The Obama Administration recently issued a new policy directive to help better coordinate the Federal Government’s response to cyber incidents that involve attacks on the private sector. Of particular importance to the multifamily industry, the directive provides clear information on who, when and how to contact the government for assistance in the wake of a cyber incident. It also emphasizes related coordination with cyber-attack victims to avoid interference between their own response and that of the government’s. Apartment firms and their third party service providers regularly collect, use and maintain sensitive financial and personal data about residents, prospective residents and employees that leave them vulnerable to cyber incidents.
Specifically, the guidance urges that cyber incidents be reported to the Federal Government if they could:
- Result in a significant loss of data, system availability or control of systems;
- Impact a large number of victims;
- Indicate unauthorized access to, or malicious software present on, critical information technology systems;
- Affect critical infrastructure or core government functions; and/or
- Impact national security, economic security or public health and safety.
Once contacted, federal agencies such as the FBI, Secret Service and others will coordinate the appropriate investigative and security response to help mitigate the damage. NMHC/NAA have long supported voluntary information sharing between, and within, the private sector and government to help lessen the threat of cyber incidents.
Additional information can be found at www.nmhc.org/data-security.