COOPERATOREVENTS NEW YORK EXPO. TUESDAY NOV 19TH . JAVITS CONVENTION CENTER. REGISTER NOW!

Information is Everything Safety and Security Online

Information is Everything

 Your co-op or condo unit houses more than your material possessions. The  management office also typically contains detailed information about you—including your social security number, credit card number, emergency  information, phone number and many other important documents relevant to your  security.  

 And that information is worth a lot of money to hackers—or anyone interested in using the content of your private files to their  advantage.  

 Locking it Down

 With more and more information and day-to-day business functions being handled  online, the safety and security of users' personal data and privacy has become  a major concern for everyone—and that includes property managers and board members.  

 And while identity theft is a growing business, New York has enacted laws to  make sure your information doesn’t leave the management company’s computers or offices. In September 2006, New York Governor George Pataki  created the New York Social Security Number Protection Law, which places limits  on the use of social security numbers—and imposes strict penalties on any company that doesn’t protect the social security numbers that they’re responsible for safeguarding.  

 Laws such as The New York Social Security Protection law were enacted to protect  you, and they’re applied to all non-governmental bodies—including individuals, corporations, and partnerships. Before you hire a  management company for your co-op or condo, you should figure out a plan of  action to protect your building’s personal information, and make sure you know the 411 on how and why this  information can be stolen.  

 The New York Social Security Number Protection Law hasn’t completely wiped out identity theft as criminals will always be out there.  

 “It’s my understanding that there are people who still sell Social Security numbers,  credit card numbers and other personal information that they hack off the  computer,” says Stephen Elbaz, president of Esquire Management Corporation in Brooklyn, a  management company specializing in co-ops and condos in Brooklyn, Manhattan and  Queens. “They can buy those numbers for 50 cents each, and the online theft of personal  information is causing bank losses in the billions per year.”  

 In 2008, a whopping 134 million credit card numbers were stolen via Heartland  Payment Systems, when hackers injected spyware onto their data systems to  monitor their credit card transactions.  

 Just as recently as March 2011, 40 million employee records were stolen from RSA  Security when an e-mail containing malware was sent to some employees. It  installed a remote tool that gave the hacker access to the security company’s computers, and they got access to all the data.  

 And in April 2011, 77 million PlayStation Network accounts were hacked, giving  unprecedented access to unencrypted credit card numbers, full names, passwords,  addresses, e-mails and purchase history.  

 “It’s a huge problem,” says John O’Keefe, CEO of ITelagen, an information technology and security company based in  Jersey City that helps management companies, buildings and other large  corporations protect their data. “Back in 2002, before I started this company, I was CEO of a software company.  Our internal website was hacked, and they put up a terrorism page. It was eye  opening for me and the company back then.”  

 Protecting the Personal

 While O’Keefe’s website was hacked due to anti-American sentiment, there could a huge range of  reasons why people attack company’s computers, O’Keefe says.  

 Sometimes, it’s to get access to social security numbers, credit card numbers and other  personal information. But more than 50 percent of the hackers are from China,  the Middle East and other areas around the world, he says, and they use smaller  company’s computer systems as platforms to hack into bigger companies.  

 “A lot of times, they’re just trying to bring systems down,” O’Keefe says.  

 The big issue for property management companies and co-op and condo boards is to  simply keep everyone’s information safe. But sometimes, it’s harder than it sounds. It requires passwords, locked safes and other measures  to keep the rest of the world out.  

 Elbaz says his property management firm has password-protected computers to make  it as difficult as possible for hackers to get in. In addition, all of their  physical files are kept in locked cabinets, and only a few people have access  to it.  

 “Not only does this prevent hackers and crooks, but it also prevents any person  in the management company from getting the information as well,” says Elbaz, who isn’t willing to take any risks, even amongst his own employees.  

 He tries to limit the number of people who know the passwords and who have the  keys to the physical material. For example, the only person who has access to  the payroll records, complete with social security numbers and addresses, is  the human resources person, Elbaz says.  

 Other building management companies try to protect themselves by refusing to  hold onto any important information.  

 Martin Laderman, CEO of MEM Property Management Corporation in Jersey City takes  security one step further. He says he doesn’t store any of the owner’s social security numbers in his office or even on his computer. He passes it  all over to the banks, and makes sure that no trace of it is left with his  company.  

 “The only thing we have is the unit owner’s license plate numbers, copies of the leases and emergency contact numbers,” Laderman says. He keeps that information on the computers, which are protected  by multiple firewalls.  

 For the vendor’s information, Laderman says, he only keeps tax ID numbers, and the only people  who can access those numbers is one account head and himself.  

 When the owners have to register their cars with the building so they can park  in the garage, he asks for a copy of their driver’s licenses, but he tells the owners that they can scratch out their driver’s license number.  

 “We just need proof that they live there,” he says. “If we take a phone bill from them, they can block out all their private  information. We just need the bill to prove that they live there.”  

 Switching Safely

 Sometimes, however, a property management company needs to transfer all of the  owner’s information between offices when a building switches to a new management  company. Getting the information to the new office without an outside hacker  tapping into the private info is key.  

 Elbaz says he safeguards the information by waiting for the new management firm  to physically pick up the boxes of records instead of shipping them.  

 Since Laderman stores the direct debit and other information with the bank, he  leaves it up to the bank to do the transferring if they need to switch banks at  all. The rest of the information, such as the blocked out phone bills, are  useless to outsiders, he says.  

 Once the information gets to the new company—or even if it’s staying with the old management firm, it’s important to get qualified people to safeguard it, Laderman says. His company  uses a professional information technology firm to protect his company. “It’s not cheap but it’s the cost of doing business, like a telephone,” he says. “That’s our infrastructure, so we don’t play games with that.”  

 He uses ITelegen, which offers different protection packages, depending on the  size of the company and their needs.  

 Laderman says he uses ITelegen to set up multiple firewalls, and to monitor the  infrastructure 24 hours a day, seven days a week. He also has on-site backups  and off-site backups in case of a fire or other tragedy.  

 Itelagen’s O’Keefe says that a basic security device for a small company doesn’t have to be expensive. The first thing he does when he’s hired by a management firm or other company is to set up basic security to  protect them, such as a strong firewall. Basic firewalls to protect their  computers from hackers and other issues, costs between $400 to $500, he says.  

 Sometimes, however, regardless of the best security systems and the best  information technology teams, private information does get stolen.  

 At that point, there are a few things that could happen.  

 This summer, the Dutch government was hacked despite being guarded by DigiNotar,  a U.S.-owned, Netherlands-based a company providing digital security. The Dutch  government had to shut down its computers and temporarily return to using paper  documents and fax machines.  

 In June, hackers managed to get access to 1.5 percent of 24 million American  credit-card accounts, which led to about $2.7 million in losses for 3,400  people.  

 At that point, says Elbaz, it’s time to “Sue, sue, sue.”  

 And while suing has become a standard rule of thumb these days, Laderman says it’s easier to simply refuse any information so you can’t be held responsible.  

 “We know that accidents happen,” he says. “That’s why we don’t ask for that information, and we don’t want it. It doesn’t even come into play. We do have a concern about privacy, and you don’t want your neighbors to know about your information either. Even if a buyer  calls, and asks what’s due for the sellers, we don’t give out that information. All the information that we have will go directly  to the unit owner. And we don’t e-mail it to them either—you have to be careful about e-mailing.”    

 Danielle Braff is a freelance writer and a frequent contributor to The  Cooperator.  

Related Articles

Census 2020

Census 2020

Be Counted Safely During COVID-19

Notice Keep Door Closed Sign. Open door. Vector stock illustration

Intruder Alert!

How NOT to Deal With Unauthorized Visitors in Your Building

Electric bike icon. Vector on isolated white background. EPS 10.

Regulating Electric Bikes & Scooters in Your Building

Balancing Necessity With Safety