Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Strata Management · Cyber Security

Strata Ransomware Checklist & Cyber Security Guide

A practical, no-nonsense resource for NSW strata management firms, built around PIQ, StrataMax, Strata Master and the real threats hitting the industry in 2026. Free download, no sign-up required.

Live Threat · April 2026 441 GB exfiltrated from NSW strata firm Strata Republic by the Kairos ransomware group
Owner identities and contact details
Trust account and banking records
AGM minutes and financial records
Tenant and landlord data
Internal firm communications
#1 Top entry vector: shared LOB credentials without MFA
6 Critical control areas in the strata cyber checklist
E8 Essential Eight — the baseline we implement for strata firms
7-Day Australian helpdesk roster for strata management clients
Threat Intelligence

Why Strata Firms Are a Top Ransomware Target

01 High-Value Data, Low-Friction Access

Owner identities, banking records and AGM minutes are gold for extortion and identity fraud. Most firms hold it all on a single network with minimal segmentation.

02 Trust Accounts Move Real Money

BEC and invoice fraud thrive where staff routinely pay tradespeople from a trust account. A single compromised inbox can redirect a six-figure payment before anyone notices.

03 Shared LOB Credentials

Many PIQ, StrataMax and Strata Master tenants still run with shared or weak passwords and no MFA at the application layer, giving attackers an easy foothold.

04 Distributed Hybrid Workforces

Strata managers work from home, AGM venues and car parks. Endpoint hygiene slips when staff connect from personal devices and public networks without policy enforcement.

05 Regulatory Consequences

A ransomware event triggers notifiable data breach obligations under the Privacy Act. For strata, that means a regulated, public disclosure and potential loss of clients and reputation.

The Checklist

Six Focus Areas — Walk Through Them This Week

01 Identity & Access

MFA on every account that touches owner data or banking. No exceptions, no shared logins.

Phishing-resistant MFA on email and remote access
Conditional access: compliant devices only
Shared logins removed or consolidated
Ex-staff offboarding completed within 24 hours
Privileged admin accounts separate from daily use
02 Core LOB Applications

PIQ, StrataMax, Strata Master, MRI Rest and Console each have specific hardening requirements.

MFA enabled at the application layer
Audit logs active and reviewed monthly
Role-aligned access tiers configured
Vendor update cadence confirmed and tracked
Network segmentation from general user traffic
03 Email, Banking & Trust Accounts

BEC is the primary entry point for strata fraud. Your email controls are your first line of defence.

DMARC, DKIM and SPF enforced on your domain
Phone callback required on any new bank details
Mailbox rules monitored for auto-forwarding
Separate MFA for banking and trust account portals
Staff trained to recognise BEC invoice patterns
04 Devices & Endpoints

Every device that accesses Property IQ or trust accounts is a potential ransomware entry point.

EDR/XDR deployed on all managed endpoints
Patching within 14 days of release (E8 standard)
Local admin rights removed from standard users
BYOD policy with Intune or equivalent MDM
Application allowlisting enforced on servers
05 Backups & Recovery

If your backup is on the same network, you have a second encrypted copy waiting to happen, not a recovery.

Immutable backups stored off-network
3-2-1 rule: 3 copies, 2 media types, 1 offsite
LOB application data included in backup scope
Quarterly restore test with documented RTO
Backup admin credentials separate from production
06 Governance & Response

When an incident occurs, your response in the first hour determines the outcome.

Written incident response plan, tested annually
Cyber insurer contacts on a clean device list
OAIC notifiable breach obligations understood
Principal cyber briefing at least quarterly
IR retainer or MSP SLA for 1-hour response
Platforms We Support

The Strata Applications We Harden Every Day

All IT Services has been the strata cyber security and IT partner to NSW strata management firms for over a decade. Our engineers know the quirks of every major strata platform.

Property IQ strata management software logo
Property IQ

Property management and trust accounting platform

StrataMax strata management software logo
StrataMax

Strata-specific accounting and meeting management

MRI Software logo — Strata Master and MRI Rest
Strata Master & MRI Rest

MRI Software end-to-end strata and property platforms

Console Reapit ANZ property management logo
Console (Reapit ANZ)

Reapit ANZ property management LOB platform

Free Resource

Download the Strata Ransomware Checklist

Free. No email gate. No sign-up. Share it with your principals, your IT provider or your strata committee.

Common Questions

Frequently Asked Questions

01
Is this strata ransomware checklist really free, with no sign-up?

Yes. No email required, no remarketing, no sign-up. We publish it because the strata industry is being targeted right now and more firms being hard to breach is good for the whole sector. The PDF download link is directly above.

02
Our IT is outsourced — is strata cyber security still our responsibility?

Yes. Under the Privacy Act and NSW strata regulations, the strata firm remains accountable for the data it holds regardless of where it is processed. This checklist gives you the right questions to ask your provider and a benchmark to measure their answers against.

03
We use PIQ and StrataMax — does this checklist apply to us specifically?

Especially you. The checklist is built around those exact platforms, including the MFA configuration, audit log setup and access control structures specific to each one. Generic cyber checklists miss the strata-specific risks in the LOB layer. This one does not.

04
Do we need to be an All IT customer to use this resource?

No. Hand it to whoever runs your IT today and ask them to walk through it with you. If you would like an independent second opinion on where your environment stands, we are happy to provide one at no cost — no obligation to switch providers.

05
What should we do if we think we have already been breached?

Do not email or call from the suspected environment. Use a clean device, contact your cyber insurer first, then reach out to a specialist incident response team. Our team can be on the phone within the hour if needed — call 1300 425 548 from a clean device.

Want a Strata-Aware Second Opinion?

Book a free 30-minute strata IT review with our team. No sales pitch, just an honest read on where your environment sits against the Essential Eight and the threats hitting the strata sector right now.