Tag Archives: cyber attack

Ransomware Attack Affects the World

We have been warning about computer security for a good while now, and it has happened again – BIG TIME. Last week a world-wide ransomware virus was released, and to date it has affected computers in over 150 countries … and still growing.

Ransomware - Tenant File BlogSo what is ‘ransomware’?  It is particularly disturbing because you won’t know until a message appears on your computer screen telling you that your files have already been encrypted. If you look at your files, you’ll see a long number instead of the file name. For a ransom payment (in bitcoins) your data will be un-encrypted. This nasty bug has infected both servers and Internet connected computers, so nobody is really safe. Because of an alert individual in the UK, the US was spared from the initial attack, however, it is very possible that the attackers can make a few adjustments and send out more modified versions that will be even more devastating than the first wave. At the time of this writing, 3 modifications have been released.

This is not a ‘Russian’ attack; in fact, Russia was one of the first to be hit, along with Britain and Japan. The US is only just now compiling the toll, but we know FedEx and a large number of US based business have been on the receiving end. What it ‘does’ show is that the Internet is very vulnerable to cyber attack on a large scale.

So what does this have to do with property managers? The property management business is one of the most likely and vulnerable targets for future attacks. The property managers hold sensitive information on owners, their bank accounts, email addresses, social security numbers and rental properties. They also have information on millions of tenants, their bank accounts, passwords, social security numbers and other confidential information. Most of the web-based property management software companies were rushed to the market within the past 5 years, and I would venture that most of them do not have even moderate protection against an advanced hack attack.

While any computer connected to the Internet is at risk, we think that desktop software is much better protected. You would be smart to even have a computer that is not connected to the Internet in any way, so that you can run desktop based software in the event of a cyber attack or another ransomware attack. It will happen to you eventually, it is just a matter of time, and it could even come in the form of a natural disaster that is man-made or comes via Mother Nature. No matter what kind of property management software you have, be sure to make local backups of your data – don’t count on a stranger’s word that they maintain ‘redundant’ copies of your data. Since the servers are connected, a massive attack is likely to affect all of them. Your best defense is a copy of your data that you can hold in your hand.

At Tenant File, we have already saved a good number of customers that had their data encrypted, by helping them restore their program and backups. We’ve heard horror stories of web-based software customers that lost everything, and had to start from scratch, hunting through file folders to try and re-create their owner and tenant financial history. And they are left wondering if they will be held responsible for the owner and tenant data that is now in a hacker’s hands. We hope you never have to experience that!

Massive Cyber Attack – Are Property Management Companies at Risk?

Property Management Company Post Cyber AttackI told you so. I’ve been warning about this for a good while now, and this is only the beginning.  In particular, if you are using web-based property management software, you should think about what you are doing. You are putting your own security, your tenants, and your property owners at risk, and probably paying a hefty monthly sum to do it.

I’m talking about the huge cyber attack that came in three waves on Friday.  If you were not directly affected, it was probably (1) because the hackers didn’t bother with smaller websites or (2) because it wasn’t your turn yet.  Here are some of the ones it did affect:

The New York Times
The Financial Times

Ladies and gentlemen, these sites are no pushover sites for hackers (or are they?). Supposedly these sites are some of the best secured sites in the world, and hackers managed to get to them all at once. If these sites are vulnerable, how secure do you think your property management software website is? Most of them weren’t even around 5 years ago, and I would venture that none of them have anywhere ‘close’ to the level of cyber security protection of the sites that got invaded.

In a recent NBCNews.com post I saw the comment for consumers to “think carefully about what and when they connect devices to a cloud or even to the internet in general.” In a previous blog, I speculated on a scenario specifically for property managers called “A Day in the Life of a Property Manager Post Cyber Attack”. It is almost scary how real that seems now.

My experience is in property management and I admit it is in my financial interest for people to purchase desktop software. But the reason we have continued to offer on-premise rental property software is because there is a large market of landlords and managers that don’t want to risk their business and their client base. Plus, the monthly fees for web-based software companies are never ending, and will wind up costing a fortune in the long run.

This year, on the Buildium blog (a web-based competitor) it was stated, “Is your company at risk? Basically: yes. Every landlord, property manager, or real estate professional has access to (and stores) sensitive, confidential, personally-identifiable information on tenants and employees.”

And who is vulnerable? Basically everyone, but consider this information from the same blog “Businesses with fewer than 250 employees account for somewhere between 20-30% of all cyber attacks.”

And how easy it to recover from an attack? Read on,60 percent of small businesses close their doors within months of a successful cyber attack.”

I LOVE technology so don’t get me wrong! We always are looking for new ways to innovate and provide our customers with the best experience possible. But that can be done without storing your valuable data on a remote server that can be attacked at any time. And when that happens, you might suddenly find yourself in an office with no access to your tenants, your owners, your vendors, your accounting, and your customers. And I ask, is that worth the risk?

A Day in the Life of a Property Manager Post Cyber Attack

Angry Property Management CompanyAs a property manager, you wanted to stay with the latest cloud technology, so you trusted your valuable data to a web-based software company. This scenario could be your company, it is real, and could happen in the near future.

8:00am – Everybody is calm, laughing and enjoying their first cup of coffee. Computers are glowing with the dashboard of your web-based software.  As a property manager you are experiencing just a normal work day.
8:05am – Suddenly all computers show a screen ‘NETWORK NOT FOUND’. No problem, soon it will be back up, just reboot your routers.
8:20am – This is becoming annoying, the computers are still not booting up to the Internet, so nobody can log into your property management software.
9:00am – Tenants are starting to call, they cannot process their rent payments. Still no Internet.
10:00am – The first owner calls and complains that the owner portal is down. They need the data for a meeting. Owner payments are due today.
11:00am – More tenants are calling, some are requesting emergency repairs. Work Orders and repair request are all handled by the software, which dead.
12:00pm – You have 5 office employees on the clock that are sitting around waiting for the Internet to return. Things are getting worse by the minute.
1:00pm – Everyone is watching the TV. There has been a major Internet disruption due to a cyber attack. No word on restoration of services.
2:00pm – No work has been done since early this morning. You have already lost productivity, plus tenants, owners, and vendors are lighting up the phones with complaints.
5:00pm – No answers, no work, employees go home … you’ll have to get everything caught up tomorrow.

Angry TenantThe next day – The cyber attack has spread, servers are down all over the country. You still need to pay all employees to come in to field phone calls from angry tenants and owners. You are having to call vendors to send them out for repairs, but you cannot process their payments. They are not happy. Tenants are being told to bring in their rent payments in person, but all transactions have to be recorded into a spreadsheet for transfer into the cloud property management software sometime later… if at all.

The third day – No change. You are losing money right and left. Your business cannot do anything but take calls and promise you are doing everything possible. No banking, no property management, a total disaster.

After that – total panic. Your business is totally down. You don’t have a backup of your tenants, owners, or vendors. You call your web based property management software company for hours and cannot get through. Once you get to speak with someone, they tell you their server has been part of the attack and they cannot promise that anything can be restored. Your business is in deep trouble, this could take weeks to restore if ever….

Is this scenario possible or just a scare tactic?

Ben Lawsky, head of New York’s Department of Financial Services (DFS), said he fears a large enough hack on Wall Street firms could “spill over into the broader economy” — not unlike the mortgage meltdown of 2008.

“We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time,” said Ben Lawsky, head of New York’s Department of Financial Services. He called such an attack a “cyber 9/11.”

Recently senators that have classified access and infrastructure experts agree on an impending major cyber attack. A recent New York Times article warns that Russia could be planning an attack affecting “almost all global Internet communications, raising concerns among some American military and intelligence officials that the Russians might be planning to attack those lines in times of tension or conflict.”

Think about the breaches in security at Target, Home Depot, Amazon, Staples, JP Morgan Chase, Yahoo, Apple, Google and hundreds of supposedly well protected sights. They are getting worse, not better. No company is safe from this, no matter what the software vendors tell their customers. You are probably using the software as SAAS (software as a service) which simply means monthly payments. That can be cut off at any time. Your data can be inaccessible at any time if the Internet has a problem. That means your entire business could at risk.

Our own national security experts are warning about an impending cyber threat coming from other countries that would target critical USA infrastructure systems. Adm. Michael Rogers, The director of the National Security Agency, told the House Intelligence Committee he expects a major cyber attack against the U.S. in the next decade. “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic,” he said.

If you think your web based software is safe, think again. Even if you are able to make regular backups from your server, the effects of an Internet shutdown would be devastating to your property management company. You have been entrusted with the most valuable information from your tenants, your owners, your vendors, and all of the companies that you do business with. You might want to think about that before you put everything in the ‘cloud’.