they may come across these types of emails and that they should be on the lookout. If an employee comes into contact with an email that looks authentic but turned out to be a scam, they should let the designated IT personnel know as soon as possible. A quick response may prevent damage.

3. Manage security updates

Install security software and make sure that all computers have the most recent security updates. Security updates should be installed regularly in order to protect operating systems from hacking attempts. Some security software allows you to choose to install updates automatically which can be helpful.

4. Protect password confidentiality

Require employees to use passwords that contain numbers, letters, and special characters. This can make it difficult for hackers to guess passwords. Remind employees that they should never share passwords or important account information. Require employees to change their passwords regularly. Passwords used by an employees’ on their work device should not be the same password they use on their personal devices or person email accounts.

5. Destroy traces of personal information on hardware that may be resold

In the event that computers that have been used to store confidential information are ever sold, you should remove all traces of personal and financial information. There are many brands of software that can erase a hard drive and will, in turn, make it difficult for those looking to pillage your recycled devices in an effort to recover confidential information.

6. Encourage good practices amongst members making payments

Remind association members to engage in safe web practice. If members must log into a web pay system, remind them to protect their password information. Remind members making payments that they should never use open Wi-Fi to make payments. Open Wi-Fi can make it much easier for hackers to steal a connection and download files onto a device.

By implementing these best practices, you may help mitigate the risk of hacking and ultimately assist in protecting members’ personal and financial information. For further insight and information, please do not hesitate to contact our office by calling 855-537-0500 or visiting Kovitz Shifrin Nesbit online at www.ksnlaw.com.

Property managers and board members can also view another technology focused resource titled “Is Your Association Ready For The Future? A KSN White Paper on Technology”.


This article is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By reading this article you understand that there is no attorney client relationship between you and the article author. This article should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. © 2017 Kovitz Shifrin Nesbit, A Professional Corporation.