I have been working in cybersecurity for 25+ years and for the past five years in multifamily IT environments. I have learned about the typical scenarios in multifamily property management:

(1) numerous remote users (even before COVID!),

(2) heavy reliance on cloud and Software-as-a-Service (SaaS) – from providers such as Yardi, RealPage, Entrata, and ResMan, and

(3) often a sense that those SaaS providers are “taking care of security for me.”

But only after our firm is called in to do Digital Forensics and Incident Response (DFIR) cleanup on a company hit with ransomware, do they realize they have a lot more IT infrastructure than just the data hosted by those online providers. And often, these companies have zero detection or incident response capability. So, when that attack comes, it is devastating, and they run around with their hair on fire because they were unprepared.