If you are a strata council member or a property manager, you’ve likely heard the term “cybersecurity” thrown around. It might sound technical and intimidating, but don’t worry—we’re here to break it down for you!
Protecting your strata’s data isn’t just about avoiding hackers (something that’s actually happened in Australia); it’s about building trust within your community and ensuring that sensitive information stays private.
In this comprehensive guide, we will explore what cybersecurity means for stratas, why it matters, and the practical steps you can take today to secure your digital records. Let’s dive in and make your strata safer and smarter!
What is Strata Cybersecurity?
At its core, strata cybersecurity is the practice of protecting your strata corporation’s digital information, devices, and networks from unauthorized access or attacks.
Think of it like the physical security of your building. You have locks on the front doors, security cameras in the lobby, and keys for authorized residents. Cybersecurity is simply the digital version of those protections!
It involves safeguarding everything from:
- Owner contact lists: Names, emails, and phone numbers.
- Financial records: Banking details, strata fees, and budget spreadsheets.
- Meeting minutes: Confidential discussions and decisions made by the council.
- Maintenance logs: Access codes and vendor contracts.
When we talk about digital recordkeeping, we are referring to how you store, organize, and access these files online. Whether you use cloud storage like Google Drive, a specialized strata management platform, or simply email attachments, cybersecurity measures ensure that these digital filing cabinets are locked tight against intruders.
How Can Cybersecurity Be an Issue For a Strata?
You might be thinking, “We’re just a small building, not a multinational bank. Why would anyone target us?” This is a common misconception! Stratas are actually attractive targets for cybercriminals precisely because they often hold a treasure trove of personal and financial data, but may lack the sophisticated defenses of large corporations.
Here is why cybersecurity is a critical issue for your strata:
1. Financial Loss
Stratas manage significant funds. Cybercriminals often target stratas with “phishing” scams, tricking a treasurer or manager into transferring funds to a fraudulent account. A single breach could drain your contingency reserve fund!
2. Identity Theft
Your records contain sensitive personal information about owners and tenants. If this data is stolen, it can be used for identity theft, leading to legal nightmares and significant distress for your community members.
3. Reputation Damage
Trust is the foundation of a happy strata community. If owners feel their information isn’t safe with the council, it breeds mistrust and conflict. A data breach can severely damage the reputation of the management company or the council itself.
4. Legal Liability
Stratas have legal obligations to protect personal information under privacy legislation (more on that later!). A failure to secure data can result in fines, lawsuits, and regulatory investigations.
Common Cybersecurity Risks in Strata Management
Knowledge is power! To protect your strata, you first need to understand what you are up against. Here are the most common digital threats facing stratas today:
Phishing Attacks
This is the most common threat. You might receive an email that looks like it’s from a vendor, a bank, or even another council member, asking you to click a link or download an attachment. These malicious links can install malware or steal your login credentials.
Ransomware
Imagine turning on your computer and finding all your strata files locked, with a message demanding payment to release them. That’s ransomware. It can cripple your ability to manage the building until the ransom is paid (which experts advise against!) or backups are restored.
Business Email Compromise (BEC)
A BEC occurs when a hacker gains access to a council member’s or property manager’s email account. They can then send emails from a “trusted” source directing payments to fraudulent bank accounts.
Weak Passwords
Using “Password123” or using the same password for your strata email as your personal Netflix account is a significant risk. If one account is compromised, the hackers have access to everything.
Unsecured Wi-Fi
Conducting strata business on the free Wi-Fi at a local coffee shop puts your data at risk, or having an unsecured wifi network within the common property. Public networks are often unsecured, allowing hackers to intercept data you send and receive.
Recommended Resource: Strata and Sustainability: Energy Efficiency & Retrofits
How To Properly Manage Cybersecurity Risks
Now for the good news! You don’t need to be a tech genius to improve your security posture. By implementing these six proactive steps, you can significantly reduce your risk profile.
1. Consider Data Access Controls
Not everyone needs access to everything. Establishing “access controls” means adhering to the principle of least privilege.
Ask yourself: Does the landscaping committee really need access to the strata’s banking details? Probably not!
Role-Based Access
Limit access to digital files based on the person’s role. The Treasurer needs financial access; the Secretary needs access to minutes and correspondence.
Revoke Access Immediately
When a council member steps down or a property manager changes, remove their access to email accounts, cloud storage, and software platforms immediately. This is a crucial step often overlooked during the transition.
Use Unique Logins
Never share a single login (e.g., “council@strata123.com”) among multiple people. Everyone should have their own unique username and password so you can track who did what and when.
2. Respect all parties privacy to the strata privacy laws
Privacy and cybersecurity go hand-in-hand. You can’t have privacy without security! As a council, you are the stewards of your neighbors’ personal lives. Treating their data with respect fosters a positive community culture.
Data Minimization
Only collect the information you absolutely need. If you don’t need a tenant’s driver’s license number, don’t ask for it! The less data you hold, the less you have to lose in a breach.
Secure Disposal
When a digital record is no longer needed (and isn’t required to be kept by law), delete it securely. Don’t just leave old files sitting on a hard drive forever.
3. Use Proper & Secure Communications
Email is convenient, but it’s not always the most secure way to send sensitive documents.
- Encrypted Platforms: For highly sensitive discussions or document sharing, consider using a strata management portal that offers encryption.
- Verify Requests: If you receive an email asking for a wire transfer or a change in banking details, always pick up the phone and verify the request with the person verbally. Never rely solely on email for financial transactions.
Let’s look at the legal side of privacy and communication:
What personal information can a strata collect?
Generally, a strata corporation can collect personal information that is reasonably necessary for managing the corporation and fulfilling its duties under the Strata Property Act. This typically includes:
- Names of owners and tenants.
- Contact information (phone numbers, email addresses, mailing addresses).
- Banking information (for pre-authorized debit of strata fees).
- Emergency contact information.
- Vehicle license plate numbers (for parking management).
What privacy legislation applies to stratas?
In British Columbia, for example, strata corporations are subject to the Personal Information Protection Act (PIPA). Similar legislation exists in other Canadian provinces (like PIPEDA at the federal level or provincial equivalents). These laws set out the rules for how private sector organizations (including stratas) must collect, use, and disclose personal information.
Are strata corporations required to have a privacy policy?
Yes! Under legislation like PIPA, organizations are generally required to develop and follow policies and practices to meet their obligations. Having a clear, written Privacy Policy is essential. It tells owners what information you collect, why you collect it, how you protect it, and who they can contact with concerns. It’s not just a legal requirement; it’s a sign of a professional and well-run strata.
4. Provide Council Member Training
You can have the best firewalls in the world, but human error is still the most significant security risk. Education is your best defense.
Regular Refreshers
Spend 10 minutes at a council meeting once a year (like your AGM) reviewing cybersecurity basics.
Phishing Simulations
Show council members examples of what phishing emails look like. Teach them to check the sender’s email address carefully (e.g., looking for “strata-support@gmai1.com” instead of “gmail.com”).
Create a Culture of Security
Encourage council members to speak up if they think they’ve clicked something suspicious. It’s better to catch a mistake early than to hide it.
5. Have Proper Network Security
This applies to both the physical building (if you have office computers) and the personal devices council members use.
Antivirus Software
Ensure that any computer used for strata business has up-to-date antivirus and anti-malware software installed.
Software Updates
“Remind me tomorrow” is tempting, but dangerous! Keep operating systems and applications updated. These updates often contain critical security patches that fix vulnerabilities hackers love to exploit.
Secure Backups
Regularly back up your important digital records. Follow the 3-2-1 rule: Keep 3 copies of your data, on 2 different media types (e.g., cloud and hard drive), with 1 copy stored offsite. If you get hit with ransomware, a clean backup is your get-out-of-jail-free card.
6. Proper Vendor Due Diligence
Your strata hires many third-party vendors – property management companies, landscapers, concierge services, and software providers. If they get hacked, your data could be compromised.
Ask Questions
Before hiring a property management company or signing up for a new software platform, ask about their security measures. Where is the data stored? Is it encrypted? Do they have cyber insurance?
Review Contracts
Ensure your contracts include clauses regarding data confidentiality and what happens in the event of a breach.
Recommended Resource: Understanding the Strata Property Act for Strata Councils
Tools to Help With Strata Cybersecurity
You don’t have to do this alone! There are fantastic tools available to help automate and simplify security for your strata.
Password Managers
Tools like 1Password, LastPass, or Bitwarden allow council members to create complex, unique passwords for every account without having to memorize them. They also allow for secure password sharing between council members without writing them on a sticky note!
Multi-Factor Authentication (MFA)
Enable MFA on every account that supports it (email, banking, cloud storage). MFA adds a second layer of defense, like a code sent to your phone, making it much harder for hackers to break in, even if they steal your password.
Dedicated Strata Management Software
Moving away from disparate spreadsheets and emails to a centralized platform (like StrataPress) often improves security. These platforms are built with security in mind, offering encrypted storage, secure communication channels, and audit logs of who accessed what. For document analysis and condo document review like Eli Report, can help identify risks while maintaining security.
Cloud Storage Solutions
Services like Google Workspace or Microsoft 365 offer enterprise-grade security features that are far superior to storing files on a personal laptop hard drive. They offer version history (great for recovering accidental deletions) and robust access controls.
Final Thoughts
Taking charge of your strata’s cybersecurity might feel like a big task, but every small step counts. By implementing access controls, educating your council, and using the right tools, you are building a digital fortress around your community.
Remember, cybersecurity isn’t a one-time project; it’s an ongoing habit. It’s about being mindful, staying curious, and looking out for one another. A secure strata is a happy strata! So, start the conversation at your next council meeting. Review your passwords, check your backups, and give yourself a pat on the back for being proactive. You’ve got this!