By: Craig Koss, AMS®, PCAM®
Regional Vice President, Associa – Ann Arbor, MI
Many of us use our computer to order products from Amazon, to pay our electric bill and to manage our bank accounts. Online commerce has grown exponentially over the past few years, but with the improvement in convenience and efficiency comes risk. We have all heard horror stories about identity theft, computer viruses, spyware and cyber theft. If your computer is hacked, if your management company’s network gets a computer virus, are your association’s funds protected?
Most of us look to our anti-virus software, to our banks or to those “secure https:” web sites as our protection, but are they really? I am not here to advise you on what type of encryption should be used or which anti-virus software is preferred. Instead, I am here to tell you that the risk of your association’s funds being stolen is increasing and board members should take the appropriate measures to reduce that risk.
There are five steps that you can take to reduce the risk of cyber theft for your association:
- Limit Online Bank Access. There should be a limited number of individuals with any online access to the association’s accounts. Additionally, the online account access should be restricted to specific and known IP addresses. If the bank will only allow online access from within the management office or from the individual board member, you can reduce the possibility of someone using your bank information in a fraudulent manner. Many banks can meet this requirement.
- Increase Password Security. A hacker will look for any evidence of login and password information. Sometimes, spyware can even detect key strokes and thus capture an individual’s password. Passwords should be changed often and never stored in an accessible file. The use of a random password generator, or “key fob”, (a device that generates a random PIN number where the PIN number is electronically changed every minute) can greatly increase online security. The key fob is a second level password that can prevent a thief from accessing your account in the event the online access information is compromised. Many banks can accommodate the use of key fobs.
- Bank Reconciliations. Bank reconciliation should be performed monthly for each of your accounts. This provides assurance that your funds are not co-mingled with other associations’ and promptly alerts you if your funds have been influenced by outside sources. It results in financial reporting on which you can depend.
- Wire and ACH Transfers. While having the ability to move funds electronically greatly improves the efficiency and accuracy of your accounting, it can also represent a risk. To ensure strong internal controls, all electronic fund movement should require the signature and approval of two executives of your management company (generally the CEO and the Senior Accountant). Two signatures on all electronic fund transfers can greatly reduce the ability for a cyber thief to transfer funds out of your account.
- Fidelity Bond. Anyone with access to your association’s funds should be covered by a fidelity bond. This helps to recover funds in the event of a loss. The bond should be sufficient to cover all the funds of the association.
The security and integrity of your association’s funds are a critical part of the responsibility of both the management company and the board of directors. Make sure that your banks can protect you, that your management company can protect you and that YOU can protect you