Tag Archives: data breach

Property Manager Security Alert

Map on computerA higher rate of urgency does not imply ever-present panic, anxiety, or fear. It means a state in which complacency is virtually absent.” – John P. Kotter

It’s getting to where we are reading about new data security breaches nearly every day, but this last one is a ‘doozey’. It is the giant JP Morgan Chase bank, and it involves 76 million customers and 7 million businesses, and that is only what they are admitting right now. This started way back in June, but we are just now hearing about it. Now, they have “closed the known access paths”, according to Chase spokeswoman Patricia Wexler. This comes on the heels of the Target and Home Depot data breaches, as well as a growing list of others.

Property managers are especially vulnerable, especially those that have their data in the ‘cloud’, a hip way of saying your data is on someone else’s computers. That data is most likely spread out on many servers in the US and abroad. You are holding the keys to the Owner’s bank account information as well as your Tenant’s bank account information, with the exception that you gave the keys away to someone that you don’t even know.

What you may ‘not’ know is that there is an entire industry formed around the many security ‘holes’ in the software programs that protect your valuable data. These companies have brilliant programmers that spend every day looking for ways to break into the websites and servers holding your data. But they are not criminals – it is all legal. They find the breaches, contact the companies owning the website, and offer to let them know what they found. Nice, huh? Not so fast. A single bug or vulnerability can fetch thousands of dollars if it is small and 10’s of thousands (or more) if it is major. Or, how would you like a ‘protection’ subscription for only $200,000.00 per year? If the vulnerable company can’t pay the price, no problem, the ‘breach finders’ can just move on to the next client that ‘will’ pay for the information.

And who is that client? Well, the second one in line is our good old government, such as the NSA. They actually have a budget for this, rumored to be in the hundreds of millions of dollars. They want to keep Internet vulnerabilities for themselves to track the ‘bad guys’, and an example of that was the ‘Heartbleed’ bug, which our government kept silent on for a year and a half while they exploited it.

If it can’t be sold to the government, next in line are competitors or others that want to exploit the security ‘holes’ in a website. Here is where it gets seedy. Of course the ‘breach finders’ say they don’t sell information to ‘bad guys’, such as countries on the ‘terrorist’ list, but they do often sell to foreign countries that don’t have the best interest of the USA’s citizens in mind.

This could be ‘your’ information that is being bought and sold. Should you panic? No, but should you keep everything you have in the ‘cloud’? I think not. Complacency is not your friend.