Real estate professionals and cybercrime might not seem connected on the face of things but they are. Much like any industry that deals with sensitive information, such as bank details or addresses, cybercriminals will start to circle around it like sharks in a feeding frenzy.
Additionally, the rise of remote working opens up a whole new avenue where hackers gain access to vital company and client information. Far from being immune to cyberattacks; the real estate industry is one of the most targeted in the world.
With so much sensitive information stored on real estate businesses’ databases, and many realtors working from home, hackers are having a field day. We’re taking a look at what the risks of cybercrime are to real estate professionals and how they can be prevented.
How does cybercrime affect real estate professionals?
As a business in the property industry, sensitive customer information is your responsibility. It’s common for hackers to hijack emails from a real estate business and its clients to scan for passwords or financial details. Those same hackers might also divert emails to customers to ask them for their account details.
“There were more than 11,000 victims of real estate cybercrime in 2019, resulting in total losses of $221.4 million,” reports Ann Heinz of WebCE. “In addition, cybercriminals diverted or attempted to divert and wire $969 million from real estate transactions into accounts they controlled.”
It’s therefore vitally important to have robust defenses against hackers. Data from Interpol revealed that ransomware incidents have increased by more than a third, with phishing and fraud claims increasing by 59%.
Shortage of cybersecurity skills making it harder for real estate businesses
Unfortunately, there is a shortage of cybersecurity skills which is making things harder for real estate businesses. Many organizations are lacking the talent to keep hackers at bay. While this can be a problem caused by the organization’s approach to cybercrime, the truth is there are not enough skilled professionals to fill the required roles.
Demand is far outweighing supply which has created a cybersecurity skills gap. However, some of these issues may be solved by companies changing their expectations of what a cybersecurity expert is.
Many job listings for cybersecurity professionals are asking for requirements that don’t fit the role. Those criteria can limit the talent pool, particularly as much of the experience can be picked up while doing the job.
For instance, some jobs ask talent to be a junior cybersecurity agent but also to be a Certified Information Systems Security Professional (CISSP) which takes five years to obtain. Someone doing their job for five years isn’t typically considered a junior.
Research from IBM and the Ponemon Institute’s 2021 Cost of a Data Breach Report shows that small organizations (those with fewer than 500 employees) spend an average of nearly $3 million per incident.
How real estate professionals can respond to cyberthreats
Thankfully, the real estate industry isn’t helpless when dealing with cybercrime. There are methods and options to help reduce the risk of hacks and the leaking of all-important client information.
One of the most common ways businesses are shoring up their security weaknesses is through penetration testing. This involves using a cybersecurity professional to attempt to hack into your company database but in a friendly and constructive manner. It is not malicious and is simply an exercise to showcase where cybercriminals can breach company security.
Information is power, and knowing where to improve your data security is priceless in the battle against hackers. With threats constantly evolving, company security must move with the times and adapt to the latest trends.
This is often called ‘ethical hacking’ as it shows an organization where the holes in its defense are and how to fix them. Understandably, this can be a nerve-wracking process for the company being investigated. They are essentially handing all of their private and sensitive data over to a third party. While scary, penetration testing is essential to ensure your data security is up to the task.
Working from home risks
Due to the Covid-19 outbreak that ground the world to a halt in 2020, many people began working from home. This trend has continued throughout 2020 and beyond, with all industries adapting to offer more flexibility to employees.
Real estate is no different and, according to the NAR 2018 member profile, 76% of sales agents are not paying any office lease. That level of remote working has seen the rise of cybercrime threats as people often work at home using their personal devices rather than company property.
Companies with a cybersecurity strategy may consider the systems they use in the office but often neglect to consider their employee’s setups at home. This may be due to tight budgets prohibiting employees from getting new laptops or home computers, or it may simply have been overlooked by the company.
These devices and software programs outside of the IT department are known as ‘shadow IT.’ It refers to the tech used at home that doesn’t have the approval of either the IT department or management. Shadow IT doesn’t just consider the individual but also teams or departments within an organization.
Some examples of shadow IT are personal email addresses and messengers, unauthorized software and file sharing, undeclared servers, and the use of personal drives. Issues can arise when remote workers are accessing customer data through their personal devices rather than those provided by the company.
Protecting your data when working from home
Working from home is here to stay so real estate agencies should take some steps to protect company and client data as much as possible. The first step to discovering if there is a security risk is to assess how everyone working remotely uses the system. Identifying how employees use their personal devices is where the IT department should begin.
It’s also important to communicate with employees about how they use their devices and identify the risks to them. When dealing with sensitive information, real estate agents must use a secure home internet connection rather than open networks found in cafes or public workspaces.
Finally, share best practices throughout your organization and adopt new policies to help protect client and company data through software policies. Try to eradicate as much unvetted software as possible and ensure employees are using company apps where possible.
Safe practice for data protection
Companies can suffer heavy fines if they are found to be in breach of good data practices. The fines are not insignificant as some of the biggest corporations in the world have found out. Equifax agreed to pay a minimum of $575 million for its 2017 breach, while Uber’s poor handling of its 2016 breach cost it close to $150 million.
Outside of hiring a cybersecurity expert, there are some day-to-day things that realtors can do to prevent cybercrime. This may go without saying but something as basic as ensuring all files are password-protected will go a long way to keeping threats at bay.
Passwords are the first line of defense against hackers so making sure all of your work files use them is essential. Additionally, ensuring that client data isn’t kept on a device that may leave the building prevents it from getting lost. Personal information should never be released over the phone.
Of course, strong and current anti-virus software prevents any malware from gaining access to your database. If left alone, malware can start cracking any weak passwords, bore into systems, and start spreading through networks.
Comments(2)