Student Housing Business is the voice of the student housing industry.
Issue link: https://studenthousingbusiness.epubxp.com/i/783396
QUESTION OF THE MONTH StudentHousingBusiness.com January/February 2017 25 Is cyber security an issue in student housing? What does your company do to safeguard the information of your residents and their parents? Student housing is exposed to cybercrime in many forms, and that risk grows every day. At our communi- ties, old files are destroyed to reduce the risk of informa- tion leaks, and we safeguard personal information. New leases signed electronically are carefully encrypted. We even experience transactional risk; in closing a recent financing, our title company received an unauthorized wire redirection (which we successfully stopped) in a seven-digit figure. Our senior team receives phishing emails involving malware of some sort almost daily. The data integrity of our systems is only as strong as our weakest links. We need to consider paper and electronic documents as well as third-party associates and inte- grated services. Jenn Clince, COO, The Collier Companies Student housing companies face the same cybersecu- rity threats as every other company. We must protect our own corporate, proprietary information as well as employee information, vendor accounts, sensitive financial records and confidential information collected from residents. Asset Campus Housing uses a property management software platform called Entrata to main- tain security and encrypt sensitive information (i.e., personal identifying information, banking account, billing information and credit card information). We also know how important it is to properly train staff on safe cybersecurity practices, to limit the installation of new software on company computers and to regularly back up data. Julie Bonnin, COO, Asset Campus Housing We have a duty to our clients, tenants, and guarantors to be good stewards of their personal data. In the past, this information was stored locally at the property level. However, as we grow more and more reliant on technology in our space, we must now be vigilant on selecting service providers that have multiple layers of protection. This includes software providers that house our data behind multiple firewalls, implement biomet- ric protections at data centers, and have stringent pass- word requirements. Adam Byrley, COO, The Preiss Company Cyber-attacks can harm our residents by stealing money or ruining their credit. At EdR we use a three- pronged approach to protect our residents. We limit federally protected and/or sensitive information in our reporting databases. We require our vendors that hold resident information to hold certifications from SOC 1, PCI and EI3PA. These certifications (among other requirements) ensure our data is encrypted at the database level and that physical access controls to the data server, application server and all data backups are in place to allow only authorized personnel access to the data. We also have a data breach response guide so that, in the event of a data breach, EdR will respond in a pre-determined and timely fashion to gauge the impact, mitigate the damage and communicate to the affected residents. Randy Simpson, Chief Information Systems Officer, EdR We handle sensitive personal data on a daily basis, and it's critical to keep that information safe. On-Site runs our website leasing portals, in which residents and guarantors are screened within the portal as part of the leasing process. One of the reasons we chose On-Site was because of their security; they are EI3PA/PCI com- pliant, which is among the strictest security tests avail- able. Their web servers run the popular and secure Apache 2, and use 128-bit SSL encryption throughout, to ensure information transmitted to and from our cus- tomers cannot be read by third parties. Dave Anderson, President, Homestead U Protecting our customers' sensitive data and infor- mation is of utmost importance. This commitment requires a continual investment in cyber software and infrastructure, as well as IT personnel and education to ensure that we are monitoring our processes, proce- dures and systems effectively — keeping in mind that cyber security is a company-wide concern and that it is not just an "IT department problem." We do what we can to ensure that our staff members are educated, knowledgeable, and aware of possible vulnerabilities or red flags when it comes to identifying possible breach sources or intrusions. Ashley Lanagan, VP of Operations, Lutz Real Estate Investments In order to protect the information of our residents and their parents we only work with system providers that encrypt and safeguard sensitive private informa- tion. With the property management system we use, residents can apply online for housing and provide all the information we need to complete background and credit checks without our staff ever seeing that information. That information is then securely stored and monitored by our property management system's world-class security team. Mitchell Smith, COO, The Scion Group Students are bringing more connected devices with them to our apartments. Add in the IoT (Internet of Things) and we could see connected device counts increase to 10 or 15 per student, with half of those being IoT devices. The problem with IoT is two-fold: the devic- es aren't really designed to work in high-density MDU environments and most of these devices are inherently insecure. There have been a number of attacks where hackers leveraged large numbers of infected IoT devices to attack commercial websites or web services. In cases like these, is the threat the technological impact on our own operations or is it the legal and financial liability of 2,000 bots within our building attacking someone else's business? We can't divulge everything in our security strategy but there are a number of measures that we take to ensure that resident and parent information stays safe. We isolate our office network from the resident network with a high-performance firewall. We use a wi-fi solution for our offices that ensures that this typically vulnerable attack vector is well pro- tected. Our cloud partners routinely pass rigorous audits to ensure that their networks, software, services, and processes are as secure as possible. Eliminating on-premise data processing and storage from our IT environ- ment reduces our exposure and risk of a breach. Greg Blais, President, RISE