Property Management

What Every Landlord Should Know About Cyber Security

Written By

Belong on Mar 1, 2022

Hands typing on keyboard with padlocks to depict cyber security for landlords to protect tenant data

You own a home.
We have someone to love it.

Learn More

Share this article

If you're a landlord who self-manage their rental home, you have all the information a hacker would need to steal your tenants’ identity. Are you doing enough to keep them safe?


At first blush, the relationship between property management and cyber security might seem tenuous at best. “I’m self-managing one (or two) properties by email. I’m worried about finding a decent plumber, not getting hacked.” 


But think for a second about all the information you have on your tenants. You have their social security numbers. You know their previous addresses and their current address. You know their birthdays, their bank account information, and their credit card number. 


If a hacker got their hands on all that data, they’d have a field day. They could have enough information to steal two identities – yours, and your tenants. So not only would you have a big mess on your hands, but you might even have some legal liability if you didn’t take reasonable precautions. All this makes it doubly incumbent on landlords and property managers alike to closely guard the reams of personal data they have on hand.

Be prepared to safeguard tenant information


The first thing to stop and think about is whether you are literate enough yourself about how to protect your computer and mobile phone from attackers. Think of it as “data hygiene” and “data health” – you need to understand it, and put in the work to stay healthy, just like you do when it comes to personal wellness.


Start with making sure none of your passwords have already been hacked. Search your email address on to see if any of your personal information is already out there, and if any of your passwords have been compromised.


Even if you’re the rare individual who’s never been hacked – and has never given a password or your personal data to a company that’s been hacked – we still recommend having 2-step authentication in place (in fact, anywhere it’s offered, we recommend turning it on). Also make sure that you’re using a strong password that includes symbols, numbers, and capital and lowercase letters. 


Most breaches are the equivalent of leaving the front door open. The greatest risk is from schemes like “phishing” emails – where an email seems legitimate, you download it, and through that you allow a virus to enter your computer and potentially steal whatever data it holds.


When it comes to defending against such an attack is you: be vigilant, skeptical, and hesitant before opening any attachment you receive via email, even if it’s from someone you know – maybe they fell victim to a phishing attack, and hackers are using their address book and contacts to find their next victim.  


Another method of preventing phishing attacks – and any attack that uses malware – is antivirus software. Programs like Norton and Avast will scan these attachments before allowing your computer to download them to see if they contain any malicious code. 

Stay up to date


Even if you do your best to protect your data, though, we are living in an interconnected age. Every app and software program you use – Microsoft Word, WhatsApp, Dropbox – is vulnerable. In fact, every second of every day, hackers are doing their best to compromise those platforms. These companies spend billions to protect themselves, but even so, we have all seen the headlines about breaches that have involved millions.


Sometimes, a breach of one of these platforms gets patched – so stay alert, and if there is an update available that patches a breach, do it immediately. For instance, Apple and Microsoft regularly release security patches and updated to address vulnerabilities. In some cases – like when Equifax was breached – the company offered free identity protection. 


Handling sensitive data


Of course, in defending yourself against hackers and data breaches, you’re also defending your residents – not to mention the people who might have submitted an application that included a wealth of personal information but who, for whatever reason, didn’t get the house or apartment. 


There are things you can and should do, though, to further defend those people.


The first step in protecting people’s personal information is getting rid of it – especially if you no longer need it. So once a lease is signed and a new resident is moving in, delete all the other rental applications you received for your home. Get it off your computer and out of your email account. That way, if you get hacked, there will be less information for bad actors to exploit. 


We also recommend encrypting any files you need to hold onto – for instance, the rental application you received from your current residents and their lease agreement. If they’re PDFs or Word documents, it’s surprisingly simple to encrypt them and password protect them


The next step is to restrict access to the information you do need to hold onto. This shouldn’t be a huge problem if you’re self-managing your own property, but if there are other people intimately involved with the process – if, say, you have a handyman you use all the time to help with smaller maintenance requests – limit their access to only the documents and information they need. 

IoT devices and cyber security


We’ve written before about how IoT devices like smart locks and thermostats can make life easier for landlords and homeowners. But those too are exploitable points of access for hackers.


The stakes are different in this case; if your smart lock is hacked, that isn’t going to make your tenants’ identities vulnerable to theft.


But significant physical damage can be inflicted on your property such a device is breached. A hacked smart lock could make it impossible for your tenants to gain entry, creating massive inconvenience. Even worse, it  could allow intruders into your rental property, which could result in theft or assault.


Of course, these are unlikely possibilities – and the convenience factor offsets the rare risk – but it is worth understanding the full picture.

Along similar lines, it’s important to control access to your WiFi systems: never use the default password the router and modem came with, and make sure you’re using a WPA2 network, and not a WEP. 



Find someone you can trust with your data


As a modern, tech-forward property management company, backed by leading venture firms, Belong understands cybersecurity risks and works with best-in-class vendors to secure their platform. While threats are pervasive, as we indicated before, if you have any specific questions, we invite you to ask us. Similarly, you should ask the property manager you are dealing with now – and any you are considering – the same questions. The answers may surprise you!