Lee Nelson is a freelance journalist from Illinois. She writes for several state REALTOR® association magazines along with LawnStarter.com and Nurse.org. She has written for Yahoo!Homes, MyMortgageInsider.com, and TheMortgageReports. Contact Lee at email@example.com.
9 Ways to Keep Data Secure
These products and practices will keep both your agents and your brokerage from falling victim to hackers and cyber attacks.
August 11, 2015
Cybercrimes happen every day and they can devastate people’s lives and livelihoods. With all the personal information real estate companies collect, a breach in security could cost a brokerage business and tarnish its reputation.
“Having the right tools to protect yourself and your clients is crucial in this war against hackers,” says Denise Mainquist, founder of the information technology company ITPAC Consulting in Lincoln, Neb.
One of the first things brokers need to know, she says, is that hackers aren’t random; they relentlessly search the online world to find their next victim. They look for the most vulnerable systems, and then they attack with phishing, malware, ransomware, and other scams.
This article is part of a three-part series informing brokers on data security issues. Also read:
“A real estate agency is a perfect example of an environment that is susceptible to hackers … especially the high-end residential sales firms,” says Brad Deflin, founder of Total Digital Security in Palm Beach, Fla.
Sometimes personal information related to transactions is sent or viewed on sales agents’ personal (nonbrokerage) smartphones and computers. The information can be anything from banking and tax information to legal documents, itineraries, and leases.
Deflin says it’s difficult to fully eliminate all risk of a cyber attack. However, it’s possible to substantially reduce your risks without too much expense or change in user behavior.
Here are some ideas for what brokers can do now to protect themselves and their agents from being hacked:
1. Encrypt e-mail. Installing encryption software, such as Gnu Privacy Guard, will prevent some hacking threats. Nonetheless, Mainquist warns, “if you don’t want certain information to get in the hands of others, it should not be in an e-mail.” Mailvelope will also work to encrypt messages on Web mail providers like Yahoo, Gmail, Outlook, and others.
2. Use a Virtual Private Network. For about $6 or $7 a month, you can use a VPN, which makes sure all your communications are automatically encrypted and tunnel through a protected network instead of through the servers accessible to hackers. Private Internet Access is a popular VPN option.
3. Train all agents on how to identify phishing scams. A phishing attack can come in the form of an e-mail — from either a hacked e-mail account of a known individual or an unknown e-mail address made to look like someone you trust. These e-mails include an attachment or link that, if opened, will install malware on the computer or network. It may lay dormant for a while, then hatch and spread throughout the system. Sometimes it will involve a countdown where the attackers demand money to save your information. The bottom line: When in doubt, don’t open the attachment.
4. Keep up to date on scams, updates. Stay on top of the latest threats by signing up for e-mail updates from trusted security sources. You can also check free databases of technical liabilities identified by vendors and security researchers through the National Vulnerability Database.
5. Don’t let agents reconfigure their smartphones. Mobile users sometimes alter devices in order to download unapproved apps or to access a smartphone’s system files, but this practice can make them vulnerable. According to Gartner Research, an IT advisory company, by 2017 75 percent of mobile security breaches will be the result of misconfigured applications. Malware can do a lot of damage on devices that are altered, which is called “jailbreaking” on iOS devices or “rooting” on Android tablets and phones, says Mainquist. Brokers should add a “no reconfiguration rule” to their office policy manual.
6. Encourage agents to use a business e-mail address. Many real estate agents use their personal e-mail accounts. But using the private domain of an agency is much safer than using a Yahoo or Gmail address. Hackers are regularly trying to tap into those high-volume servers, Deflin says, which can put the information your agents are sending at a higher risk.
7. Secure all documents. Deflin suggests securing documents in digital vaults — which are like safety deposit boxes on secure servers where everything is automatically encrypted all the way to the destination. His business builds these digital vaults using actual servers. “These facilities are all about security. You can send and receive your documents easily but safely,” he says. “This also costs about $5 to $6 a month.” Be sure to peruse REALTOR® Magazine’s compiled list of data storage options.
8. Buy a cyber liability insurance policy. According to the National Association of Insurance Commissioners’ website, new cyber liability insurance is “expected to grow dramatically over time as businesses gradually become more aware that current business policies do not adequately cover cyber risks.” This type of insurance can cover such issues as liability for security or privacy breaches or providing credit monitoring services to affected consumers.
9. Let clients know about your security measures. Once you get all your tools in place, let clients and potential customers know what you are doing to keep their information safe. Also thoroughly explain procedures they must follow, such as when wiring money or sending financial information.