Why The Real Estate Industry Is A Sitting Duck For Hackers
With customer information stored throughout the online property journey, and cybercrime on the rise, here’s what every agent needs to know about data security.
The Price of Data
For real estate firms, data security and cybersecurity are no longer nice-to-haves; they’re now crucial items on the agenda.
Forbes reports that in the last year, there were around 500 million enterprise-level attacks, with hackers successfully gaining access to, and compromising 35 million ‘crown jewels’ files (flagship assets, sensitive files or data) in September 2022 alone. What’s even more shocking is that while 16% were hacked once, an astounding 60% were hacked twice or more.
The “ransom” for these attacks is growing exponentially as well. While ransoms were averaging at about $500 per attack in 2016, they skyrocketed to over $800,000 per attack in 2021. The average cost of an information security breach in the US in 2022 was an eye-watering $9.44 million. It’s no wonder then that over half of all smaller businesses that are attacked end up filing for bankruptcy within six months of the attack.
Why cybersecurity and data protection matters even more in real estate
It’s simple. Brokerages and their agents are entrusted with sensitive personal and financial details, and having those details be compromised or falling into the wrong hands can lead to devastating effects for clients. Agents collect information like bank details, contact information and Social Security numbers, to name but a few.
Though the industry is often criticized for moving too slow into the digital age, most firms and brokerages are nevertheless in the process of having workflows and payment systems become increasingly digitized. Because transactions in this field hold such high monetary value, business becomes low-hanging fruit for hackers.
What’s more, cybercriminals target agencies and their clientele because these businesses often forget or undermine the importance of implementing sufficient safeguards on devices and data, with much of the information flowing freely between multiple stakeholders.
The threats to brokerages and agents (and their clients)
The tools of the hacker’s trade can be as elaborate as a BEC (business email compromise) or as simple as a tracking cookie. One of the most common forms is malware being installed on a user’s device without their knowledge. It’s not uncommon for real estate transactions to be hijacked via email spoofing, where a hacker uses a fake email account but makes it seem legitimate, with legitimate-looking landing pages and files to get customers to divulge their personal information. Crucially, hackers are aware that many agents operate out of small offices that lack the resources for a sophisticated cybersecurity suite.
Since the advent of proptech, brokerages are only collecting more personal information about individuals than ever before, with modern phenomena like the Internet of Things allowing businesses to collect ever more diverse and minute data to enhance the customer experience. And yet, worryingly, KPMG conducted a study where less than half of organizations surveyed felt they had “sufficient resources to prevent or minimize the impact of a cybersecurity incident.”
4 cybersecurity strategies for the real estate industry
Here are some crucial steps brokerages can follow to take preventative measures against a data breach.
- Conduct a risk assessment
Brokerages evaluate their cybersecurity infrastructure to identify if there are any gaps. This can lead to the creation of a cost-efficient, long-term cybersecurity plan that addresses the business’s needs and implements necessary procedures to ward against malicious activity and risk exposure, especially if the company works with third parties.
- Offer awareness training
A cybersecurity awareness company training program can ensure that everyone is fully educated on spotting phishing and malware attacks, with regular refreshers as hackers adjust their strategies.
- Multi-Factor authentication
Traditional password methods are fast becoming inadequate, with hackers using spear-phishing, pharming and spraying attacks to try and break into accounts. Multifactor authentication (MFA) can help prevent this by augmenting accounts with extra security layers, while still allowing remote access to files without a device agent and the use of user-friendly single sign-on (SSO) for authorized users. These are especially powerful ways to armor up against cybercrime as they allow scalability and are cost-effective for long-term use.
- Robust data storage (and disposal)
It’s a simple protocol but too often overlooked and bypassed by brokerages and other organizations, and yet it’s vital to conduct regular computer security scans, turn on two-factor authentication, and maintain password managers and vulnerability assessments. In addition, regular consumer data disposal should be conducted according to guidelines so that personal information cannot be accessed by unauthorized users after deletion.
- Know how to brace for impact
Despite best efforts, a data breach may still happen. It’s important that brokerages have a full plan B layout, with key stakeholders knowing exactly what to do once a breach has been detected, including even keeping templates for client notification and public statements in their marketing arsenal.
Expect the best, but prepare for the worst. It is the reality we live in, but the best-performing brokerages are the ones that are actively working towards this kind of contingency plan now, knowing that their clients’ trust (and sensitive information) very well depends on it.
From the very beginning of Realforce (previously Adfenix), we understood the value of protecting our customers’, and our customers’ customers' online data, and have sought to consistently reinforce security across our platform, through a rapidly changing technological landscape.
As we continue to work behind the scenes on new ways to bring easier, yet safer, access to our platform, take a look at where it all began with the story behind the Realforce technology…