Cybersecurity and the Real Estate Industry: The Situation Today
The news is full of reports of sophisticated cyber attacks on business. Cybersecurity breaches can do enormous damage and be astonishingly costly. A recent study by IBM puts the cost of a single data breach at $3.86 million per company.
In recent years, the problem has been compounded by the trend to have any and all devices connected. This can leave systems more vulnerable to malware and other hostile intrusions.
The onslaught of cybercrime is particularly bad news for the real estate industry for two reasons. One is that the real estate industry handles a great deal of money, which naturally makes it an attractive target for thieves. The other is that cybersecurity measures in the real estate industry tend to lag behind cybersecurity efforts in other businesses. Many companies don’t even have all their connected devices fully visible, let alone secure.
Hackers don’t just target the huge real estate companies, either. They frequently go after smaller companies and startups as well, and then the cyber attacks can be even more devastating. The National Cyber Security Alliance reports that 60% of hacked small or midsized companies go out of business within half a year.
Cybersecurity and Cybercrimes That Target the Real Estate Industry
There are a number of common hacks against which a real estate company urgently needs protection. One of the most common of all is the business email compromise or BEC attack. This scam is also called spear-phishing, whaling, or CEO fraud.
In a BEC attack, the scammer impersonates a high-ranking official in the organization. The email urges actual members of the company to quickly transfer funds to cover some contingency or other. The money, of course, actually goes into the criminal’s account, often somewhere offshore where recovery is extremely difficult if not impossible. Since the communication looks legitimate, the recipients are quite likely to comply, so likely, in fact, that the FBI reports that this form of cybercrime is steadily on the rise, as is the resulting monetary loss.
One reason that BEC attacks work is that the company’s email security is often outdated. It was designed to protect against viruses, malware, and spam, not cope with this particular manifestation of social engineering. Fortunately, more comprehensive forms of cloud-based email security platform are emerging. They compare an incoming message to billions of previous scanned emails and other documents. The comparison reveals patterns that can indicate an email didn’t really come from the person or place it purports to come from.
Of course, there are many other threats as well. Distributed denial of service (DDoS) attacks make a network or server unavailable to users.
Ransomware does the same until the real estate company pays money to the criminal. In addition to a company’s computers, ransomware can cause devices connected to them to malfunction. For example, a ransomware attack made the electronic locks in an Austrian luxury hotel lock guests out of their rooms.
Man-in-the-middle (MITM) attacks insert a third party into a situation where two people erroneously believe they’re communicating directly with one another. This makes the third party privy to the conversation and even enables him or her to alter messages.
Zero-day (0-day) attacks exploit a hitherto unforeseen vulnerability in a company’s computer software.
How the Real Estate Industry Can Achieve Effective Cybersecurity
Real estate companies need a multifaceted cybersecurity approach to thwart these attacks and others like them. That means they need to train their personnel on cybersecurity issues and countermeasures and provide documentation detailing strong operational procedures. They also need up-to-date antivirus, access control, and other cybersecurity services.
Real estate companies also need to consider the adequacy of the cybersecurity of any cloud computing applications they use. It’s easy to overlook this since the cloud computing vendor is a separate company, not yours. But if the cloud vendor gets hacked, the hacker may make away with data pertaining to your customers and your business, and you may find the terms of your agreement with the vendor leave you liable for much of the resulting loss.
Here are some specific tips a real estate company can use to manage cybersecurity.
- Have a wire policy. You’re less vulnerable to BEC attacks if you never wire-transfer money based solely on an email. Verify the request to transfer money in some other way, possibly by talking to the party involved on a known phone number. (That means you don’t rely on a phone number contained in the email to place the call.)
- Backup your system.You’re more vulnerable to ransomware extortion if you don’t have adequate backup.
- Negotiate your agreements with cloud computing vendors.Do this with an eye to limiting your liability if someone hacks the vendor and your company’s information is compromised.
- Take out cybersecurity insurance.You might feel like you don’t need it if your real estate company is addressing its cybersecurity needs in other ways. But no security system is perfect, and it’s not impossible you’ll get hacked even so, at which point you’ll be glad of the protection.
The bottom line here is that adequately addressing a real estate company’s cybersecurity needs requires an investment of thought, time, and money. But the cost can be trivial compared to the cost of neglecting them.