Cybersecurity Tips to Protect Your Business & Client Information
~ A CRS Webinar ~
I listened in on a terrific webinar the other day from CRS on cybersecurity, with tips on how to protect ourselves and our business, but also our clients’ information.
I thought I would share some of the best tips, learnings, and take-aways from Craig Grant, the Real Estate Tech Guru, a national speaker and trainer, and a certified CRS Instructor.
Just a small aside – our resident cybersecurity and identity theft expert, Robert Siciliano, shares lots of valuable information to help avoid identity theft, virtual and physical crime, and related issues on a regular basis. I highly recommend you follow him, and read his posts (and perhaps put some of his recommendations in place, too). Some of the stuff he talks about is kinda scary!
So here are some webinar highlights:
1. 30,000 consumers are victims of a digital crime every day. That’s pretty astounding.
2. Nothing can be done to keep out a hacker who wants in, but they typically are looking for the easiest way in. You and I are easier.
3. There are a million new viruses every day. The US is the biggest hacker target, by 10:1. Again, that’s pretty scary how much is out there and it’s always being changed – hence all the patches and upgrades (see item 6).
4. It’s essential to have anti-virus protection on all of your devices, including your smartphone. Grant says you can get a virus on anything, including Apple products, even though they may be less common.
5. The recommended products to protect you are Avast, AVG, and Malwarebytes. Grant recommended paying for the full suite of protection, not just the free anti-virus, to be maximally protected.
6. Many people - yep,I'm guilty - ignore the numerous patches and updates they get, or put off installing them. DON’T DO THIS.
Many are critical because of bug fixes and security updates to take care of new viruses. Plus not only should your operating system be updated, but your software and apps should, too.
7. Having strong passwords (with unique ones for each different site), and changing them regularly, is key. You can do this manually, or use a password manager (Grant noted that every password manager, including the highly recommended LastPass, has been hacked).
A recommended manual password strategy is a combination of 3 components:
(1) a base – a random combination of upper and low case letters, numbers, and symbols (not all websites allow symbols in passwords) – that can be the same for all sites, e.g., 2Sr1pMx! - you'll remember it after a while!
(2) a psychology component, i.e., what word makes you think of that site; and
(3) a time component, such as Q2 or Q119 (i.e., for Q1 2019) that you would change periodically.
So a Facebook password today could be 2Sr1pMx!zuckQ219.
8. Phishing, sending fraudulent emails and texts to try to get you to give up sensitive information, is increasing all the time. We all get this stuff, and probably recognize it. We need to slow down and pay close attention.
Check out the header – does it even make sense?! Look at spelling and grammar – that’s a huge giveaway, and pretty funny sometimes. Links are also commonly included (e.g., “update your account information here”), and of course one should never click on them.
9. Wire fraud is becoming more and more common in our industry. It’s important to educate our clients about what it is, how it works, and how to protect themselves. You can include a wire transfer disclosure in your email. California now has a specific Wire Transfer Disclosure that is part of our offer contract - does your state?
Escrow companies are commonly using encryption and other means to share wiring instructions, and buyers are strongly recommended to call and verify wiring instructions with someone at the company they know works there. And it’s important to make sure these vendors have cyber insurance. Cyber insurance policies are also available for individuals, too.
10. Social engineering tips – guard your online reputation carefully. Grant recommends you clean up your social media profiles on a regular basis, say quarterly, including auditing your friends list (are there some who should be removed or blocked?), privacy, and posting settings.
11. Tech etiquette – further protect your business and your reputation by watching those digital emotions, and being careful of what you say and how. Don’t be too hasty to hit that send/submit button.
And while he did not mention this specifically, I would add do not share confidential information on clients or transactions in your social media shares.
And agents should advise buyers and sellers about not sharing information about their transactions on their social media sites.
Grant and his colleague teach a full day CRS class on cybersecurity and I’m planning to take it when I can.
So how is YOUR cybersecurity and are you protecting your business, and your clinets' information?