Cybersecurity specialists from student housing, consultancies, law firms and the FBI came together to discuss data security best practices during the 2017 NMHC Student Housing Conference & Exposition.

The recent news of the massive data breach at credit reporting agency Equifax, which exposed sensitive personal information for 143 million Americans, is yet another reminder to industry executives that cybersecurity threats are real and pose significant risks.


The multifamily and student housing industries need to be especially careful as firms across the sector collect and store personal and private information for millions of residents. It is imperative that this information is kept safe and secure; cyber breaches can easily cost millions of dollars and reputational risks are potentially even greater. 


At the 2017 NMHC Student Housing Conference & Exposition, cybersecurity experts from inside the apartment industry as well as specialists from consultancies, law firms and the FBI came together to discuss best practices and next steps for multifamily and student housing firms to protect their residents.


Scott Casey, chief technology officer and senior vice president at EdR, kicked off the panel discussion by noting that 2016 was a record year for breaches—up 40 percent from 2015—and that, worldwide, spending on cyber was more than $73 billion. And that is expected to continue to increase as consumer rely more on connected devices and digital platforms for more services and transactions. Bringing the discussion home to student housing, Casey noted that EdR now assumes that there are three to seven digitally connective devices for every student housing bed, increasing the number of access points to a community’s system significantly.


The FBI is the lead federal agency when it comes to cybersecurity incidents and FBI Supervisory Special Agent Paul Vitchock shed light on the type of attacks the multifamily and student housing industries are most likely to experience. He explained that, as opposed to an attack by a nation state or a country’s third party actors, criminals are more likely target the sectors to find personal or financial information. In such a case, if the FBI is aware of the possibility of an attack, the Bureau works with affected industries and firms to release information or tools to defend against such intrusions.


Providing a legal perspective, Jim Halpert, a partner at DLA Piper and co-chair of both the firm’s U.S. cybersecurity and global data protection, privacy and security practices, provided some helpful tips and best practices. For example, he noted that firms should have a terms of service agreement that users must sign when they log into a community’s Wi-Fi to establish the digital rules of the road. He also suggested that leases contain acceptable use policies to which residents would have to agree. Such steps help protect the community and organization in the event that a resident takes part in illegal online activities.


In response to the rising risk of cybersecurity threats in recent years, NMHC has built a number of resources for members. Our comprehensive white paper provides an in-depth review of cybersecurity for the multifamily industry can be found here. Members are also encouraged to sign up for the NMHC Cybersecurity Alert System here. Through the system, NMHC will regularly distribute alerts of cyber activity that could impact member firms, data or residents.