Ryan Byrd: Cybersecurity and Student Housing — Keeping Resident Data Safe

Likening oneself to the multifamily or student housing equivalent of Target, Yahoo, Marriott or eBay would seem to be a lofty comparison — unless you’re talking about cybersecurity. Each of those national brands has endured a significant data breach in which the personal data of their customers was leaked. The Yahoo data breach in 2013 and 2014 compromised the names, email addresses, dates of birth and telephone numbers of 3 billion users. 

More recently, a breach of ride-share provider Uber exposed the personal information of 57 million users and 600,000 drivers. A hack of TJX Companies exposed 94 million credit cards — the list goes on. 

It can happen in the multifamily and student housing world on a smaller scale. One of the few drawbacks of an increasingly digital world is that everything is vulnerable. For every security system in place, there is likely someone trying to circumvent it. You certainly don’t want to be the apartment operator that experiences a data breach and compromises the personal information of your residents. That scenario wouldn’t serve as a renewal booster and could make potential future renters steer clear. 

While most savvy multifamily and student housing organizations are readily aware of the need to encrypt data, dispose of old data that no longer serves a current business purpose and to have a solid protocol for data backup, here are a few other tips to consider:

Device Vulnerability

As smart-home and Internet of Things (IoT) features become more prevalent, the number of devices offering potential points of access to your data also increases. Virtual assistant devices, security cameras and smart lights all possess a digital pathway that hackers might be able to use as an entry point to your data. Make certain your cybersecurity provider can perform penetration tests to help diagnose any vulnerability.

Test Your Teams

Proper training is key. IT teams often test their employees by sending fake phishing emails advertising free concert tickets, cruises and other too-good-to-be-true items. In several cases, team members eagerly click on the link and receive a message noting that they would have been hacked. While it might have facilitated an embarrassing moment for the clicking associate, it reminds them how easily a system can be compromised. Make cybersecurity training a key component of your company culture.

Emergency Preparedness

This term typically equates to having a plan in place for natural disaster events. Make sure you have one ready for a security breach, as well. Like a natural disaster, it can be easy to think that it won’t happen at your community. But if it does, the quicker you can institute your action plan, the more data you’ll be able to protect before it becomes compromised. 

Due diligence With Vendors

Perhaps your systems are perfectly secure, but are those of your vendors? Shared reports and documents with supplier partners have a potential for cybersecurity risk, so it’s important to properly vet vendors and ensure any shared systems offer high-level encryption, multi-factor authentication, rigid password credentials and additional mandatory cybersecurity requirements. 

Cybersecurity is a complex, multifaceted topic. A few simple practices — such as providing secure networks, utilizing systems from cyber-savvy providers and training associates at the site level — can prevent your organization from joining the disreputable list of those that have been hacked. 

Ryan Byrd, CTO of Entrata.