Real Estate: The Cyber Security Landscape
Recent years have seen a growing number of cyber security incidents involving the real estate industry and the greater supply chain, such as mortgage brokers and settlement agents. Given that the industry handles such large volumes of sensitive information, including financial and personal data, it makes for an attractive target for cyber criminals.
You, as a real estate business, must be tired of the growing cyber security threats getting in the way of the day to day. It is a never-ending game of “cyber whack-a-mole”. After all, how can you be selling houses if you are constantly dealing with IT issues, privacy concerns and in general, overall Cyber Security matters.
First and foremost, let’s talk about the elephant in the room:
The real estate industry is notoriously behind the times when it comes to technology and slow to admit there is a problem.
Sure, you might have upgraded to that fancy new laptop last year, but that doesn’t mean you’re immune to cyber threats. Hackers are getting smarter, and real estate agents need to catch up.
A big concern in the industry is the lack of realistic and appropriate education around cyber security. Let’s be real, most agents are so focused on closing deals, not on learning about the latest phishing scams or ransomware attacks. But the reality is that the sensitive information you’re handling — like financial and personal data — makes you a prime target for cyber criminals. We have seen an increase in automated and cookie-cut phishing testing and videos to teach you about cyber security, and we believe these education pieces are not effective (well, useless actually) against the emerging threats. Industry bodies are trying to deliver cyber security training as part of their continuing professional development however when something serious is measured against attendance, then even this training will be ineffective as well.
An over-reliance on email for communication and document sharing is another issue we are seeing. It’s 2023, people! There are plenty of secure online platforms and cloud-based services out there that can better protect your data.Once you have actioned the emails and stored the necessary attachments/relevant information into these online systems, delete the emails. Think about it this way, we don’t keep physical mail when it is no longer required. Why can’t we do the same with our email once it has been actioned?
One of the biggest issues here is the identity checking required for property management and sales for properties. There is antiquated functionality of property management and sales software that does not have flexibility to integrate good identity solutions without significant changes being made, leading many of these processes still being performed on paper (or editable PDF forms). Digital systems are not being adopted due to their hefty price tag, or the users’ lack of technical competency to use these platforms. There are no defined standards for identity checks, merely guidelines which loosely point to the Privacy Act.
Now, I am not placing all the blame on the real estate agents. Governing bodies need to step up and provide the necessary direction in the industry. This does not mean cookie cutting what the government is already offering (which is unrealistic), and for all intents and purposes, sheer stupidity, expecting real estate businesses to be applying standards which are already flawed due to flawed human thought and loosely set guidelines.. The current cookie cutting standards and guidelines will not provide adequate means to protect the organisation. It shouldn’t be up to each individual agent to figure out how to secure their systems and networks.
So, what’s the solution? It’s time for a mindset shift.
Cyber security isn’t just a technological issue, it’s a business issue.
A breach or incident can have serious financial and reputational impacts for both the agent and the industry as a whole. It is not about the fact of having an IT provider (or IT team) that says they do cyber security. Let’s face it, in the last couple of weeks, there has been news of an IT company who has frauded their customer as a trusted insider threat.
In conclusion, real estate agents, it’s time to wake up and smell the cyber coffee. You don’t want to be the one responsible for a major data breach because you didn’t take cyber security seriously. The cyber incidents won’t only affect your business, but the reputation and economy of your industry. It all starts with taking a step and securing your business as a whole from cyber attacks.
Thomas Cyber Team.