Reston Association’s Board of Directors has unanimously directed the organization’s staff to provide a comprehensive report on security incidents that caused losses of data, money or website capacity in the last two years.
At a board meeting last Thursday, board member Sarah Selvaraj-Dsouza proposed the motion in an effort to provide its membership with transparent information about possible issues
The move comes as some board members advocate for the immediate and swift creation of an IT committee that would guide RA on its security posture and provide recommendations on how to protect membership data, privacy and financial information.
Board members contend that RA’s security posture and IT platforms are incapable of maintaining industr-wide accepted standards of privacy and data security.
At last week’s meeting, board member Ven Iyer, a professional in the field of IT security, has voiced what he described as grave concerns related to RA’s lack of security.
Speaking as an RA member and not as a board member, Iyer says that RA CEO Hank Lynch’s email ID was breached, resulting in a loss of $187,000.
He also stated that RA’s website failed in the summer of 2020 when a system hosting the RA website, a decryption algorithm, and membership privacy and financial data was compromised. At the time, RA staff stated the abrupt shift was prompted because the website’s platform was “extremely outdated and unsupported.”
He also contended that RA’s communications to members — including recent press releases — mislead members into thinking that the shift to the cloud and a new website has resolved any pending concerns.
“That is simply not true. RA’s press releases falsely mislead members to believe that security incidents have occurred due to outdated technology or will not occur against because RA has shifted to cloud platforms,” he said.
Iyer wants the board to swiftly create the IT committee in order to “immediately respond at a SWAT team pace.”
A special meeting on the issue is planned, following a review of the proposal by RA’s board governance committee.
RA spokesman Mike Leone told Reston Now that because the board has not taken an official position on IT-related issues, the association cannot directly address Iyer’s concerns or questions about specific security issues.
The board is expected to review a report on IT breaches and other related issues on March 18.