Cybersecurity considerations for multifamily developers

Cybersecurity risks are becoming increasingly dangerous across all enterprises and, unfortunately, they are not slowing down or stopping anytime soon. In fact, the number of data breaches through Sept. 30, 2021, has exceeded the total number of events in the entirety of 2020 by 17% (1,291 breaches in 2021 compared to 1,108 breaches in 2020). Based on what we have read about cybersecurity attacks this year, it appears that the real estate and affordable housing industries have received the brunt of them, mainly because even after a shift to digital processes, many organizations still lack basic protections for their high-risk data.

To protect themselves against cyber attacks and other related security threats, here are five considerations that property owners, developers, and management companies need to embrace:

1. Protection against attacks from their extended enterprises. It’s entirely possible that a real estate organization’s next cyber attack could come from a third-party service provider or their supply chain. To that end, the organization needs to ensure it has monitoring controls in place to secure their supply chain and interactions with other third-party providers.

2. Utilize multifactor authentication. People will be working remotely for the foreseeable future; because of this it is vital that organizations protect their assets. One way to do so is to have multifactor authentication before employees, contractors, consultants, or business partners can access company resources, helping to ensure that adequate and advanced security protections are in place safeguarding company information and systems from external access.

3. Document and test security incident response plan. In today’s dynamically changing IT environment and ever evolving threat landscape, it is not the question of “if” but rather “when” will your organization experience a security incident. As such organizations should have a robust documented security incident response plan that is tested on a regular basis so that when a real security incident is encountered, the organization is ready to respond and recover from it in an adequate manner.

4. Encrypt data at rest and in transit. These days “data is king” and hence considered one of the crown-jewels of the organization. Therefore, it is only prudent to ensure that organizations have adequate security measures such as encryption implemented to protect the information from unauthorized access or use both at rest and while in transit.

5. Provide adequate security awareness training. Talking about security attacks and threats across an organization will increase the cultural awareness of the organization and educate the employee base, as well as enable employees to act in safeguarding themselves against future attacks.

As real estate organizations are heading into the future and embracing a hybrid work model, the risk of cyber attacks and other attacks on their data and assets has become less of a possibility and more of an imminent reality. By taking the above steps to protect themselves against threats to their critical assets property owners, developers, and management companies can begin the journey towards a comprehensive, proactive, and robust risk management program that plays a crucial role in the overall health of their organization.