Real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers.
That claim comes from panelists at this week’s Risk Management and License Law Forum, held at the 2015 Realtors Conference & Expo in the United States. The panel discussed potential threats and offered tips for real estate agents to protect themselves and their businesses and clients from cyber-attacks.
Melanie Wyne, National Association of Realtors technology policy expert, said that while we often hear in the news about large companies falling victim to hackers, small businesses, which often lack the vast technology and legal teams of larger businesses, actually account for the majority of attacks.
“Small businesses need to pay just as much attention as large companies to possible cyber threats,” she said.
Darity Wesley, founder of the Lotus Law Center, said hackers are seeking personally identifiable information; data that could potentially identify a specific individual such as credit card or bank account information, login credentials, employment details or a physical address, e-mail address, and phone or social security number.
“Most people don’t know the vast amount of data stored about them in a variety of systems,” said Wesley.
“Identity thieves can do a lot of damage with this information; your credit and whole life could be ruined.”
Wyne added data breaches can impact real estate businesses in three main ways: businesses can suffer from financial harm from expenses resulting from the breach; the legal risks of lawsuits from clients or others impacted by the hack; and reputational risks from having to publicly disclose the hack.
She said commercial properties are also vulnerable from hacks into their automated or building control systems.
While cloud and free email services are convenient for business, they are never completely secure and Wyne recommended that real estate agents research the level of security those companies are employing before using their services and storing information or documents into them.
She also recommended that agents ask these services to be indemnified in the service is hacked.
Wesley said anyone using a free email service for business should encrypt emails with client data. She recommended visiting lifehacker.com (then search on “encryption”) for tips for encrypting emails.
Jessica Edgerton, NAR associate counsel, shared that in recent months, real estate professionals have reported an upswing in a particular wire scam where a hacker breaks into an agent’s email account and obtains information about upcoming real estate transactions.
After monitoring the account, the hacker will send an email to the buyer as he or she nears closing, posing as the agent or someone from the title company and requesting that the buyer wire transaction-related funds.
Edgerton recommended that real estate agents inform their clients at the beginning of any transaction about this scam, and that if buyers do receive an email about wiring funds that they immediately call the agent on the telephone.
Wyne also said it’s important for real estate agents to know the laws regarding data security and privacy that affect their organisation, especially since some countries have enacted laws that require businesses to have proactive security programs in place.
All of the speakers recommended strong passwords and developing a data security programme, and implementing and maintaining safeguards to protect private data.
A privacy policy disclosing some or all of the ways the business collects, shares, protects, and destroys personal client information is also a good business practice.
