Over the past decade, there have been many high-profile attacks on industries such as healthcare, government, finance, and retail companies. However other less obvious sectors are also at risk as well.
One of these lesser known targets is the real estate sector. While it doesn’t automatically bring cybersecurity attacks to mind, the real estate industry is increasingly targeted by malicious actors due to the volume of personal and financial data they hold. This data, including contracts, bank account details, and personal information, is incredibly valuable if stolen, can cause devastating consequences.
Why are real estate agencies a target for cybercriminals?
As real estate agencies frequently deal with sensitive personal information and huge amounts of money, they’ve become a lucrative target for cybercriminals. It’s not just large organisations that are being targeted – it’s estimated 43% of cyberattacks target small to medium sized businesses, as they’re more vulnerable from a security perspective.
Real estate agencies are prime targets due to the high value money transactions that occur. Few people will transfer large amounts of money on a regular basis, whereas real estate agencies are frequently dealing with millions of dollars in transactions as properties are bought and sold.
Personally identifiable data is also lucrative information for malicious actors. Real estate businesses manage very sensitive personal information, linked to financial data, such as bank account details, credit card information, driver’s licences, e-signatures, and social security numbers. In the wrong hands, this information being used for malicious purposes can have devastating effects.
The serious harm caused by data breaches was recognised by the Australian government and, on February 22nd, the Notifiable Data Breaches (NDB) scheme came into effect. The NDB requires all businesses covered by the Privacy Act 1988 to notify the Australian Information Officer and individuals if their private data has been breached.
Any businesses operating a residential tenancy database, or real estate agency covered by provisions under the Privacy Act including those that handle consumer credit data or collect tax file numbers, have an obligation to protect the personal data they hold. Failure to do so results in severe consequences, such as heavy fines, legal action, loss of business and reputation.
How do cybercriminals attack real estate agencies?
Many real estate agencies may be unaware of the risks they face that make them an easy target for cybercriminals. Almost 90% of small to medium sized businesses believe antivirus software will keep them safe from cyber attack. Overall, the real estate sector has been less security conscious than other industries, which increase the likelihood they will be targeted.
Cybercriminals have access to sophisticated technology to launch attacks, but the most successful type of hacking tends to be the simplest
- Business email compromise (BEC): involves sending a fake email from a pretended sender to a recipient in order to coerce them into wiring funds. It often involves impersonating an individual the business is doing transactions with, such as a seller of properties
- Ransomware: malicious software that is designed to encrypt and then deny access to a user’s files or data, making it unusable until a ransom is paid.
- Cloud security breaches: while cloud-based services have many benefits, there is the risk of security breaches where cybercriminals bypass attacking an agency directly, and target their cloud vendor. Public cloud breaches take much longer for data breaches to be identified and contained than hybrid cloud.
Why real estate agencies need a cybersecurity strategy
The real estate industry deals with massive volumes of personal and financial information, and financial transactions, making it an easy target for cyber-attackers. Outdated, legacy hardware and software puts many firms in the spotlight, as they may not have modern security features needed to detect and prevent sophisticated attacks. Shifting to the cloud is also fraught, as it’s important to understand the type of security being offered by cloud vendors, and what extra protection your business needs.
Cybersecurity is more than installing antivirus software and hoping for the best. Real estate agencies need to closely assess their risk management and security protocols and overhaul or add appropriate measures. This includes the way employees access mission-critical data when working outside the agency’s workplace. More often, real estate agents are working remotely and may not have appropriate password controls in place, or use public Wi-Fi when connecting to their company’s IT environment
It’s also vital to have a strategy in place for when (not if) a cyber-attack is launched. This level of preparation for mitigating risk may be outside the scope of an inhouse IT employee, and better managed by a managed security service provider, who has specialist knowledge and experience in ensuring complete protection from viruses, breaches and identity theft
Talk to the security specialists at Lindentech and discover how your real estate business can benefit from comprehensive security systems management.