5 Ways to Defend Your Business Against a Data Breach

November 10, 2019

Using a tagline at the bottom of your email signature that warns about the dangers of wire fraud scams is simply not a bold enough alert for your clients, warned security expert Robert Siciliano at a Sunday session about cybersecurity during the REALTORS® Conference & Expo in San Francisco. Siciliano challenged real estate pros to increase their knowledge of and effectiveness at thwarting scams so the industry becomes a less appealing target to scammers.

The industry is “functioning in a state of denial like a breach will never happen,” Siciliano said. “Many real estate agents don’t fully understand the real threat, and the bad guys are exploiting the flaws and vulnerabilities of the real estate industry’s inaction.”

Here’s how many of these scams work: Hackers gain access to a real estate professional, lender, or title company’s email and watch the communications to learn about the parties involved in a transaction. Then, just before closing, the scammers fake an email that appears to come from you to the client with wiring instructions. Once the client wires the funds, investigators are rarely able to recover them.

Siciliano, a security trainer at ProtectNowLLC.com, provides training in “Cyber Social Identity and Personal Protection.” He showed attendees at Sunday’s session just how vulnerable their transactions are to wire fraud. Here are a few of his tips:

  1. Stop being naive. If you think it can’t happen to you or your client, think again. Reports of real estate-related email phishing scams jumped 1,100% between 2015 and 2017, according to the Consumer Financial Protection Bureau. The CFPB estimates a loss of nearly $1 billion to date in real estate transactions due to such scams. Be skeptical of all communications, Siciliano said. “When the phone rings or an email comes in, scrutinize all communications in such a way to expect first that it is fraud, and then gather proof to confirm its legitimacy before providing any sensitive information or wiring of any funds,” Siciliano said. “We have given too much trust to electronic communications.” Go directly to websites or call someone to verify information. “Don’t blindly engage, or you put yourself at risk,” Siciliano said.
  2. Do more to educate your clients. Fully understand the threats so that you can effectively communicate them to your clients. “Copying and pasting a warning in red text in the body of the email is like you’re washing your hands of it and believing you’ve done your job,” Siciliano said. “That is not enough.” Have face-to-face conversations with your clients, clearly explain the risks, and warn them to verify any wiring instructions they receive with you. Agents who are having these conversations with their clients also will appear more valuable than the agents who are not, Sicilano said.
  3. Better protect your passwords. Weak passwords make it easier for hackers to gain access to accounts. Siciliano showed attendees how easily email passwords can be exposed and how to tighten up their security. For one, better password management can be a starting point. “Most real estate agents are using the same password across multiple accounts,” Siciliano said. “This means that when any given account is compromised, such as an existing social media account where the password is the same as the email password, then the criminal has access to their actual email and simple log-ins. Use a password manager software program that facilitates a secure and different password across all critical accounts.” Also, use two-way authentication for your email.
  4. Update your software regularly. Outdated software is another way scammers can gain access to your communications. Older devices don’t have the ability to fend off newer software attacks, Siciliano said. Consider “updating and upgrading hardware to newer mobile phones, laptops, and desktops that can support newer operating systems and security software,” Siciliano said. “With software updates, make sure that all operating system software has the latest security patches, and that you’re updating each and every software program, such as your browser and even Adobe, with critical updates to prevent intrusions from recognized flaws.”
  5. Raise your digital literacy. Don’t brush off threats because you don’t understand them, Siciliano said. Read up on the dangers and find training to learn what more you can do. “It’s amazing that still, to this very day, I hear about real estate agents doing a simple search in their browser, and they don’t know whether what they are clicking is legitimate or fraud,” Siciliano said. “Navigating the web and utilizing digital devices has become fundamental to performing our job duties. And wrapping our heads around these various technologies and understanding what we are clicking is fundamental.” Take the initiative to learn more, Siciliano said.