LookUpStrata

Strata Information Leading to Open Discussion

Australia's Top Property Blog Dedicated to Strata Living
Home » Strata Managers » Strata Managers WA » WA: Strata Industry at Risk – Part 1 – System Hacked

WA: Strata Industry at Risk – Part 1 – System Hacked

Published By Leave a Comment Last Updated

Share with your strata community

This WA article is about risks to the strata industry from system hacks.

One of the most important tasks we are asked to perform in the strata management industry is to look after the books and records of our owners, and the business details of our suppliers and contractors. This includes names, addresses, phone numbers, email addresses, bank account details, ABNs, licences, insurance certificates and then there are all the documents that relate to the buildings and schemes themselves.

For most progressive management businesses, document storage is now 99% digital, thus, our document management and IT systems need to be robust and our clients want to be reassured their data is safe and ultimately, stored in a vault that cannot be corrupted or hacked.

Recently, I tendered the IT Support, Cyber Security and Telecommunications Services for my businesses (B Strata & B Complex) and feel we were in a good space, but it is certainly getting scary out there and it is very complicated.

After interviewing three companies who each did a high-level analysis of our IT services and security protocols, the reports came back that we have adopted ‘good’ security measures.

We have two factor authentication, up-to-date anti-virus software, spam filtering, DarkWeb monitoring, phishing awareness training and monthly health checks, along with a couple of other security and password platforms to enhance the data protection for our clients, but there is still more that we can do; Really!?

Following the attack on Ukraine, there is a heightened cyber threat environment globally, and the risk of cyber-attacks on Australian networks, either directly or inadvertently has increased.

CLICK HERE TO BE NOTIFIED WHEN WE PUBLISH CONTENT TO THE SITE

On 23rd February 2022, the Australian Cyber Security Centre (ACSC) raised the alert status to ‘High” and encouraged Australian organisations to urgently adopt an enhanced cyber security posture.

The additional protections that were missing from my businesses, included WhiteListing and a more enhanced Privileged Access Management (PAM) system.

Is it just a salesman’s pitch, or do did we actually need to implement these added systems? So, I did my research.

A report released by IBM identified that as businesses incorporate cloud-based platforms to help simplify IT infrastructure and management that enables remote access from effectively anywhere in the world, we are making our businesses more exposed to cyber-attacks. This migration to the cloud has been fast-tracked due to Covid.

Data breaches are almost always the result of compromised end users (staff) and privileged credentials i.e. staff’s permission settings. That’s why monitoring and protection of account settings has become crucial. Implementing least-privilege security for staff is critical, given local administrator rights are prime targets for cybercriminals.

This is where PAM can assist, but only if you know exactly who your administration team are, who is accessing your data and more importantly, that your staff understand the importance of keeping their usernames and passwords confidential.

WhiteListing is a list of things allowed when everything else is denied by default. It is the opposite of a blacklist which is a list of things denied when everything else is allowed. Implementing WhiteListing is a great security measure used against two different kinds of security threats:

  • the most obvious is malware: malicious software payloads like keyloggers or ransomware won’t be able to execute if they’re not on the WhiteList.

  • but that’s not the only benefit, it can also be used as a tool to fight ‘shadow IT’. End users or external departments may try to install programs on their computers that are insecure or aren’t properly licensed. If those apps aren’t Whitelisted, the rogue departments are stopped in their tracks, and management will be informed about the attempt.

The problem is that WhiteListing can be implemented at different levels and can be quite inconvenient and frustrating for staff. This is because they can only use their computer for business approved software and it requires careful implementation, with proper ongoing administration.

The benefit we have are that we were a small family business, with clearly defined business practices, we know exactly which programs we are operating, we engage an IT support company, and we do not use offshore processing.

Given we have confidence in the management of our systems and our practices, we have also opted to subscribe to the Privacy Act 1988 which provides our clients the reassurance that if we have a breach, we will advise our clients accordingly.

When undertaking your due diligence, this should be the first question you ask your strata manager – What systems have you adopted to ensure the safety of our information?

Scott Bellerby
B Strata
E: [email protected]
P: 08 9382 7700

This post appears in Strata News #578.

Have a question or something to add to the article? Leave a comment below.

Embed

Read next:

This article is not intended to be personal advice and you should not rely on it as a substitute for any form of advice.

Visit Strata Managers OR Strata Information WA.

Looking for strata information concerning your state? For state-specific strata information, take a look here.

After a free PDF of this article? Log into your existing LookUpStrata Account to download the printable file. Not a member? Simple – join for free on our Registration page.

Share with your strata community

About Scott Bellerby, B Strata

With nearly two decades of property experience, including working as an expert in litigation as both a commercial property valuer and a retail development manager, Scott is now regarded as WA’s lead strata expert.

Scott started with B Strata early 2014 and became managing director mid-2015. He dedicates the majority of his time to B Strata, growing and evolving the business and managing existing and new developments as they come online.

Given Scott’s passion for strata and broad property experience he was quickly elevated to President of Strata Community Association WA in 2016 and is now the longest continuing serving President of the Association.

Scott worked extensively for over five years with Landgate, the Property Council, SCA WA and the Ministers for Land to ensure a balanced and effective review of the Strata Titles Act was achieved. Scott’s ultimate aim is to see the strata industry recognised for its professionalism and expertise and wants to ensure there is proper regulation and licensing of strata managers.

Scott sits on numerous Boards and committees, including the Property Council of Australia, Policy Advocacy Committee and he Chairs the SCA WA Board.

Hands down, B Strata are industry leaders when it comes to understanding the strata reforms and implementing new processes to accommodate for the changes to the legislation. Saying this, we will not be ‘resting on our laurels’, as we continuously look to find ways to innovate and evolve!

B Strata's mission is to create harmonious communities.

Scott is a regular contributor to LookUpStrata. You can take a look at Scott’s articles here .

Leave a Reply

Your email address will not be published. Required fields are marked *

SCA Membership

ASK A STRATA QUESTION

Disclaimer

The opinions and/or views expressed on the LookUpStrata site, including, but not limited to, our blogs and comments, represent the thoughts of individual bloggers and our online communities, and not those necessarily of LookUpStrata Pty Ltd. In all instances, information should not be taken as advice and independent legal advice should be consulted.

CONTACT US VIA EMAIL