Protecting Condo Information from Phishing Attacks

November 2022

Cybersecurity is increasingly important to high-rise communities.

If management is not properly trained and aware of cybersecurity risks, any information stored in computer systems is at risk of theft.  This includes personal contact information and financial records of the corporation.  For anyone paying monthly condo fees or rent electronically, banking or credit card information may be compromised.

Criminals are paying greater attention to softer targets and smaller organizations unable to protect themselves.  This includes anyone working from home and smaller offices, and condo corporations.  It takes is one person clicking an e-mail attachment to make all connected computer systems open to a malware attack.  Most companies, including condominium corporations, don’t have anti-malware software or formal policies in place to protect their computer systems and information.

The number one online threat for organizations comes from what is called social engineering.  Criminals use various tactics to trick people into giving away information.  We know this as phishing.  It is also the most common method used to introduce ransomware, which cuts off access to computer systems until a ransom is paid.  The most common phishing attempts involve sending an e-mail relating to new Microsoft Teams requests, Covid-19 and health warnings, and Microsoft Office 365 password expiration.  Messages claiming to be from a government agency or banking institution are common.  The e-mail will include some combination of links, data entry or attachment.  Clicking on anything in the e-mail can open a program that attacks your computer system or network.

MNP was engaged to do a targeted phishing engagement for a client with 500 employees.  An e-mail was sent out requesting they check their password strength by clicking a link to a password check page.  A follow-up e-mail was sent with the same request days later.  Over half the employees clicked a link in the e-mail and 32 percent provided their passwords.  Regardless of other protective measures that may be employed, giving up passwords is sufficient to compromise all levels of computer and network security.

People are the weakest link in protecting your electronic information and records.  Learning to delete e-mail messages, rather than respond to them or click on anything within the e-mail, provides the greatest protection.