Boston, MA According to new research released by the Foundation for Community Association Research more than half (56%) of community associations have policies and procedures in place to collect, store, and protect homeowners’ personal data.

In 2018, with the assistance of independent research firm Strategic Research Partners (SRP) and a dedicated team of experts, the foundation surveyed from around the country community association managers, board members, and other professionals who work with associations to identify the risks and liabilities associated with using technology to conduct association business. 

According to the foundation’s research, ransomware and phishing are the most common forms of attack on community associations. More than half (52%) of the communities surveyed reported that fraud and theft are their top concerns. Additionally, the majority of respondents (92%) report that their community associations use software management programs, and nearly half (49%) of respondents indicated that cost and program compatibility (46%) are the most common considerations when selecting financial software. An overwhelming majority (70%) continue to store hard-copy documents like contracts, financial and payment data and records, and resident contact information. 

Although technology and cybersecurity are not yet priority issues for most community association leaders and managers, interest in and awareness of these matters are increasing. As more security and data breaches occur, states are amending and adopting laws governing the protection of personal and financial information and how breaches in these areas must be reported and addressed. The survey also includes a snapshot of legislation by state.

Cybersecurity Top Concerns 
Half of respondents stated they are concerned or very concerned about all types of cybersecurity threats, but fraud and theft were the primary concerns cited overall. 

• 52% Fraud, theft; 

• 51% Storing and destroying records properly - Communicating or posting residents’ personal information;

• 50% Theft or misappropriation of association financial records - Posting sensitive information on association social media;

• 49% Security breaches in association management software;

• 48% Defamatory posting about association management  - Defamatory posting about association residents; Posting sensitive information on association website; Lack of insurance for association liability/data breach events.

The survey is one part of a three-phase research project to establish a baseline of what common technological practices associations are using and to assess which local and state regulations affecting technology apply to community associations. The results of this research help community associations and managers become more knowledgeable about technology software, cybersecurity, social media, third-party information, and payment portals. Download Wired: 2018 Survey of Cybersecurity in Community Associations at www.cairf.org.

Since its inception in 1975, the foundation had been producing insightful and timely research-based information for homeowners, association board members, community managers, developers, and other stakeholders.