In a time when there are more cyberattacks, and more advanced ones, than ever before, the security practices of property management companies are being scrutinized like never before. For many companies, outdated software is one of the biggest (and most overlooked) security risks. The recent TELACU Property Management, Inc. data breach illustrates how outdated systems combined with weak cybersecurity standards can jeopardize residents' most sensitive data.
The Hidden Danger of Legacy Property Management Systems
Many property management companies still use legacy systems to process rent payments, tenant applications, lease renewals, and keep internal documents. These legacy systems were created with old infrastructure, not only lacking modern safeguards to keep tenants secure, such as:
- Multi-factor authentication
- Strong encryption
- Real time vulnerability scanning
- Secure API's
- Patching and update processes
When the systems are not abandoned, they are easy targets for hackers. Cybercriminals will often scan networks looking for outdated software versions that are known to have vulnerabilities that have not been patched.
How Obsolete Software Facilitates a Data Breach
Legacy systems create many potential failure points:
1. Weak Authentication
Old software relies predominantly on simple passwords without any secondary level of security (i.e. multi-factor authentication), making it easy for a hacker to get access.
2. Patching Insecurity
Once the vendor has abandoned development of old versions, you will likely no longer see any of the critical patches for their security flaws—greatly expanding the attack surface.
3. Inadequate Segmentation of Personally Identifiable Information
Often, legacy software may store all tenant information (names, addresses, social security numbers, drivers' license, etc) in one location, increasing exposure with a data breach.
4. Unsecure Integrations
Many property management software solutions have an ecosystem comprised of plug-ins and/or third-party applications. Many legacy systems have a hard time communicating with these modern applications in a secure manner, opening up additional attack vulnerabilities.
Linking This Back to the TELACU Data Breach Incident
The TELACU Property Management data breach involved unauthorized access to internal systems, allowing unauthorized access to sensitive resident information, including names, Social Security numbers, and driver’s license numbers. While the investigation into the technical root cause of this breach is ongoing and still undetermined, the disruption is a stark reminder of the inherent risks of working with old software or unpatched software for any organization.
Cybercriminals are drawn to organizations that operate outdated systems for several reasons, including:
- they are easier to exploit
- they are less closely monitored,
- they do not have contemporary threat-detection software,
This all contributes to a larger attack surface, which allows for risk events to be far more damaging.
Why Property Management Firms Must Modernize NOW
Maintaining older systems and relying on older technology is not merely inefficient any longer; it is downright dangerous. To avoid incidents like TELACU's, property management firms should invest in:
- Cloud-based platforms that are updated frequently
- Enforced multi-factor authorization (MFA) on employees
- Security audits and penetration testing regularly
- Encryption on all tenant personal data at rest and in transit
- Vendor risk management practices
- Staff training and best practice methodologies for phishing and intrusion attempts
What You Can Do to Protect Yourself Following a Property Management Data Breach
If your information was involved in the TELACU Property Management breach, you may be entitled to compensation for:
- Fraudulent charges
- Time spent addressing identity theft
- Emotional suffering
- Costs of credit monitoring for prevention
Reporting the breach and evaluating your legal options can go a long way toward establishing your financial & personal safety going forward.
