DALLAS, TX - It seems that every other day you read a news story about another major retailer or financial institution hacked and their customer’s data falling into the wrong hands. But data breaches aren’t just a concern for the retail industry. Apartment firms are not immune and are at risk, but many don’t know where to begin to prepare. Here are five actions apartment firms can take now to help protect sensitive data:
1 - Use Reliable Vendors: The apartment industry’s reliance on third party vendors complicates the task of safeguarding its tenants’ information. Steve Bridges, who works in professional risk solutions in the Chicago office of Aon Financial Services Group, urges apartment companies to stick with big third-party providers with large client bases.
“You want to make sure that they’ve got good practices in place,” Bridges says. “A lot of breaches happen when third parties hold your data. Particularly with cloud computing, you want to make sure the cloud computing company or other third party hosting company has guaranteed to indemnify you should something go wrong.”
2 - Encrypt: Bridges calls encryption the “gold standard” of protection. “If your data is encrypted, your damages as a result from the breach are going to be relatively small,” he says. “If your data is not encrypted, the damage could be large.”
When you don’t encrypt, there are other ramifications as well. “It hurts you with insurance coverage and when you defend claims that come in from a data breach,” Bridges says.
3 - Look to Specialists: Ted Claypoole, a Charlotte-based senior member in law firm Womble Carlyle Sandridge and Rice’s intellectual property practice group, thinks apartment firms should look externally to further safeguard their systems.
“Even if you’re doing it yourself, it’s a good idea to bring in someone to give you some consulting about what industry best practices are and how you should keep up with them,” Claypoole says. “That really covers you if and when you have a problem.”
4 - Educate Employees: If your employees aren’t trained in proper security protocol and don’t follow policies, security investments could be negated. “Most breaches are caused by employee negligence,” Bridges says. “They have their laptop or personal information in the wrong place. They could also be taking stuff home they shouldn’t, or emailing stuff home that they shouldn’t.”
Claypoole warns that it’s also important to set up different levels of access for employees. “Every secretary in the company is in the system,” he says. “That doesn’t mean every secretary should be able to look at payroll.”
5 - Turn it Off: It may sound overly simple, but, if all else fails, Claypoole has a suggestion that’s sure to cut off access. “You can simply turn computers off at times when you don’t need them online,” he says.
Or, in some cases, the solution might be to keep sensitive information away from your network. “There are times when you can put all of your relevant information in a database that isn’t online,” Claypoole says. “You connect when needed. You can even use a thumb drive to take stuff into the network area when you need to.”
Cyber-security will be one of many topics of discussion at the 2012 NMHC Apartment Operations & Technology (OpTech) Conference in Dallas, TX November 12-14. To join the conversation, visit the OpTech Conference website for full registration and agenda information.