Cyber security is on everyone’s mind, and total internet security is vitally important for the safety of your tenants and the success of your business. These days, advanced ransomware is used to hold sensitive data hostage (literally) until a ransom is paid to the anonymous hacker. Healthcare, law enforcement and municipal data systems have all been targeted, not to mention businesses big and small. Luckily, there are simple, proven ways independent rental owners can improve cyber security.
1. Identify & report phishing scams
According to the FBI, phishing is the most common form of hacking. The government processed over 240,000 complaints in 2020 alone, and these numbers are on the rise. The good news is that you can prevent phishing scams. We’ll cover what these scams are, how they work and what IROs can do to improve cyber security. First, how they work:
Step 1: They draw you in with their subject line
Let’s say you or someone on your team gets an email with a compelling, possibly intimidating, subject line. It might be “You owe the IRS money” or “We need to secure your system.” It could be anything.
This is known as phishing. It’s been around for nearly as long as the internet has been in existence, but the malicious software of today is more advanced than ever.
Step 2: They want you to take action
In the email, the scammers will likely ask for something: usernames, passwords, a credit card, your social security number, etc. It might even be a fake promotion for products and brands you recognize.
Sometimes the email will appear to come from an official source. But if you look carefully, there will be little clues, such as an email address you don’t recognize, colors that don’t look right, formatting or fonts that look different than usual, etc. Anything that seems “off” should give you pause.
In many cases, there is a link or image they want you to click. Never click anywhere in the email, because there could be “invisible” links. These links may contain virus code that installs ransomware and/or other harmful malware that steals data.
What you need to do: Report the email as a phishing attempt
Somewhere in your email client is a menu item that lets you report the email as a phishing attempt. There is usually an option to do this close to where you’d mark it as spam. As long as you don’t give in to what the scammer wants (by clicking in the email), their phishing attempt can’t hurt you.
2. Provide ongoing security training for your team
The hardest part of cyber security for independent rental owners is making sure everyone on the team is aware of the common deceptions. This is important even if your team is just you and one other person.
As a training device, it’s even possible to set up “false” phishing emails that go directly to your staff.
If anyone in your office is fooled by the test, they can be directed to additional training resources. This helps them see how careful they need to be online to protect themselves and the company. The key here is education and encouragement, not punishment.
Pro tip: Training is not a one-and-done thing. Give your team refreshers throughout the year and test them every few months.
3. Add role-based permissions
Breeze Premier makes it easy to establish roles for every team member. Maintenance staff, leasing agents, accountants, etc. will only be able to access the information that matters for their job. This protects sensitive tenant data, gives you additional peace of mind and makes it easier to monitor online activity.
4. Lock out employees when they leave
Large corporations with hundreds or thousands of employees have robust human resources departments to take care of onboarding and offboarding. Independent rental owners are often in charge of it themselves. To make the work easier on yourself, keep track of all online access points at your property management business including, but not limited to:
- Social media
- Be sure they disconnect any credit cards from their accounts, or else get a new credit card number from the bank
- User logins
5. Change your passwords frequently
Password safety is an important part of internet security for IROs. Make it a habit to change your password every few months. You can even put this into your work calendar as a reminder. The Cybersecurity & Infrastructure Security Agency (CISA) has some excellent password suggestions:
- Use multi-factor authentication
- This is two-step verification, which requires you to verify a login attempt from your phone or other device
- Do not repeat passwords
- Don’t use passwords that can be easily guessed
- Your Yardi Breeze password should not be “Yardi123” or “YardiBreeze!” or your company name or anything remotely close
- Use the longest password allowed by each password system
- Use the “strong password” auto-suggested by your internet browser
PSA: Personal information is more public than many people think
It may be easier than you think for scammers to identify your email address, pets or family members names, discover where you went to college (including when you went), and so on. So, it’s safest to not use this type of discoverable information in your passwords or recovery questions.
Scammers like to pretend this easily accessed data belongs only to them. Why? To scare you!
They often have sensitive information acquired from a previous data leak. The Yahoo! data breach that affected all 3 billion active Yahoo! accounts comes to mind. It’s common practice for scammers to use information gathered from these data breaches. They might even include one of your old passwords in the subject line as “proof” of their power over you. Don’t be fooled. Remember: They’re just trying to scare you into making a bad decision.
It’s important to secure your data by working with reputable businesses. Yardi has been honored with regular appearances on the Forbes Cloud 100 list, which lists the top 100 private cloud companies in the world. We landed at #34 in 2020 and #50 in 2021.
If you think you have been the victim of internet data theft, file a complaint with IC3, the FBI division that investigates cybercrime.
This article is intended for informational purposes only and does not guarantee cyber security protection from online hacking and/or phishing attempts. Please continue to do your own research and consult with an attorney as well as cyber security experts to help devise a protection plan for your business.