Adobe Stock

Tech is playing more of a role in the multifamily world. And while propertywide Wi-Fi networks, tech-driven access systems, smart-home devices, and connected security cameras might improve on-site convenience and safety, they also add vulnerability—increasing the chance of cybersecurity breaches that put your property (and your tenants’ data) at serious risk.

“Cybersecurity in multifamily environments is an ever-increasing priority as more and more buildings start integrating and adding technology to their building systems,” says John Sly, director of technology at property management firm AKAM. “If not done carefully, it could create large security gaps in the building, which could impact building management and the safety of residents.”

According to Sly, a breach could lead to nonoperable elevators, water, or heat systems. It could also open tenants up to identity theft, and it might even lead to pricey ransom costs in some cases.

“Building documents and files could be encrypted and locked down with ransomware software to hold the building hostage until the building pays a hefty fee,” Sly says.

Fortunately, experts say, there are several ways to prevent these issues and protect your properties and tenants. To start, here are four strategies they recommend.

1. Set the Stage

The first step is to prep your technology and set some ground rules. To start, make sure your computers are protected.

“Lots of multifamily offices have older computers running out-of-date software that can be easy to exploit,” Sly says. “That’s why it’s so important to have a great endpoint detection and response agent on every computer and anti-spam, phishing, and malware systems inspecting all incoming messages.”

You should also make sure computers have the latest software installed (with automatic updates) and implement multifactor authentication and strong data encryption on all systems, particularly those containing personally identifiable information.

Investing in virtual private network technology is also a smart move, as it “can shield IP addresses and make it more challenging for bad actors to gain access,” explains Lisa Plaggemier, interim executive director at the National Cyber Security Alliance.

You’ll also want a data backup, just in case the worst happens.

“Put in place a fully tested backup and recovery policy,” says Aaron Windle, director of IT at Graham Co., an insurance broker that guides clients on cyber liability insurance, among other policies.. “Some data vendors can store copies of data that can be unlocked with specific keys, something that can be critical in the event of a ransomware attack.”

Finally, experts say, adopt smart password policies propertywide. Avoid shared Wi-Fi passwords and keys, and make sure all passwords are at least eight characters long and a combination of uppercase and lowercase letters, numbers, and characters.

“Apply strong diverse password hygiene for occupant routers,” Plaggemier says. “You wouldn’t believe how commonplace it is for facilities to deploy passwords that follow the same pattern and only differ by one character. This makes it incredibly easy for bad actors to crack an entire facility once they have access to one unit’s credentials.”

2. Control Access

Limiting access to your tech is critical, too—both digitally and physically. As Plaggemier puts it, “One of the biggest issues that property owners face is one that is largely of their own making: allowing any employee to have full access to building networks.”

Ask yourself: Does every employee need access to the network? Can you create tiered access to limit exposure for your most critical data? This should apply to contractors and vendors, too. Repair professionals, service providers, and other on-site vendors often have access to both the building and its networks. Limiting this access, wherever possible, is vital to reducing your property’s risk.

You should also assess the physical security of your technology—how well your computers, networks, and servers are safe from outside access.

“In many ways, physical building security also ties into digital security,” Sly says. “For example, making sure office doors and entryways are closed, locked, and not propped open. Having an open office could lead to a security exposure with someone walking by and plugging in a USB drive into a computer that captures keystrokes and passwords or injects the computer with malicious code.”

3. Educate Your Team and Tenants

Employees and tenants can help improve your property’s cybersecurity. As Mike McIntire, chief technology officer at Graham Co., explains, “Human error is a key point of failure that bad actors capitalize upon.”

McIntire recommends hosting recurring (and mandatory) security training meetings to ensure employees are aware of any risks, know how to protect themselves, and are regularly reminded of cybersecurity’s importance.

“Employees and tenants are an organization’s biggest asset, so arm them with the tools and knowledge they need to do their part to aid in cybersecurity,” Windle says. “Provide them with security awareness training that covers topics like how to identify phishing emails and where to report suspicious activity.”

You should also cover the risks of sharing credentials (passwords, keycards, app access, etc.) with friends and family and stress the importance of anti-malware software, strong password hygiene, and regular computer updates—even on personal systems.

“So often, issues in the leasing or resident office start because a personal email account or a resident’s computer was compromised,” says Paul Campbell, operations and risk officer at Knock CRM, a multifamily property management platform. “Tenants and staff should use a password manager and set unique, strong passwords for all important sites, keep their devices up to date, and be suspicious of file attachments and links, especially those coming in via text.”

4. Enlist a Pro

At the end of the day, experts say partnering with a dedicated security pro is typically the best path toward foolproof cybersecurity.

“Long gone are the days of asking your neighbor’s grandson to help program your VCR and install a freeware antivirus product on your computer,” Sly says. “There is now a multitude of critical systems that need to be managed, patched, and tuned properly for security. Partnering with a knowledgeable security vendor can help identify security gaps and areas for improvement, as each building is different and will have varying levels of technology and infrastructure to manage.”