Receive CohnReznick insights and event invitations on topics relevant to your business and role.
11/09/2021
Cybersecurity considerations for multifamily developers
Cybersecurity risks are becoming increasingly dangerous across all enterprises and, unfortunately, they are not slowing down or stopping anytime soon. In fact, the number of data breaches through Sept. 30, 2021, has exceeded the total number of events in the entirety of 2020 by 17% (1,291 breaches in 2021 compared to 1,108 breaches in 2020). Based on what we have read about cybersecurity attacks this year, it appears that the real estate and affordable housing industries have received the brunt of them, mainly because even after a shift to digital processes, many organizations still lack basic protections for their high-risk data.
To protect themselves against cyber attacks and other related security threats, here are five considerations that property owners, developers, and management companies need to embrace:
1. Protection against attacks from their extended enterprises. It’s entirely possible that a real estate organization’s next cyber attack could come from a third-party service provider or their supply chain. To that end, the organization needs to ensure it has monitoring controls in place to secure their supply chain and interactions with other third-party providers.
2. Utilize multifactor authentication. People will be working remotely for the foreseeable future; because of this it is vital that organizations protect their assets. One way to do so is to have multifactor authentication before employees, contractors, consultants, or business partners can access company resources, helping to ensure that adequate and advanced security protections are in place safeguarding company information and systems from external access.
3. Document and test security incident response plan. In today’s dynamically changing IT environment and ever evolving threat landscape, it is not the question of “if” but rather “when” will your organization experience a security incident. As such organizations should have a robust documented security incident response plan that is tested on a regular basis so that when a real security incident is encountered, the organization is ready to respond and recover from it in an adequate manner.
4. Encrypt data at rest and in transit. These days “data is king” and hence considered one of the crown-jewels of the organization. Therefore, it is only prudent to ensure that organizations have adequate security measures such as encryption implemented to protect the information from unauthorized access or use both at rest and while in transit.
5. Provide adequate security awareness training. Talking about security attacks and threats across an organization will increase the cultural awareness of the organization and educate the employee base, as well as enable employees to act in safeguarding themselves against future attacks.
As real estate organizations are heading into the future and embracing a hybrid work model, the risk of cyber attacks and other attacks on their data and assets has become less of a possibility and more of an imminent reality. By taking the above steps to protect themselves against threats to their critical assets property owners, developers, and management companies can begin the journey towards a comprehensive, proactive, and robust risk management program that plays a crucial role in the overall health of their organization.
Subject matter expertise
Bhavesh Vadhani
CISA, CRISC, CGEIT, PMP, CDPSE, Principal, Global Leader, Cybersecurity, Technology Risk, and Privacy
Beth Mullen
CPA, Partner, Affordable Housing Industry Leader
Close
Contact
Let’s start a conversation about your company’s strategic goals and vision for the future.
Please fill all required fields*
Please verify your information and check to see if all require fields have been filled in.
Affordable Housing News & Views
Capitol Connection
Related services
This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither CohnReznick LLP or its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.