The Foundation for Community Association Research has issued a report on cyber security in community associations. As community associations vary in size it is important to remember that hackers will go after anyone, not just the larger communities.
The following are recommended procedures to safeguard against unauthorized electronic bank transactions:
- Require two people to authorize transactions over a certain amount.
- Maintain phone numbers and email addresses for authorized requestors.
- Refuse requests from anyone other than authorized sources.
- Require the bank to get verbal authorization, including the amount and purpose, to release funds.
- Limit the amount of a single transaction or the aggregate of multiple transactions within a short time.
- Allow wire transfers only to established and reliable association vendors or payees.
- Reconcile financial records daily or weekly to guard against unauthorized transactions. Most accounting software can be programmed to do this automatically and flag unusual transactions.
- Review and update association policies and procedures for authorizing electronic financial transactions. For example, policies should require authorization from two people for large transactions and prohibit wire transfers except in emergency situations.
- Require additional authorization to issue electronic payment to a new payee.
- Provide formal security training and written guidelines for those who handle financial information and transactions.
- Establish association-specific email accounts for board members and key volunteers to use for association communication.
- Use strong and effective software protection and competent IT support.
Talk to your insurance agent about protection against cyber threats! See the full report here.