October is Cybersecurity Awareness Month. A collaboration between government and private industry, this month is dedicated to raising awareness about data security and empowering businesses and individuals to protect themselves from cybercrime. Cybersecurity Awareness Month represents an excellent opportunity for all real estate agents to make sure they are aware of cyber risks and take steps to safeguard against them.
As businesses become increasingly digital, threats of data breaches and other cyberattacks continue to rise. According to the FBI’s 2021 Internet Crime Report, cybercrime complaints increased from 301,580 in 2017 to 847,376 in 2021. Losses from cybercrime reached $6.9 billion in 2021.
No business is immune from cybercrime, but real estate agents represent an enticing target of increasingly sophisticated cybercriminals by virtue of the sensitive personal and financial information associated with real estate transactions.
Common cyberthreats for real estate organizations
An important first step in preventing and mitigating cybercrime, is to be aware of the cyber threats that target realtors. Some of the most common cyberthreats for real estate organizations include:
- Phishing attacks
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable entity or person. Hackers trick individuals into clicking on a link or downloading an attachment or divulging sensitive information. Phishing attacks are becoming increasingly common. A recent survey by cybersecurity platform Proofpoint revealed that 83% of respondents said their organization experienced at least one successful email-based phishing attack, up from 57% in 2020.
Business Email Compromise (BEC) is a sophisticated form of email phishing in which an attacker obtains access to a business email account and deceives people into believing that they are interacting with a trusted sender. In the real estate industry, cyber criminals use BEC to conduct unauthorized transfers of funds via an email message that appears to come from a known source and provides homeowners with fraudulent wire transfer instructions.
- Ransomware
Ransomware is on the rise, increasing 13% in a single year – more than the last 5 years combined, according to Verizon’s 2022 Data Breach Investigations Report.
Ransomware is a malware designed to prevent a user or organization access to files on their computer. Cybercriminals encrypt these files, rendering them unusable and unreadable, and demand a ransom payment for the encryption key to regain access to files. Ransomware is commonly distributed by visiting malicious websites or opening a malicious attachment in a phishing email.
- Vendor compromise
Third-party vendor cyber risk represents a persistent cyberthreat for real estate companies. When a hacker compromises the computer system of a third-party partner, sensitive business and client data could be exposed.
Taking steps to prevent cyberattacks
Good cyber hygiene and building a cyber secure culture can help real estate agents guard against cyberattacks. To achieve this in their companies, firms should take the following steps:
- Educate employees
Cybersecurity training for employees is one of the most important steps in combating cyberthreats. Studies show that 95% of cybersecurity breaches are caused by human error.
Employee cybersecurity training should address topics relating to selecting strong passwords, recognizing social engineering and phishing, and the danger of clicking on suspicious links or downloading suspicious attachments. Firms should stay up to date on evolving cybercrime and information security risks and continually make employees aware of new risks and cyberthreats.
- Keep systems and software up to date
Updating computer systems and software can prevent security vulnerabilities and stave off cyberthreats. Cybercriminals use vulnerabilities in software as gateways to infect computer systems, and steal or encrypt sensitive data. Security patches are often part of software updates and an important reason why updating software should be a regular practice.
- Use multifactor authentication
Multifactor authentication (MFA) is a security technology that requires two or more credentials to verify a user’s identity for login. According to the Cybersecurity & Infrastructure Security Agency (CISA), “MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.” Examples of MFA include requiring an answer to a personal security question or inputting a code sent to an email before the user is allowed to log-in.
- Use safe internet connections
Accessing the internet from public Wi-Fi networks in places like airports and coffee shops can present a security risk, as there is no guarantee these connections are secure. Avoid using these networks when accessing financial information and other sensitive personal data.
- Vet third party vendors
Perform due diligence on vendors to research their cybersecurity policies and safeguards. Ask questions about the specific controls and security protocols each vendor has in place and ask about the vendor’s security track record.
NAR also recommends that real estate agents work with an attorney licensed in their state to help develop cybersecurity-related programs, policies and materials. For more information on cybersecurity best practices, agents can look at NAR’s Cybersecurity Checklist.
Use Cybersecurity Awareness month as an opportunity to ensure that cybersecurity practices are up to date and integrated into all aspects of business operations.
For more information, visit https://www.orlandorealtors.org/.
