Ep 88: How to Protect Your HOA from Cyber Threats Today!

Kevin Davis 0:00
We still lock our front door. The difference is now when they knock on our door, we let them in and say, Sure, we’ll be glad to give you that information. That’s the difference. When you steal candy from a baby, The baby starts crying because you stole from them. You go, I can’t believe you took this from me, but what happened we do? We open the door and say, Come on in. Here’s our minute, here’s our information, and the word is social engineering. That is the magic word.

Announcer 0:25
Hoa Insights is brought to you by five companies that care about board members, association, insights and marketplace Association, reserves, community, financials, Hoa invest and Kevin Davis, Insurance Services. You’ll find links to their websites and social media in the show notes.

Robert Nordlund 0:41
Hi. I’m Robert Nordlund from Association reserves, and

Kevin Davis 0:44
I’m Kevin Davis of Kevin Davis Insurance Services. And this is HOA Insights, where we promote common sense

Robert Nordlund 0:51
for common areas. Welcome to episode number 88 where we’re again speaking with insurance expert and regular co host, Kevin Davis about cyber threat and cyber threat landscape and the insurance protections that associations can use to protect their exposure in this area, we want your association to thrive. So we want you to be well informed about the possible loss exposure at your association. We don’t want anyone in our podcast audience to be surprised by what’s going on out there? Well, this is a follow up to episode 87 another one of our popular board hero episodes. It’s board members like you that carry the entire community, association industry on your shoulders, and we want to honor you and our regular board heroes by hearing your inspiring stories. So if you missed that episode or any other prior episode. Take a moment after today’s program to listen from our podcast website, Hoa insights.org, or watch on our YouTube channel, but better yet, subscribe from any of the major podcast platforms so you don’t miss any future episodes. Those of you watching on YouTube can see the HOA insights mug that I have here, I got one with a cartoon on it that puts a smile on my face. And you can browse through what we have on our merch store, on our HOA insights.org website, or at the link in the show notes, and you’ll find we have plenty of especially items for sale, like mugs and things like that, and also plenty of free stuff, like board member zoom backgrounds. So as a treat, go to the merch store, find the mug you’d like, and I’ll ship that mug free of charge to the 10th person to email me at podcast@reservesday.com with your name, shipping address, mug choice, and mentioning episode 88 mug giveaway. We enjoy hearing from you responding to the issues you’re facing at your association. So if you have a hot topic, a crazy story, or a question you’d like us to address, you can contact us at 805-203-3130, or email us again at podcast@reserves.com, well, one of those emails was listener Michelle, who asked, I heard about cyber insurance. What’s that? We are, a 20 year old, 124 unit, single family home. Hoa, does that apply to us? And Kevin, tell us more about this. You’re the one who knows. You know,

Kevin Davis 3:21
this is a fascinating topic for me, because we see cyber threats all the time, and we pay cyber claims for community associations. The problem is this, most people who live in community associations don’t believe they have exposure. They don’t believe that they taking enough money, have enough data so they kind of just ignore it. And the reality is that social I always start with the same now, on a board of directors, do you have a CIO, a chief information officer? No, you don’t. Do you have a IT professional, security, professional on your board?

Robert Nordlund 3:58
No time getting someone to be president. Anything that Exactly,

Kevin Davis 4:02
yeah. Do you have an incident report, if you have a security threat document? No, you know. Do you have, do you have a son or a grandson, or somebody lives in a community that can go to person if you have a cyber problem? And the answer is that most of those are no, right?

Robert Nordlund 4:21
There is gonna be a short podcast episode if you don’t have some yeses coming up. But

Kevin Davis 4:26
the point is, is this is that those are the reasons why you need insurance right off the bat. I mean, you are a, you know, Robert, you’ve been doing this for a while. You serve, it’s a you serve your community association, right? Yep, and we know you have a job to enforce the rules, maintain Association, collect assessments. Well, guess what the cyber people know that you collect assessments, and guess what? They know you have reserves. And guess what you need? You know you have personal, identifiable information, sensitive information, from everybody who lives there. We could kind of close this whole thing right now. Those are two reasons why, right off the bat, you need it. You don’t have the expertise, okay? And. Saying the cyber criminals are looking right at you right now, these associations and saying, Now, I don’t have expertise, but they have both the things we’re looking for, because most cyber threats, most cyber criminals, they looking for data, okay? Or they’re looking for money. At a Community Association, you have both. You have reserve accounts, operating accounts, you have money on one side, and then you have people who live in that community association with checking account numbers and driver’s license numbers and all that kind of stuff. So you it’s a treasure trove of information for the cyber criminals. Okay,

Robert Nordlund 5:36
all of a sudden my heart just sunk, because I remember, I thinking five or 1015, years ago, where we had it seemed like a wave of managers stealing money from their association clients, yes, and the reason they were doing it, it was because it was like stealing candy from a baby because the board members, just like You’re saying, they weren’t looking out clearly they weren’t acting in a with a defensive posture, and the money was there for the taking. And I imagine it’s still going on to some degree. But Is it as simple as there are bad actors out there, and just like you say, association collects data, association collects money. They have information and community associations, are they still? Is it still like stealing candy from a baby? It’s

Kevin Davis 6:27
worse than that. Okay, yeah, silly candid, you said 10 years ago, right? They were doing these things. What’s happening now? We have things like AI, which makes it easier to get the data that we need from board members. And with the problem with community associations have is that they give all the information to the property managers, and believe, once they do that, they have nothing to worry about.

Robert Nordlund 6:51
Yeah, they are saying, okay, good, yeah, it’s their problem. Yes, yes.

Kevin Davis 6:55
And the problem comes from the property management firm, because they don’t also don’t have a chief, you know, information officer. They don’t have an it special. They don’t have those people either. Hopefully they have an insurance policy. So let me give you this, let’s say, all of a sudden, I’m a manager of XYZ, manager company. I manage 30 associations, okay? And then somebody comes to my office, right? And pretends to be, you know, a UPS person or a tech person, and they come to my office, they see my server over there, okay? And they pretend they are the ups, and they come out. I got the packages for you where you go and actually the server. You either a take the whole server out, or put a thumb drive in, a USB drive in it. Now I have data access to all 30 associations. Now you were the board president of Happy Valley Community Association, and I’m the president of my management company. I said, Robert, we have a problem. You know, my I was, I’ve been compromised the 30 associations. Now you expect to hear from me. Don’t worry about Robert. I’m taking care of it, right? Yeah. But what I’m going to say is like, Oh, guess what? I don’t have an insurance policy, so I don’t know what to do now.

Robert Nordlund 8:04
And I think your information, and that of all your 100 homeowners, has been stolen.

Kevin Davis 8:11
Yes, that’s the bad news. You know? The bad news is that all the information is stolen, right? The good news is I’m taking care of it. The bad news is I’m not taking care of it. You know, when you say, I’m not taking care of it. Now, all of a sudden, what do you do? Robert, now of a sudden, you were you have 100 unions in your community, association. You got a call from me saying, oh, man, I’ve been compromised. Okay, all my information is gone, all my associations. And I don’t know what to do about it, but I’m letting you know so you could take precautions. That’s the problem. Okay?

Robert Nordlund 8:45
I guess a couple of thoughts stirring around in my brain. One is, we’re talking about community associations, and you said it’s worse than very easier than stealing candy from a baby. And that’s probably true, because every few months I get a notification from some company saying, Sorry, Mr. Nordland, our servers have been compromised, and they probably stole your information. We don’t know if they did, but we they might have. And so we’re going to offer you three months of Yes, online security service. And I’m not okay. That’s a dark path. And the other thought is, nowadays, management companies are physically smaller because they don’t have boxes and boxes and boxes of information. They used to have files that a bad guy could literally grab and walk out with to steal information, and now this information is more and more online, whether on One Drive or Dropbox or anything like that, and bad guys can come in and just grab the file. So just as you want

Kevin Davis 9:50
to easier, it’s easier now to do it. Yes, yeah, because

Robert Nordlund 9:53
the point, I guess, in the olden days, you would lock your front door and feel reasonably secure. It, and now, yeah, you can lock your front door, but not everyone is locking their data door effectively, and so there’s paths in is that it? No,

Kevin Davis 10:11
no, I said was easy, and this is the reason why it’s easier. Okay,

Robert Nordlund 10:16
we still you’re not getting a blueprint for bad guys. Here

Kevin Davis 10:20
are you? Okay? No, no, no, no. The bad guys know this stuff already. Okay? Bad guys know this stuff already. We still lock our front door. The difference is now when they knock on our door, we let them in and say, Sure, we’ll be glad to give you that information. That’s the difference. We still carry from a baby. The baby starts crying because you stole the front you go, I can’t believe it took for something, but what happened? We do? We open the door and say, Come on in. Here’s our minute, here’s our information. And the word is social engineering. That is the magic word. Yeah,

Robert Nordlund 10:50
is that? And I we’ve talked about this before, I think, is that like the email I get from, for me, I get it from a manager that I’m not directly working with, and it says, Click here for the proposal, or click here for this. And it’s, it’s someone spoofing them, and they’re looking to get into my computer. Yeah,

Kevin Davis 11:11
what’s up? Even further, again, this is what I’m saying. Is easier than this. Okay? What it does is goes after our either our greed or a sympathy, okay? Other words, they’ll, they’ll say, Guess what? Click here and you just won x, y or z. Or you want free tickets. Okay, you want free tickets to a concert. You want just click right here. And then we go, sure we got it not in your system. So we open the door and let them in. So we click, or what we do is have to go, you better do this now, or else you’re gonna lose now. Here’s the perfect example. And the management company, management company gets hacked. All the emails are stolen. Okay, got all the emails. So the first thing that person does is send emails to all their clients and say you are late in your payment. Please pay now and avoiding a late fees. Here’s my new bank and routing them,

Robert Nordlund 12:00
and that sudden, that’s it. What? 30 associations time, there’s 100 units each. We’re talking 3000 people are sending there anywhere from $50 a month to $500 a month. To the bad guys, it’s to the back. Oh, gee,

Kevin Davis 12:17
easier now than what’s before, because we open the door, we have locks and everything still there. We update our systems. We do all the stuff, but because of our own greed or because of who we are as human beings, when somebody says, I need your help, can you please respond us immediately? And then all of a sudden, we’re so busy we don’t look, you know, UPS. You get these ups things all the time, fake ones that, guess what? You left this. You forgot to give you a forward interest. So you left this, and it’s all fictitious. Count, what I get all the time is that somebody from my office will get a note from me when I’m traveling. I’m on LinkedIn. Guess what? I’m in Vegas for conference, and I’ll send that email to my Comptroller and say, Oh, Kevin, needs, you know, 20 gift cards. Can you send them immediately? You know, you have to say, pop your names on the door. They find out who you are. And I was like, somebody’s calling. No, I never asked for gift cards. I never did that. That’s why what we’re doing now is so sophisticated, and you’re talking about a frequency that’s unbelievable, because we make it easy for people to take our money

Robert Nordlund 13:21
and our data, because we end up volunteering it to them. Volunteering it to them, we give it to them. So that’s a problem, because it’s not stealing. Yes, we give it to them. Oh yes,

Kevin Davis 13:33
yes. And now, from insurance point of view, that’s been the biggest problem for us in insurance, because, well, if you gave it to them, that’s not really a theft. You gave it to them. And so we had to rewrite entire insurance policy to help people out in those situations. It’s the number one problem. And I would say right now, most people do not have coverage for that because you gave it to them.

Robert Nordlund 13:56
Yeah, you know, I guess the YouTube people can see me. I’m sitting here with my arm is crossed because I’m all tense. The emails that get me are the ones that say I’m a manager at this management company and click here to submit a proposal for a reserve study. And those are so tempting because that’s in my line of business. And I grab my phone. Don’t have it with me. As I’m grabbing my calculator, grab my phone and say, Hey, Susie, I just got an email from me. Do you really need a proposal? I said, Oh, no, my computer’s been hacked. Do we need to train everyone to do that? To make that

Kevin Davis 14:35
the most important thing there is to make that phone call. I mean, you said that you gave the number one answer, because what happens in all these spoofed emails? Again, social engineering is a term. Is that all you have to do is make that phone call and say, Wait a minute, I have a invoice from you for a new banking routing number. Is that true about that new banking routing number? It doesn’t do you any good until you click on, don’t click or anything. This call for. First we do anything, because the next thing you know, they said, I’ve been hacked, and then you just delete it. Most people won’t make that phone call because why? They’re too busy. And then you had a relationship between a manager and a board so that board member might be one of those board members who I and imagine I can’t call this guy. I’m tired of calling him. I push the button and boom, it’s gone. Gee.

Robert Nordlund 15:22
Okay, so we’ve got this problem going on. It’s a lot of volunteering information. We welcome them in. And you also said earlier, it’s additionally troublesome because of AI, which means that someone, something out there, knows that I did a speaking engagement here, or I was recently in this city, and so they can make it look pretty darn custom. Yes, my

Kevin Davis 15:50
voice might be involved in it, or my picture might be involved, and manipulate my picture, my voice, it could be so sophisticated. And guess what? You can go right to a I ask how to do it. You know, I’m I’m doing a seminar on how to do X, Y and Z, and chat. GPT will tell you, Oh, well, you need to do A, B, C and D, and even Google it. How do you socially engineer somebody? How do you manipulate people? And to give me that information, it’s always based on the emotions. I need your help. Do this now. We’ll give you more money and we again, you said it before we locked our door and somebody broke into us, and we feel bad now we they, we open the door up, unlock the door, open up and give it to them. Most of the claims that we see are because of social narrative. And they can get to the smallest thing, where all of a sudden I’m buying new paintings. You know, I’m the president of my community association, pretending to be calling the manager company up. They say, I want these new paintings. I want to immediately give me the money. I pay for them myself, and then they send money out to them. And again, they keep it low enough where they’re not going to they don’t care if it’s a couple $1,000 they won’t go 10, $15,000 like the gift cards. They’ll ask for a couple $100 because nobody’s going to check it. Then all of a sudden they go and find out that, wait a minute, didn’t you order this? Did you ask for this? No. And

Robert Nordlund 17:07
you go, Oh, wow, is that also that they’re thinking that there’s a threshold that under that they probably won’t go with the police. They probably won’t go through the hassle of resolving it, and the bad guy will be out easy with 1000 or 2000 or 500 or whatever it is, yes, okay, the

Kevin Davis 17:28
key thing for them is they know what they can get away with before they for that person goes, I better call first for a couple $100 and maybe it depends on the size and dissociation. You know, some associations are larger than other ones. The larger ones have a big problem, because some of large ones may have a cyber network, but nobody’s looking after you know, nobody’s looking at the password. Somebody’s looking at all different things that you need to look at in order to make sure things don’t go wrong.

Robert Nordlund 17:55
Yeah, and if you’re at the association, you may be trusting Joe the treasurer, or you may be trusting, I think he said XYZ management company, and they’re no more sophisticated than you would have been. What’s the most common password out there? Password? There’s a half a chance that their password is literally that. So just because you’ve delegated that project to the management company, doesn’t mean that they are necessarily, necessarily more sophisticated or defensible. Gee, easily defended. Well, Kevin, you certainly got my attention here. But let’s take a let’s take a quick break and get back and we’ll hear about some solutions, of what you can do. But it’s time to hear from one of our generous sponsors, after which we’ll be back with some more common sense for common areas.

Kevin Davis 18:48
Hi, I’m Kevin Davis, the president of Kevin Davis Insurance Services. Our experienced team of underwriters will help you when you get that declination. We provide the voice of reason, someone who will stand by you. Our underwriters bring years of knowledge to our clients that can’t be automated by technology or driven by price as a proud and wins company. We bring true value to your community association clients. We are your community association insurance experts, and

Robert Nordlund 19:16
we’re back, well, we’re here with Kevin Davis talking about the first half of this program was getting me all anxious about the risks out there. And over the break, we were talking about ransomware. Kevin, is ransomware part of this? Yeah,

Kevin Davis 19:31
ransomware is a is part two of it? Part because ransomware is all about getting money. I don’t care about the data, because the data, once I have the data, you know, it’s hard to make money off that. I want money. I want cash. I want that immediately. So I use ransomware. Now, I said earlier that somebody goes into the management company’s office pretending to be somebody they’re not, either downloads the information on a USB drive, or they take the whole server once they have that information. Right? What they do now is to block the whole thing. They put a put something in there, or they’ll send you a link or something where your whole system is shut down and you need a key to unlock it. The problem is, is getting that key, you have to be able to go to these, you know, the crazy part about these ransomware claims, okay? And the largest one so far is $75 million I looked it up. This is today. It happened in March. $75 million on a ransomware okay. Now for a community association, it’s not going to be that much, right, but guess what? It’s still a problem if you have a server, okay, if you have a server, they want to go in there and go after your server by sending you an email, maybe give you you heard about the fake USB drive to stick inside the computer and you, and you, you can download the information people will smart enough not to do that anymore. Now here’s the thing that people don’t know about. Those QR codes that you line up you put on your phone, right? Some of them are fake and fraudulent. Be careful.

Robert Nordlund 21:02
Okay, so that needs to be definitely someone that you trust.

Kevin Davis 21:08
Yes, okay, because you put up there again. It goes back to the emotions. Get back. Click on this. Now you can win, win, win. You click on it. Now you’re in the system, and now, all of a sudden, you’re locked down. You can’t do anything with your system unless you pay the Bitcoins. And there’s a whole industry for this thing. So if there’s a claim, because we have claims people to handle these ransomware claims, what they do? They call up other claims people and say, Have you heard of Bob’s, you know? Response, no. Have you heard of this one? Okay, yeah. They’ll give you, yeah, pay them the money. They’ll give you back the key. They won’t touch the data. These are good people that work. They’re good people. Well, yeah, these, these are honest criminals, yeah, but no, you got honest criminals and dishonest criminals. The honest criminals say, yes, okay, yep, you paid a ransom. We walk away. You’ll never see us again. Did a dishonest one, so you paid a ransom, but we still going to keep your information, but we not going to steal so it is an industry in itself, ransomware. You got to be careful. And they go after the QR codes the USB, they take your drive, they they will do social engineering and get into your system. And once in your system, the system is locked, and what they want to do is, guess what? They want, a ransom extortion payment. They don’t care about the data that much anymore. They just want money right off the bat, and that’s it. They figure

Robert Nordlund 22:29
that you want to be back in business and it’ll be worth 10 grand or 50 grand or 100 grand, or, yeah, something like that. Okay,

Kevin Davis 22:36
especially if you live in a new association where everything is linked to your to your electronics, a link to your front door, the front gate. Now you can’t get in the front gate.

Robert Nordlund 22:45
Oh, yikes, yes, yeah. Okay, all right. Well, I thought we were going to be done scaring our audience in the first half. Let’s turn the corner. What can people do? Where do they get insurance? How does this protect them? Well, you know what?

Kevin Davis 23:01
Before we talk about insurance, this is, this is the easy part. There’s a couple things you can do to eliminate these things. Okay, okay. And you name what, um, make a phone call. Okay, just make the phone call. The one thing that we always say something called multi factor authentication. Okay, that is the best way in the world. Why is that important? When you say multi factor, that means more than one, right? Now, most of us have one. We have a user ID and a passcode. So when somebody find a user ID and a passcode, what happens? Boom, everything is gone. If you have multifactor, that means you have something else, and that means it goes to your phone. That means it’s proof that’s you, it’s your phone, it’s you, it’s really you, and then you put that in there, and guess what? That eliminates so much of this stuff. So if you dealing with a bank, you deal with anybody that you are entrusting your data to, have multi factor authentication. I have, I have, like, a list of things on my phone. I got bangs work, everything you know, they always send me a code, and I put it not everything, but the ones I’m concerned about, they give me a code that I’m happy for. So that is the most important phone call, and that is the two most important that you can do to limit kind of claims out there is

Robert Nordlund 24:16
that, again, linking back to the past, even now we have dual signatures on like reserve accounts. You want, you want that compliment. You want just it to be reliant on one thing. You want at least two. And so it goes back to, back to the basics, multi factor authentication, or calling the person and saying, Hey, did you really and that’s that second factor that makes all the difference.

Kevin Davis 24:42
Yeah, that’s it. Those are the two things right off the bat that eliminates so many claims. When you, if you fill an application for cyber they will ask you, you know, do you have multi factor authentication? Will you make a phone call for anything like that? Those are the two most important things that help you to eliminate a lot of. If we’re going on, it is as simple as that. It’s not much more complicated now they’re smarter, and there’s still things to get in there, and that’s why you need insurance. That’s the reason, at the end of the day, you can do you could be the smartest person. And don’t forget, accidents happen also.

Robert Nordlund 25:15
Well, that’s happened. Yeah, we you drive safely because, well, because it’s law, because you want to, you want to come home safely, but still, accidents happen. And you and I live in an area where it is periodically windy, and one of these days, a branch may fall down and not land in the road, but may land on my roof. Accidents happen. So we can do what we we can trim our trees. We can trim back the bushes away from our house to minimize fire exposure. There’s some things that we can do, but I think of insurances for the accidents that we don’t foresee.

Kevin Davis 25:52
Exactly Okay, one thing you mentioned earlier, too about passwords. Change your passwords. Okay. I mean, look at these community association have been existing for 20 years that it by the same password for the same 20 years. So no matter what comes in and goes, yeah, yeah,

Robert Nordlund 26:11
it’s a board members, and the password for XYZ association is XYZ Association 1986 exactly, been that way since 1986 as

Kevin Davis 26:20
that means people who’ve been on that board still knows the password. Their kids probably know the password. And accidents happen. Some people go and they go, Look, they never change the password a long time. Oh, look what I did. Oh, push the wrong button. Now everybody has the information. So it’s these are simple things that you can do that changing the password is something so easy to do and make it complicated, but these change it. If you don’t make it complicated, change it once in a while. Kevin, I’ve

Robert Nordlund 26:46
heard for a long time that you should change the batteries in your smoke alarm. Yeah, every time the time changes. So that’s twice a year. Is that what we’re talking about here? Yeah,

Kevin Davis 26:55
change it. Because, again, if you don’t change it, people will figure out what it is, and also it keeps you when you’re if you change it every six months and change it, you now wear a cyber security you now where to Oh, guess what? I can be tricked into it. We fall we get into ourselves a false sense of security, that everything’s okay, because we would never do anything like that. So we know nobody else is going to do that also, too. I’m not that important. I’m not a big guy. I’m not a big shot, I’m not. I don’t have that kind of information. But guess what? You know we have all they don’t care. They want whatever’s in your bank account they want to get. They want to use your online banking to get what you have. That’s what they want. They want to target. They want to be able. Can you imagine them walking into your bank right now and saying, Yeah, give me all my money in my savings account for me right now, that’s what they do in online banking. They go in there and they see it, and I got it. I’m taking all the money and then walking away just like, just like walking to the bank without a gun again, we open the door and let them have the information, and only thing I do is make a phone call, multi factor authentication, change passwords, and then we’ll be in a lot better shape than we ever were in. And this is us. This is not the corporation. This is me, you. This is

Robert Nordlund 28:08
me, and you and our Hoa, our association clients, yeah, these are the simple things we can do. And it’s current day, locking the doors. It’s these are the kind of things the responsible and putting what on our house, we’re supposed to have it well lit so there’s not too many dark places outside, and lock your doors. And we’ve learned that for a long time. And now, like, just like,

Kevin Davis 28:30
have a neighborhood watch plan. It’s like a neighborhood watch. You have Neighborhood Watch. That’s that’s what we’re talking about. Now we say, okay, let’s add Neighborhood Watch around here. So we are aware, so people are aware that we are aware. So neighborhood watches around we know they’re going to call us up and go, Okay, what’s going on? So it’s just that awareness. More so than anything else, we got to be aware of what can happen, as opposed to, I’m not that important. I don’t have enough. I can’t worry about it. Yeah,

Robert Nordlund 28:54
but then again, the way you made it clear is that with AI and with the cyber criminals. They are smart people, and it’s easier and easier for them to hit the average person or the average corporation or the average nonprofit corporation, yeah, because it can be cost effective, even if they’re only going to get five or 10 or 20 grand out of it. Yeah, they’re, because they’re, in business and they’re going to strike where they want to strike. Okay, let’s talk about insurance. Yes,

Kevin Davis 29:26
insurance. Now what you have to do is you go and get a cyber policy with somebody who understands cyber if you’re talking to your local agent and saying, I don’t I want a cyber policy, you please find somebody at a cyber that really picks up the exposure we talked about. I worry about ransomware. I worry about social engineering. Those are the two most important things to worry about, because if you have social engineering coverage now you’re talking about the wire transfer fraud, me walking into the bank or computer thought somebody walks to my office and steal so. It covers those two things you want to get covered, social engineering and ransomware coverage. Now, once you find an insurance again, we’re talking about for community associations, own right, right? Because you don’t have the exposure that a multi multinational corporation does, or any corporation does, okay? Yeah, because it’s limited. So it’s a matter of, okay, if you have a loss, it’s gonna be in $1,000 that the 10s of 1000s, $100,000 you should be able to find something for about $1,000 $1,200 to give you the kind of coverage that you need. And that’s the key thing, is to look out there, go to a again, I am a community association specialist. You need to go to go to a community association, specialist, insurance provider, they will say, I can get you a cyber cyber policy that picks up the things that you need to be picked up. Yeah?

Robert Nordlund 30:50
So if you’re an association, and you’ve heard this episode, and you’re a little anxious, you realize, yeah, that’s cost effective. It’s not going to break the bank, and if you call your agent, then they say, if that’s their first response, then maybe you don’t have the right agent exactly, because they should say, Oh yes, there’s new products on the market. Let me look into this for you, and let me get you a quote. Yeah. Is that

Kevin Davis 31:16
exactly? Exactly what? It should not be complicated. But again, the good news is this, if you do your due diligence, you know, like you do, like we collect assessments, we enforce the rules, you know, the things, you maintain the property, also, you want to be aware that there’s information out there that you are sensitive information that you’re responsible for. It’s your fiduciary responsibility to protect that data, if you don’t protect that data, and all of a sudden, that property manager comes to you and say, oops, guess what happened? And I don’t know what to do now. Of a sudden, you as a board president are saying, uh oh, maybe I should have vetted that manager first. Maybe I should have a contract with him and say, Guess what? If there’s a security breach incident, you will be responsible. Because right now, there’s nothing in the contract. Nobody has a contract that says, Who responsible in event of a loss? That means a management company and say, Oh, well, you know, I’ll try to work with the I try my best. No, isn’t the contract. That’s your job to take care of me, you know? So we added to look at those kind of things. I

Robert Nordlund 32:18
like that. Well, Kevin, as always, it’s, I was gonna say, It’s great talking to you. Sometimes it’s scary talking to you, but it’s wonderful talking to you. I find it fascinating. And I think the kind of things that we covered today are just so important, so timely, so helpful. Any closing thoughts to add at this time? Yeah,

Kevin Davis 32:36
stay calm. Don’t worry about it. Do your job and think about it this. Use your common sense. Don’t rush whenever you see something before you click. Take a step back. Does it make sense? If it doesn’t make sense, don’t do it. Yeah, make the phone call, yep.

Robert Nordlund 32:50
And change your password every once in a while. And dual multi factor authentication. That’s it cool. Okay, we can do that. Hey. Well, we hope you learned some HOA insights from our discussion today that helps you bring common sense to your common areas. Look forward to having you join us for another great episode next week.

Announcer 33:12
You’ve been listening to Hoa insights, common sense for common areas. If you like the show and want to support the work that we do, you can do so in a number of ways. The most important thing that you can do is engage in the conversation. Leave a question in the comments section on our YouTube videos. You can also email your questions or voice memos to podcast at reserve study.com or leave us a voicemail at 805-203-3130, if you gain any insights from the show, please do us a HUGE favor by sharing the show with other board members that you know. You can also support us by supporting the brands that sponsor this program. Please remember that the views and opinions expressed in this program are those of the hosts and guests with the goal of providing general education about the community, association industry, you want to consult licensed professionals before making any important decisions. Finally, this podcast was expertly mixed and mastered by Stoke Light, video and marketing with Stoke Light on your team, you’ll reach more customers with marketing expertise that inspires action. See the show notes to connect with Stoke Light.