Cybersecurity 101: The Misconceptions and Risks Community Owners Face

“Maybe if we just ignore cyberattacks, the hackers will ignore our multifamily properties.”

Ridiculous? Sure. But for years, that seemed to be the opinion of many property operators. Today, cybersecurity for multifamily properties has never been more relevant with cyber risks lurking everywhere.

Many communities, though, are less than ready to meet cyber threats head-on, despite the risks. In this series, we’ll consult with John Schiel, Principal Information Security Engineer for Cyber Defense with Lumen Technologies and their Quantum Fiber internet service — a well-known provider for multifamily properties. He’ll navigate the current state of cyber threats, the risks, misconceptions, and what property operators can do to protect their networks and residents.

Cybersecurity: The Numbers

There’s no question that the pandemic triggered an explosion of resident internet use, and, according to Schiel, a flood of unwelcome online threats has come along with it. “You’ve got more residents on home networks, using a company computer, connecting to business networks through VPNs, and attending web meetings. All these work-from-home and virtual learning tools have increased vulnerabilities.”

The sharp upturn in cyberattacks has been alarming and has resulted in more compromised data than ever before. Some of the numbers:

With statistics this sobering, why does cybersecurity for multifamily properties still seem to be off the radar of many property owners and businesses in general? Often, it’s due to misconceptions.

Misconception: “We’re not a big corporation—who would target us?”

The truth is, since as far back as 2016, most cyberattacks have been against companies with fewer than 100 employees. What’s worse, incidents like ransomware attacks can pose a serious existential threat to businesses this size. According to the National Cybersecurity Alliance, more than half of small and midsize companies that suffer a cyberattack fold within six months.

Misconception: “What do we have that a hacker would want?”

Make no mistake. The data multifamily properties and HOAs collect from residents is a treasure trove for cybercriminals. The social security numbers, names, birthdates, credit reports, and employment histories that go on applications and leases are an identity thief’s dream come true.

A property’s business data would also be in high demand. Archived financial and transaction records stored on a multifamily community’s network or the cloud might include everything from rent payments to banking information, security deposits, and tax records. If compromised, the result could be untold financial and reputational damage and hefty legal bills.

Misconception: “IT stuff is someone else’s problem.”

“Most people think cybersecurity is someone else’s responsibility,” says Schiel. The assumption is that some “IT guy” somewhere is “keeping an eye on it.” Schiel believes shifting this mentality is crucial since cyberattacks are a potential business problem for everyone. “Internet providers, building owners, management, staff, and even residents all play a role in maintaining a good security posture.”

Malicious actors virtually never attack through a multifamily company’s IT department. Instead, they focus on residents or regular employees with email-based schemes like spear-phishing and ransomware attacks. Catching non-IT people off guard is why 95 percent of security breaches result from human error.

Schiel says getting buy-in and widespread participation is vital. “When everyone cares about security, and everyone consistently maintains their hardware and applies all security patches and application updates, that’s when you can build a solid defense.”

Read the rest of this article series. In Part 2 of this series, we explore how choosing an internet provider committed to cybersecurity is vital for property owners. Lumen’s John Schiel also outlines layered preventative protections for apartment residents and their communities.

This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Quantum Fiber does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Quantum Fiber. This document represents Quantum Fiber’s products and offerings as of the date of issue. Services not available everywhere. Quantum Fiber may change or cancel products and services or substitute similar products and services at its sole discretion without notice.  ©2021 Q Fiber, LLC. All Rights Reserved.  Quantum, Quantum Fiber and Quantum Fiber Internet are trademarks of Quantum Wireless LLC and used under license to Q Fiber, LLC.