Cyber security on multifamily properties should be top of mind for owners and agents! According to The Harvard Business Review, more than 80 million individuals were impacted by data breaches in 2023.

In this week’s #TuesdayTip, we begin a series on Cyber Security on property. Navigate’s Director of Information Technology explains the three biggest threats multifamily properties face.

The Biggest Cyber Threats

Multifamily affordable housing entities are more vulnerable to cyber threats than many realize. Handling sensitive tenant information, financial records, and operational data makes them prime targets for cybercriminals. These attackers frequently use discreet and hard-to-detect methods to infiltrate private systems, putting residents, employees, and the entire organization at risk.

1. RANSONWARE- The large amounts of tenant data held and controlled by organizations in the affordable housing industry makes them particularly vulnerable to ransomware attacks due to hackers leveraging the ability to leak tenant data to force ransom payments. 
2. WIRE TRANSFER FRAUD- The affordable housing industry is a prime target for hackers due to the significant sums of money transferred between HUD, PBCAs, PHAs, property owners, managers, and lenders. Cybercriminals actively seek to deceive organizations into unwittingly wiring substantial amounts of money to them.
3. DATA BREACHES- Regulations mandate that affordable housing organizations retain sensitive tenant information for extended periods. With the cost per breached record averaging around $165 and increasing annually, a data breach can lead to significant financial losses and severe reputational damage.

Implementing robust cybersecurity measures is paramount to safeguarding the integrity and confidentiality of data.

The Best Practices

1. Educate staff and tenants–  Knowledge is the first line of defense against cyber threats. Train staff and tenants on cybersecurity best practices, such as creating strong passwords, recognizing phishing attempts, and reporting suspicious activities. Also, inform your staff to immediately inform management as well as your PBCAs when they notice suspicious activity.
2. Implement Access Controls– to Limit access to sensitive information to only authorized personnel. Implement user authentication mechanisms such as passwords complexities, multi-factor authentication (MFA), and role-based access controls (RBAC) to ensure that individuals only have access to the data necessary for their roles. Also, remember to remove all system accesses including HUD systems access immediately upon separation.
3. Encrypt Sensitive Data– by utilizing encryption technologies to protect sensitive data both in transit and at rest. Encrypt emails, files, and databases containing personal or financial information to prevent unauthorized access and maintain data confidentiality. Navigate has a Client Portal that must be used for all submissions. 
4. Foster a Culture of Security – Instill a culture of cyber security awareness and accountability throughout the organization. Encourage proactive reporting of security incidents, promote continuous learning and reward those employees who adhere to this new culture of security.

Clean Desk Policies

Finally, one of the most simple security measures you can implement in any organization is a clean desk policy.

Here’s how you can ensure a workspace is secure.

1. First, keep your workstations tidy and store documents in locked cabinets or drawers.
2. When documents are no longer needed, they should be discarded. Remember to maintain documents per HUD guidance and your company’s EIV Policy and Procedures.
3. If you walk away from your desktop, lock it! At known extended periods away from your desk, such as a lunch break, sensitive working papers are expected to be placed in locked drawers and lock your desktop!  
4. At the end of the working day all employees should lock or power off your device as well as put away all documents in a locked cabinet or lock your office.