Find out what you should be doing to protect your company and your clients from data breaches.
You may shake your head as you read about the latest hack on a major retailer or credit provider, exposing the personal and financial information of millions of their clients. However, real estate professionals throughout the industry are just as vulnerable to cyber attacks, if not more so, and the liability is just as real. Preventing fraud in your real estate business involves a multi-pronged approach and ongoing vigilance, as well as smart, everyday practices to better protect your business and clients.
There are a variety of ways that cybercriminals can take advantage of your systems and processes to capture and exploit the vast amounts of financial information to which you have access. Here are some of the main ways they attack.
By spoofing email addresses and styles, criminals can reach out to any number of participants in a transaction with false closing details or requests for further information in order to take advantage of the frequency of emailing during a real estate deal. Many of these emails look completely authentic and, after capturing information, may evenlink back to authentic platforms in order to provide additional cover.
While BEC can take place at any point during the contract phase, it is especially common immediately prior to closing, when criminals send fake emails to clients with closing details and false wiring instructions. Once the wire transfer occurs, the money is immediately withdrawn and frequently becomes untraceable.
Malware is probably what you think of when you think of a cyber attack -- spying on your computer, capturing bank information, or installing a virus to wipe out data. Malware is difficult to track and easy to replicate, meaning that one malware attack can end up infecting a variety of computers and mobile devices beyond the initial site.
This subset of malware is just what it sounds like -- it captures your devices until you pay a ransom to the hackers.Ransomware can be devastating to a company, infecting not just computers and mobile devices but also connected appliances like smart locks, lights, security systems, and thermostats. Thus a ransomware attack can shut down not just your operations but put your entire office at risk.
You may have joined a cloud platform in the first place in order to increase your security and store documents related to your transactions. After all, shouldn’t a large cloud-based provider have greater protections in place than your small real estate office?
Unfortunately, as the laundry list of major companies who have been targeted by hackers has proven, no one is immune from the effects of a cyber attack. That means that instead of providing greater security, your cloud platforms could be a convenient entrance to your system and its data.
Now that you know some of the ways that hackers seek to fraudulently access and manipulate your systems and processes, how can you foil their attempts?
If you have never created policies to address fraudulent activity or cyber security, it is time to do so. Whether you work with a cyber security consultant or seek the services of a cyber security company, it is important for you to know how to protect your systems.
If you have previously created policies, you should revisit them frequently to ensure that they are keeping pace with the growing threat of online fraud and that they are strong enough. Remember, you are legally obligated to ensure that your clients’ records are protected, so consistent updates and well-defined policies are essential.
In addition, if you are part of a large franchise brokerage, your corporate headquarters may provide advice and insight along with their own security-optimized tech platforms. Reach out to them to determine what they have identified as best practices within the company.
There are a variety of ways to work with your staff in order to ensure that they are following best practices with client data storage, retrieval, and use. For example,
● No one on your staff should be opening attachments or clicking on links from unknown addresses
● No one should be attempting to circumvent the company firewall or security system
● All security updates should be installed as scheduled
● All staff should follow safe password processes
● All staff should opt-in for multi-factor identification on all platforms and devices
Since one of the main ways fraud occurs is through email schemes, all staff members should be trained to double-check email addresses and contact information with current company records. Many fraudulent emails use addresses that are slightly different from the authentic email address and give phone numbers and other contact information that connects to the fraudulent actors.
Similarly, clients and colleagues should know that you have strict policies and procedures in place for the communication of sensitive information, especially regarding wire transfers. Familiarize them with the platforms you use and the encryption tools to expect.
In addition, let everyone involved in the transaction know that you will be communicating with both the client and the title company, so the client should not transfer any money or send any sensitive information unless they check with you first. Add an extra layer of security by using an encrypted video messaging app, so that the recipients can see you delivering the necessary information personally.
Look into the policies followed by your cloud computing platforms, including the liability they accept in the event of a data breach or cyber attack on their end. Understand what your responsibility is in order to ensure compliance with their security measures. They may be able to provide tools, insights, and processes that will help you better protect your systems and your clients.
This type of coverage can help to protect you against material losses arising from a data breach, as well as damage to your reputation and the resulting loss of income. Coverage applies to both your ownlosses and the expenses incurred in the event that a client sues you for negligence after a hack or phishing scam that exposes their information.