Cyberattacks are becoming more common, with sizable losses for victim organizations. The FBI fielded over 880K cybercrime reports in 2023, but an estimated 80% of all such crimes go unreported. Even so, the relatively small fraction of cybercrimes that Americans reported in 2023 represent over $12.5 billion in potential losses—22% more than in 2022.Disclosure 1
Besides financial damage, your association could suffer operational disruption and loss of data if hackers break through your defenses, exposing homeowners and staff to long-term risk of fraud and identity theft. In this escalated threat environment, planning for how to handle a cyberattack is an important component of your association’s overall risk management strategy.
Prevention is important, but when one careless click can unleash an attack, it’s impossible to stop all attacks. Detailed planning for a potential event helps you prepare and respond more quickly and effectively if your association does experience a cyberattack. It’s worth the time and effort to think through appropriate actions, necessary resources, and possible barriers you could face should hackers break through your defenses.
Designate an incident response team to develop and maintain a comprehensive response plan. In addition to IT staff, your team should include senior managers, key operational employees, and even board members. Keep a copy of your plan offline—a cyberattack could lock you out of your systems.
Establish relationships with external resources and experts. Know who you’ll call for specialized knowledge and advice if you have a problem. That could include a cyber incident response firm, data forensics experts, data privacy legal counsel, the association’s cyber insurance broker, and communications/public relations professionals.
Assess the plan periodically under various incident scenarios. Conduct cyber-attack drills for team members to practice their response steps, improve familiarity with how the response unfolds, and identify potential problems. This kind of “dry run” can reduce stress levels and improve the speed and performance of implementing your plan during an actual event.
Understand your incident to-do list.
After an attack, every minute counts. Stay calm and react quickly but methodically, using this checklist as a general guide.
Activate your incident response team. Make sure that everyone designated with oversight duties knows their role. Inform board members of the attack and the appropriate responses taken.
- Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to your insurer's terms and conditions, so you receive your full policy benefits.
- Engage your legal team. Involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities, and prepare for the possibility of future litigation or regulatory investigation.
Conduct a thorough damage assessment and implement the appropriate response plan.
- Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible.
- Preserve and document evidence related to the incident. In your haste to restore data, take care not to destroy evidence that could help law enforcement identify the attackers or be used in their prosecution.
- Address the most urgent priorities. Mitigate the impact of the incident, repair systems, restore data, and strengthen security.
Work closely with your forensic investigation firm and other incident response experts. If necessary, assist with the negotiation process and prepare for secure and lawful extortion payment. Provide support to restore full operational status across the organization.
- Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation.
Contact your bank if your account has been compromised.
- Report the fraudulent incident to your bank’s fraud response unit.
- Work with your bank to try to recoup funds.
Craft your communications plan.
- Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with your staff, homeowners, and other public-facing audiences.
- Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel.
