088 | How to Protect Your HOA from Cyber Threats Today! - HOA Insights: Common Sense for Common Areas

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Kevin Davis (00:00):
We still lock our front door. The difference is

(00:03):
now when they knock on our door,we let them in and say, Sure,
we'll be glad to give you thatinformation. That's the
difference. When you steal candyfrom a baby, The baby starts
crying because you stole fromthem. You go, I can't believe
you took this from me, but whathappened we do? We open the door
and say, Come on in. Here's ourminute, here's our information,
and the word is socialengineering. That is the magic

(00:24):
word.

Announcer (00:25):
Hoa Insights is brought to you by five companies
that care about board members,association, insights and
marketplace Association,reserves, community, financials,
Hoa invest and Kevin Davis,Insurance Services. You'll find
links to their websites andsocial media in the show notes.

Robert Nordlund (00:41):
Hi. I'm Robert Nordlund from Association
reserves, and

I'm Kevin Davis of Kevin Davis Insurance Services.
And this is HOA Insights, wherewe promote common sense

for common areas. Welcome to episode number
88 where we're again speakingwith insurance expert and
regular co host, Kevin Davisabout cyber threat and cyber
threat landscape and theinsurance protections that
associations can use to protecttheir exposure in this area, we
want your association to thrive.
So we want you to be wellinformed about the possible loss

(01:11):
exposure at your association. Wedon't want anyone in our podcast
audience to be surprised bywhat's going on out there? Well,
this is a follow up to episode87 another one of our popular
board hero episodes. It's boardmembers like you that carry the
entire community, associationindustry on your shoulders, and
we want to honor you and ourregular board heroes by hearing

(01:35):
your inspiring stories. So ifyou missed that episode or any
other prior episode. Take amoment after today's program to
listen from our podcast website,Hoa insights.org, or watch on
our YouTube channel, but betteryet, subscribe from any of the
major podcast platforms so youdon't miss any future episodes.
Those of you watching on YouTubecan see the HOA insights mug

(01:59):
that I have here, I got one witha cartoon on it that puts a
smile on my face. And you canbrowse through what we have on
our merch store, on our HOAinsights.org website, or at the
link in the show notes, andyou'll find we have plenty of
especially items for sale, likemugs and things like that, and
also plenty of free stuff, likeboard member zoom backgrounds.

(02:22):
So as a treat, go to the merchstore, find the mug you'd like,
and I'll ship that mug free ofcharge to the 10th person to
email me atpodcast@reservesday.com with
your name, shipping address, mugchoice, and mentioning episode
88 mug giveaway. We enjoyhearing from you responding to

(02:42):
the issues you're facing at yourassociation. So if you have a
hot topic, a crazy story, or aquestion you'd like us to
address, you can contact us at805-203-3130, or email us again
at podcast@reserves.com, well,one of those emails was listener
Michelle, who asked, I heardabout cyber insurance. What's

(03:06):
that? We are, a 20 year old, 124unit, single family home. Hoa,
does that apply to us? AndKevin, tell us more about this.
You're the one who knows. Youknow,

this is a fascinating topic for me,
because we see cyber threats allthe time, and we pay cyber
claims for communityassociations. The problem is
this, most people who live incommunity associations don't
believe they have exposure. Theydon't believe that they taking
enough money, have enough dataso they kind of just ignore it.

(03:42):
And the reality is that social Ialways start with the same now,
on a board of directors, do youhave a CIO, a chief information
officer? No, you don't. Do youhave a IT professional,
security, professional on yourboard?

No time getting someone to be president.
Anything that Exactly,

yeah. Do you have an incident report, if you have
a security threat document? No,you know. Do you have, do you
have a son or a grandson, orsomebody lives in a community
that can go to person if youhave a cyber problem? And the
answer is that most of those areno, right?

There is gonna be a short podcast episode if
you don't have some yeses comingup. But

the point is, is this is that those are the
reasons why you need insuranceright off the bat. I mean, you
are a, you know, Robert, you'vebeen doing this for a while. You
serve, it's a you serve yourcommunity association, right?
Yep, and we know you have a jobto enforce the rules, maintain
Association, collectassessments. Well, guess what
the cyber people know that youcollect assessments, and guess
what? They know you havereserves. And guess what you

(04:47):
need? You know you havepersonal, identifiable
information, sensitiveinformation, from everybody who
lives there. We could kind ofclose this whole thing right
now. Those are two reasons why,right off the bat, you need it.
You don't have the expertise,okay? And. Saying the cyber
criminals are looking right atyou right now, these
associations and saying, Now, Idon't have expertise, but they

(05:07):
have both the things we'relooking for, because most cyber
threats, most cyber criminals,they looking for data, okay? Or
they're looking for money. At aCommunity Association, you have
both. You have reserve accounts,operating accounts, you have
money on one side, and then youhave people who live in that
community association withchecking account numbers and

(05:28):
driver's license numbers and allthat kind of stuff. So you it's
a treasure trove of informationfor the cyber criminals. Okay,

all of a sudden my heart just sunk, because I
remember, I thinking five or1015, years ago, where we had it
seemed like a wave of managersstealing money from their
association clients, yes, andthe reason they were doing it,
it was because it was likestealing candy from a baby

(05:57):
because the board members, justlike You're saying, they weren't
looking out clearly they weren'tacting in a with a defensive
posture, and the money was therefor the taking. And I imagine
it's still going on to somedegree. But Is it as simple as
there are bad actors out there,and just like you say,

(06:17):
association collects data,association collects money. They
have information and communityassociations, are they still? Is
it still like stealing candyfrom a baby? It's

worse than that.
Okay, yeah, silly candid, yousaid 10 years ago, right? They
were doing these things. What'shappening now? We have things
like AI, which makes it easierto get the data that we need
from board members. And with theproblem with community
associations have is that theygive all the information to the
property managers, and believe,once they do that, they have

(06:49):
nothing to worry about.

Yeah, they are saying, okay, good, yeah, it's
their problem. Yes, yes.

And the problem comes from the property
management firm, because theydon't also don't have a chief,
you know, information officer.
They don't have an it special.
They don't have those peopleeither. Hopefully they have an
insurance policy. So let me giveyou this, let's say, all of a
sudden, I'm a manager of XYZ,manager company. I manage 30
associations, okay? And thensomebody comes to my office,

(07:17):
right? And pretends to be, youknow, a UPS person or a tech
person, and they come to myoffice, they see my server over
there, okay? And they pretendthey are the ups, and they come
out. I got the packages for youwhere you go and actually the
server. You either a take thewhole server out, or put a thumb
drive in, a USB drive in it. NowI have data access to all 30

(07:38):
associations. Now you were theboard president of Happy Valley
Community Association, and I'mthe president of my management
company. I said, Robert, we havea problem. You know, my I was,
I've been compromised the 30associations. Now you expect to
hear from me. Don't worry aboutRobert. I'm taking care of it,
right? Yeah. But what I'm goingto say is like, Oh, guess what?

(08:00):
I don't have an insurancepolicy, so I don't know what to
do now.

And I think your information, and that of
all your 100 homeowners, hasbeen stolen.

Yes, that's the bad news. You know? The bad news is
that all the information isstolen, right? The good news is
I'm taking care of it. The badnews is I'm not taking care of
it. You know, when you say, I'mnot taking care of it. Now, all
of a sudden, what do you do?
Robert, now of a sudden, youwere you have 100 unions in your
community, association. You gota call from me saying, oh, man,
I've been compromised. Okay, allmy information is gone, all my

(08:34):
associations. And I don't knowwhat to do about it, but I'm
letting you know so you couldtake precautions. That's the
problem. Okay?

I guess a couple of thoughts stirring
around in my brain. One is,we're talking about community
associations, and you said it'sworse than very easier than
stealing candy from a baby. Andthat's probably true, because
every few months I get anotification from some company
saying, Sorry, Mr. Nordland, ourservers have been compromised,
and they probably stole yourinformation. We don't know if

(09:08):
they did, but we they mighthave. And so we're going to
offer you three months of Yes,online security service. And I'm
not okay. That's a dark path.
And the other thought is,nowadays, management companies
are physically smaller becausethey don't have boxes and boxes
and boxes of information. Theyused to have files that a bad

(09:28):
guy could literally grab andwalk out with to steal
information, and now thisinformation is more and more
online, whether on One Drive orDropbox or anything like that,
and bad guys can come in andjust grab the file. So just as
you want

to easier, it's easier now to do it. Yes, yeah,
because

the point, I guess, in the olden days, you
would lock your front door andfeel reasonably secure. It, and
now, yeah, you can lock yourfront door, but not everyone is
locking their data dooreffectively, and so there's
paths in is that it? No,

no, I said was easy, and this is the reason why
it's easier. Okay,

we still you're not getting a blueprint for bad
guys. Here

are you? Okay? No, no, no, no. The bad guys know
this stuff already. Okay? Badguys know this stuff already. We
still lock our front door. Thedifference is now when they
knock on our door, we let themin and say, Sure, we'll be glad
to give you that information.
That's the difference. We stillcarry from a baby. The baby
starts crying because you stolethe front you go, I can't
believe it took for something,but what happened? We do? We

(10:41):
open the door and say, Come onin. Here's our minute, here's
our information. And the word issocial engineering. That is the
magic word. Yeah,

is that? And I we've talked about this before,
I think, is that like the emailI get from, for me, I get it
from a manager that I'm notdirectly working with, and it
says, Click here for theproposal, or click here for
this. And it's, it's someonespoofing them, and they're
looking to get into my computer.
Yeah,

what's up? Even further, again, this is what I'm
saying. Is easier than this.
Okay? What it does is goes afterour either our greed or a
sympathy, okay? Other words,they'll, they'll say, Guess
what? Click here and you justwon x, y or z. Or you want free
tickets. Okay, you want freetickets to a concert. You want
just click right here. And thenwe go, sure we got it not in
your system. So we open the doorand let them in. So we click, or

(11:35):
what we do is have to go, youbetter do this now, or else
you're gonna lose now. Here'sthe perfect example. And the
management company, managementcompany gets hacked. All the
emails are stolen. Okay, got allthe emails. So the first thing
that person does is send emailsto all their clients and say you
are late in your payment. Pleasepay now and avoiding a late

(11:57):
fees. Here's my new bank androuting them,

and that sudden, that's it. What? 30
associations time, there's 100units each. We're talking 3000
people are sending thereanywhere from $50 a month to
$500 a month. To the bad guys,it's to the back. Oh, gee,

easier now than what's before, because we open
the door, we have locks andeverything still there. We
update our systems. We do allthe stuff, but because of our
own greed or because of who weare as human beings, when
somebody says, I need your help,can you please respond us
immediately? And then all of asudden, we're so busy we don't
look, you know, UPS. You getthese ups things all the time,

(12:37):
fake ones that, guess what? Youleft this. You forgot to give
you a forward interest. So youleft this, and it's all
fictitious. Count, what I getall the time is that somebody
from my office will get a notefrom me when I'm traveling. I'm
on LinkedIn. Guess what? I'm inVegas for conference, and I'll
send that email to myComptroller and say, Oh, Kevin,

(12:57):
needs, you know, 20 gift cards.
Can you send them immediately?
You know, you have to say, popyour names on the door. They
find out who you are. And I waslike, somebody's calling. No, I
never asked for gift cards. Inever did that. That's why what
we're doing now is sosophisticated, and you're
talking about a frequency that'sunbelievable, because we make it

(13:18):
easy for people to take ourmoney

and our data, because we end up volunteering
it to them. Volunteering it tothem, we give it to them. So
that's a problem, because it'snot stealing. Yes, we give it to
them. Oh yes,

yes. And now, from insurance point of view, that's
been the biggest problem for usin insurance, because, well, if
you gave it to them, that's notreally a theft. You gave it to
them. And so we had to rewriteentire insurance policy to help
people out in those situations.
It's the number one problem. AndI would say right now, most
people do not have coverage forthat because you gave it to

(13:54):
them.

Yeah, you know, I guess the YouTube people can
see me. I'm sitting here with myarm is crossed because I'm all
tense. The emails that get meare the ones that say I'm a
manager at this managementcompany and click here to submit
a proposal for a reserve study.
And those are so temptingbecause that's in my line of

(14:18):
business. And I grab my phone.
Don't have it with me. As I'mgrabbing my calculator, grab my
phone and say, Hey, Susie, Ijust got an email from me. Do
you really need a proposal? Isaid, Oh, no, my computer's been
hacked. Do we need to traineveryone to do that? To make
that

the most important thing there is to make that
phone call. I mean, you saidthat you gave the number one
answer, because what happens inall these spoofed emails? Again,
social engineering is a term. Isthat all you have to do is make
that phone call and say, Wait aminute, I have a invoice from
you for a new banking routingnumber. Is that true about that
new banking routing number? Itdoesn't do you any good until

(14:57):
you click on, don't click oranything. This call for. First
we do anything, because the nextthing you know, they said, I've
been hacked, and then you justdelete it. Most people won't
make that phone call becausewhy? They're too busy. And then
you had a relationship between amanager and a board so that
board member might be one ofthose board members who I and
imagine I can't call this guy.
I'm tired of calling him. I pushthe button and boom, it's gone.

(15:18):
Gee.

Okay, so we've got this problem going on. It's
a lot of volunteeringinformation. We welcome them in.
And you also said earlier, it'sadditionally troublesome because
of AI, which means that someone,something out there, knows that
I did a speaking engagementhere, or I was recently in this

(15:44):
city, and so they can make itlook pretty darn custom. Yes, my

voice might be involved in it, or my picture
might be involved, andmanipulate my picture, my voice,
it could be so sophisticated.
And guess what? You can go rightto a I ask how to do it. You
know, I'm I'm doing a seminar onhow to do X, Y and Z, and chat.
GPT will tell you, Oh, well, youneed to do A, B, C and D, and
even Google it. How do yousocially engineer somebody? How
do you manipulate people? And togive me that information, it's

(16:13):
always based on the emotions. Ineed your help. Do this now.
We'll give you more money and weagain, you said it before we
locked our door and somebodybroke into us, and we feel bad
now we they, we open the doorup, unlock the door, open up and
give it to them. Most of theclaims that we see are because
of social narrative. And theycan get to the smallest thing,

(16:35):
where all of a sudden I'm buyingnew paintings. You know, I'm the
president of my communityassociation, pretending to be
calling the manager company up.
They say, I want these newpaintings. I want to immediately
give me the money. I pay forthem myself, and then they send
money out to them. And again,they keep it low enough where
they're not going to they don'tcare if it's a couple $1,000

(16:56):
they won't go 10, $15,000 likethe gift cards. They'll ask for
a couple $100 because nobody'sgoing to check it. Then all of a
sudden they go and find outthat, wait a minute, didn't you
order this? Did you ask forthis? No. And

you go, Oh, wow, is that also that they're
thinking that there's athreshold that under that they
probably won't go with thepolice. They probably won't go
through the hassle of resolvingit, and the bad guy will be out
easy with 1000 or 2000 or 500 orwhatever it is, yes, okay, the

key thing for them is they know what they can get
away with before they for thatperson goes, I better call first
for a couple $100 and maybe itdepends on the size and
dissociation. You know, someassociations are larger than
other ones. The larger ones havea big problem, because some of
large ones may have a cybernetwork, but nobody's looking
after you know, nobody's lookingat the password. Somebody's

(17:49):
looking at all different thingsthat you need to look at in
order to make sure things don'tgo wrong.

Yeah, and if you're at the association, you
may be trusting Joe thetreasurer, or you may be
trusting, I think he said XYZmanagement company, and they're
no more sophisticated than youwould have been. What's the most
common password out there?
Password? There's a half achance that their password is
literally that. So just becauseyou've delegated that project to

(18:19):
the management company, doesn'tmean that they are necessarily,
necessarily more sophisticatedor defensible. Gee, easily
defended. Well, Kevin, youcertainly got my attention here.
But let's take a let's take aquick break and get back and
we'll hear about some solutions,of what you can do. But it's

(18:40):
time to hear from one of ourgenerous sponsors, after which
we'll be back with some morecommon sense for common areas.

Hi, I'm Kevin Davis, the president of Kevin
Davis Insurance Services. Ourexperienced team of underwriters
will help you when you get thatdeclination. We provide the
voice of reason, someone whowill stand by you. Our
underwriters bring years ofknowledge to our clients that
can't be automated by technologyor driven by price as a proud
and wins company. We bring truevalue to your community

(19:11):
association clients. We are yourcommunity association insurance
experts, and

we're back, well, we're here with Kevin
Davis talking about the firsthalf of this program was getting
me all anxious about the risksout there. And over the break,
we were talking aboutransomware. Kevin, is ransomware
part of this? Yeah,

ransomware is a is part two of it? Part because
ransomware is all about gettingmoney. I don't care about the
data, because the data, once Ihave the data, you know, it's
hard to make money off that. Iwant money. I want cash. I want
that immediately. So I useransomware. Now, I said earlier
that somebody goes into themanagement company's office
pretending to be somebodythey're not, either downloads

(19:52):
the information on a USB drive,or they take the whole server
once they have that information.
Right? What they do now is toblock the whole thing. They put
a put something in there, orthey'll send you a link or
something where your wholesystem is shut down and you need
a key to unlock it. The problemis, is getting that key, you

(20:13):
have to be able to go to these,you know, the crazy part about
these ransomware claims, okay?
And the largest one so far is$75 million I looked it up. This
is today. It happened in March.
$75 million on a ransomwareokay. Now for a community
association, it's not going tobe that much, right, but guess

(20:34):
what? It's still a problem ifyou have a server, okay, if you
have a server, they want to goin there and go after your
server by sending you an email,maybe give you you heard about
the fake USB drive to stickinside the computer and you, and
you, you can download theinformation people will smart
enough not to do that anymore.
Now here's the thing that peopledon't know about. Those QR codes

(20:55):
that you line up you put on yourphone, right? Some of them are
fake and fraudulent. Be careful.

Okay, so that needs to be definitely someone
that you trust.

Yes, okay, because you put up there again. It goes
back to the emotions. Get back.
Click on this. Now you can win,win, win. You click on it. Now
you're in the system, and now,all of a sudden, you're locked
down. You can't do anything withyour system unless you pay the
Bitcoins. And there's a wholeindustry for this thing. So if
there's a claim, because we haveclaims people to handle these

(21:29):
ransomware claims, what they do?
They call up other claims peopleand say, Have you heard of
Bob's, you know? Response, no.
Have you heard of this one?
Okay, yeah. They'll give you,yeah, pay them the money.
They'll give you back the key.
They won't touch the data. Theseare good people that work.
They're good people. Well, yeah,these, these are honest
criminals, yeah, but no, you gothonest criminals and dishonest

(21:49):
criminals. The honest criminalssay, yes, okay, yep, you paid a
ransom. We walk away. You'llnever see us again. Did a
dishonest one, so you paid aransom, but we still going to
keep your information, but wenot going to steal so it is an
industry in itself, ransomware.
You got to be careful. And theygo after the QR codes the USB,

(22:09):
they take your drive, they theywill do social engineering and
get into your system. And oncein your system, the system is
locked, and what they want to dois, guess what? They want, a
ransom extortion payment. Theydon't care about the data that
much anymore. They just wantmoney right off the bat, and
that's it. They figure

that you want to be back in business and it'll
be worth 10 grand or 50 grand or100 grand, or, yeah, something
like that. Okay,

especially if you live in a new association where
everything is linked to your toyour electronics, a link to your
front door, the front gate. Nowyou can't get in the front gate.

Oh, yikes, yes, yeah. Okay, all right. Well, I
thought we were going to be donescaring our audience in the
first half. Let's turn thecorner. What can people do?
Where do they get insurance? Howdoes this protect them? Well,
you know what?

Before we talk about insurance, this is, this
is the easy part. There's acouple things you can do to
eliminate these things. Okay,okay. And you name what, um,
make a phone call. Okay, justmake the phone call. The one
thing that we always saysomething called multi factor
authentication. Okay, that isthe best way in the world. Why
is that important? When you saymulti factor, that means more

(23:23):
than one, right? Now, most of ushave one. We have a user ID and
a passcode. So when somebodyfind a user ID and a passcode,
what happens? Boom, everythingis gone. If you have
multifactor, that means you havesomething else, and that means
it goes to your phone. Thatmeans it's proof that's you,
it's your phone, it's you, it'sreally you, and then you put
that in there, and guess what?
That eliminates so much of thisstuff. So if you dealing with a

(23:46):
bank, you deal with anybody thatyou are entrusting your data to,
have multi factorauthentication. I have, I have,
like, a list of things on myphone. I got bangs work,
everything you know, they alwayssend me a code, and I put it not
everything, but the ones I'mconcerned about, they give me a
code that I'm happy for. So thatis the most important phone

(24:08):
call, and that is the two mostimportant that you can do to
limit kind of claims out thereis

that, again, linking back to the past, even
now we have dual signatures onlike reserve accounts. You want,
you want that compliment. Youwant just it to be reliant on
one thing. You want at leasttwo. And so it goes back to,
back to the basics, multi factorauthentication, or calling the

(24:37):
person and saying, Hey, did youreally and that's that second
factor that makes all thedifference.

Yeah, that's it.
Those are the two things rightoff the bat that eliminates so
many claims. When you, if youfill an application for cyber
they will ask you, you know, doyou have multi factor
authentication? Will you make aphone call for anything like
that? Those are the two mostimportant things that help you
to eliminate a lot of. If we'regoing on, it is as simple as
that. It's not much morecomplicated now they're smarter,

(25:02):
and there's still things to getin there, and that's why you
need insurance. That's thereason, at the end of the day,
you can do you could be thesmartest person. And don't
forget, accidents happen also.

Well, that's happened. Yeah, we you drive
safely because, well, becauseit's law, because you want to,
you want to come home safely,but still, accidents happen. And
you and I live in an area whereit is periodically windy, and
one of these days, a branch mayfall down and not land in the

(25:36):
road, but may land on my roof.
Accidents happen. So we can dowhat we we can trim our trees.
We can trim back the bushes awayfrom our house to minimize fire
exposure. There's some thingsthat we can do, but I think of
insurances for the accidentsthat we don't foresee.

Exactly Okay, one thing you mentioned earlier, too
about passwords. Change yourpasswords. Okay. I mean, look at
these community association havebeen existing for 20 years that
it by the same password for thesame 20 years. So no matter what
comes in and goes, yeah, yeah,

it's a board members, and the password for
XYZ association is XYZAssociation 1986 exactly, been
that way since 1986 as

that means people who've been on that board still
knows the password. Their kidsprobably know the password. And
accidents happen. Some people goand they go, Look, they never
change the password a long time.
Oh, look what I did. Oh, pushthe wrong button. Now everybody
has the information. So it'sthese are simple things that you
can do that changing thepassword is something so easy to
do and make it complicated, butthese change it. If you don't

(26:41):
make it complicated, change itonce in a while. Kevin, I've

heard for a long time that you should change
the batteries in your smokealarm. Yeah, every time the time
changes. So that's twice a year.
Is that what we're talking abouthere? Yeah,

change it. Because, again, if you don't change it,
people will figure out what itis, and also it keeps you when
you're if you change it everysix months and change it, you
now wear a cyber security younow where to Oh, guess what? I
can be tricked into it. We fallwe get into ourselves a false
sense of security, thateverything's okay, because we
would never do anything likethat. So we know nobody else is

(27:16):
going to do that also, too. I'mnot that important. I'm not a
big guy. I'm not a big shot, I'mnot. I don't have that kind of
information. But guess what? Youknow we have all they don't
care. They want whatever's inyour bank account they want to
get. They want to use youronline banking to get what you
have. That's what they want.
They want to target. They wantto be able. Can you imagine them
walking into your bank right nowand saying, Yeah, give me all my

(27:38):
money in my savings account forme right now, that's what they
do in online banking. They go inthere and they see it, and I got
it. I'm taking all the money andthen walking away just like,
just like walking to the bankwithout a gun again, we open the
door and let them have theinformation, and only thing I do
is make a phone call, multifactor authentication, change
passwords, and then we'll be ina lot better shape than we ever

(28:02):
were in. And this is us. This isnot the corporation. This is me,
you. This is

me, and you and our Hoa, our association
clients, yeah, these are thesimple things we can do. And
it's current day, locking thedoors. It's these are the kind
of things the responsible andputting what on our house, we're
supposed to have it well lit sothere's not too many dark places
outside, and lock your doors.
And we've learned that for along time. And now, like, just

(28:28):
like,

have a neighborhood watch plan. It's like a
neighborhood watch. You haveNeighborhood Watch. That's
that's what we're talking about.
Now we say, okay, let's addNeighborhood Watch around here.
So we are aware, so people areaware that we are aware. So
neighborhood watches around weknow they're going to call us up
and go, Okay, what's going on?
So it's just that awareness.
More so than anything else, wegot to be aware of what can
happen, as opposed to, I'm notthat important. I don't have

(28:51):
enough. I can't worry about it.
Yeah,

but then again, the way you made it clear is
that with AI and with the cybercriminals. They are smart
people, and it's easier andeasier for them to hit the
average person or the averagecorporation or the average
nonprofit corporation, yeah,because it can be cost
effective, even if they're onlygoing to get five or 10 or 20

(29:17):
grand out of it. Yeah, they're,because they're, in business and
they're going to strike wherethey want to strike. Okay, let's
talk about insurance. Yes,

insurance. Now what you have to do is you go and get
a cyber policy with somebody whounderstands cyber if you're
talking to your local agent andsaying, I don't I want a cyber
policy, you please find somebodyat a cyber that really picks up
the exposure we talked about. Iworry about ransomware. I worry
about social engineering. Thoseare the two most important

(29:48):
things to worry about, becauseif you have social engineering
coverage now you're talkingabout the wire transfer fraud,
me walking into the bank orcomputer thought somebody walks
to my office and steal so. Itcovers those two things you want
to get covered, socialengineering and ransomware
coverage. Now, once you find aninsurance again, we're talking

(30:09):
about for communityassociations, own right, right?
Because you don't have theexposure that a multi
multinational corporation does,or any corporation does, okay?
Yeah, because it's limited. Soit's a matter of, okay, if you
have a loss, it's gonna be in$1,000 that the 10s of 1000s,
$100,000 you should be able tofind something for about $1,000

(30:29):
$1,200 to give you the kind ofcoverage that you need. And
that's the key thing, is to lookout there, go to a again, I am a
community associationspecialist. You need to go to go
to a community association,specialist, insurance provider,
they will say, I can get you acyber cyber policy that picks up
the things that you need to bepicked up. Yeah?

So if you're an association, and you've heard
this episode, and you're alittle anxious, you realize,
yeah, that's cost effective.
It's not going to break thebank, and if you call your
agent, then they say, if that'stheir first response, then maybe
you don't have the right agentexactly, because they should
say, Oh yes, there's newproducts on the market. Let me

(31:12):
look into this for you, and letme get you a quote. Yeah. Is
that

exactly? Exactly what? It should not be
complicated. But again, the goodnews is this, if you do your due
diligence, you know, like youdo, like we collect assessments,
we enforce the rules, you know,the things, you maintain the
property, also, you want to beaware that there's information
out there that you are sensitiveinformation that you're
responsible for. It's yourfiduciary responsibility to

(31:40):
protect that data, if you don'tprotect that data, and all of a
sudden, that property managercomes to you and say, oops,
guess what happened? And I don'tknow what to do now. Of a
sudden, you as a board presidentare saying, uh oh, maybe I
should have vetted that managerfirst. Maybe I should have a
contract with him and say, Guesswhat? If there's a security
breach incident, you will beresponsible. Because right now,

(32:02):
there's nothing in the contract.
Nobody has a contract that says,Who responsible in event of a
loss? That means a managementcompany and say, Oh, well, you
know, I'll try to work with theI try my best. No, isn't the
contract. That's your job totake care of me, you know? So we
added to look at those kind ofthings. I

like that.
Well, Kevin, as always, it's, Iwas gonna say, It's great
talking to you. Sometimes it'sscary talking to you, but it's
wonderful talking to you. I findit fascinating. And I think the
kind of things that we coveredtoday are just so important, so
timely, so helpful. Any closingthoughts to add at this time?
Yeah,

stay calm. Don't worry about it. Do your job and
think about it this. Use yourcommon sense. Don't rush
whenever you see somethingbefore you click. Take a step
back. Does it make sense? If itdoesn't make sense, don't do it.
Yeah, make the phone call, yep.

And change your password every once in a while.
And dual multi factorauthentication. That's it cool.
Okay, we can do that. Hey. Well,we hope you learned some HOA
insights from our discussiontoday that helps you bring
common sense to your commonareas. Look forward to having
you join us for another greatepisode next week.

Announcer (33:12):
You've been listening to Hoa insights, common sense
for common areas. If you likethe show and want to support the
work that we do, you can do soin a number of ways. The most
important thing that you can dois engage in the conversation.
Leave a question in the commentssection on our YouTube videos.
You can also email yourquestions or voice memos to
podcast at reserve study.com orleave us a voicemail at

(33:35):
805-203-3130, if you gain anyinsights from the show, please
do us a HUGE favor by sharingthe show with other board
members that you know. You canalso support us by supporting
the brands that sponsor thisprogram. Please remember that
the views and opinions expressedin this program are those of the
hosts and guests with the goalof providing general education

(33:57):
about the community, associationindustry, you want to consult
licensed professionals beforemaking any important decisions.
Finally, this podcast wasexpertly mixed and mastered by
Stoke Light, video and marketingwith Stoke Light on your team,
you'll reach more customers withmarketing expertise that
inspires action. See the shownotes to connect with Stoke
Light.

Unknown (34:22):
You

All Episodes

088 | How to Protect Your HOA from Cyber Threats Today!

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

On Purpose with Jay Shetty

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}088 | How to Protect Your HOA from Cyber Threats Today!