Stay updated with the latest cybersecurity news.

Why real estate agencies need a cybersecurity strategy

By Reason Cybersecurity

on Tue Sep 29 2020

Much has been said about the impact that the increasing numbers of remote workers are having on real estate markets, but very little has been said about the impact they are having on real estate agencies themselves, even though that impact has been profound. And like other industries, although much of that impact has been positive, there’s been a downside too. It’s called cybercrime and if you’re not careful, it’s coming to your real estate business.

Real estate agencies are a low-hanging fruit for hackers

Since the real estate industry routinely works with and transfers large sums of money, real estate firms are on every cyber criminal’s radar. As a result, it’s not just real estate professionals and investors making money off of real estate; cyber criminals are making money off of it too. In fact, one third of real estate firms have experienced a cybersecurity attack in the last two years and in 2019 it was reported that attacks against property-related businesses increased by more than 100%.

And hackers aren’t content to focus their attacks on just one area of real estate. They’ve broadened their scope to attack all the players in the field including agents, buyers, inspectors, insurance agents, title companies, etc. The attack on First American is a cogent reminder of this reality. In 2019, First American, a major title insurance company, suffered a data breach that exposed the financial data of 885 million customers. Given the estimated $32 trillion market value of the real estate industry, it shouldn’t come as a surprise to learn that there have been many other such cybersecurity attacks on real estate-related businesses too.

More reasons real estate agencies make attractive targets

Not only do the vast sums of money being transferred between different entities make real estate companies attractive targets to hackers, but so do the vast amounts of personally identifiable and financially sensitive data that they handle such as bank credentials, social security numbers, and credit card details. And since so many real estate businesses simply don’t have the cybersecurity measures in place to protect themselves, all this data is floating around the real estate industry ripe for cybercriminal picking. 

The tactics and tools cybercriminals use against you

Moreover, cyber criminals and hackers have all the tools, techniques, and tactics they need to launch their attacks. Business email compromises (BECs), for example, are one of the most popular attack methods. A BEC is when the attacker impersonates a business to convince another business to wire funds to a fraudulent account. Usually, the hacker will send the email from a fake account that just looks like it belongs to a legitimate business. Other common attacks against real estate businesses include ransomware, Trojans, compromised landing pages, malicious attachments and attacks on cloud-based services.  

Now the good news – protecting your real estate business with a cybersecurity strategy

Even with the intensification of cyber attacks, however, there are still effective defense measures you can take to protect your real estate business, and it starts with a cybersecurity strategy. One of the most critical components of this strategy is a business antivirus. Real estate firms need a comprehensive endpoint antivirus that will protect their business, their employees, their partners, and their clients from cyberattacks. Look for a solution that blocks ransomware, phishing and other types of malware, secures your cameras and microphones, stops websites and apps from tracking you, and prevents you and your employees from browsing malicious websites. 

Regular cybersecurity awareness training is another critical safety measure to include in your strategy. Your staff must be made aware of cybersecurity threats and their consequences, so that they always operate with a cybersecurity mindset. Staff should also be taught how to recognize potential phishing attacks and not to blindly click on links or open attachments. In fact, everyone involved in your real estate transactions, including the other  businesses you work with and your clients, should be reminded of these risks so that they exercise caution throughout all the transactions. 

In addition, your firm should enforce strict password hygiene and use two-factor authentication. Finally, before complying with an email request for a transfer of funds, staff should be required to verify the request by phone. Similarly, emails with attachments or links that look suspect should be verified by phone to make sure the emails are legitimate.

Keeping cybercrime out of your real estate agency’s digital neighborhood

Just as you would advise clients not to move to unsafe neighborhoods, when it comes to your own business, you must follow that same advice and keep your business in a safe digital neighborhood. Implementing a smart cybersecurity strategy that follows the cybersecurity measures listed above is one of the best real estate investments you can make.