Residential real estate sales agents and firms were early adopters of the internet, and now online technology plays a fundamental role in almost everything they do. Buyers, sellers, and renters have come to expect instant access to property locations and maps, agent information, pictures, and virtual tours. Email and smartphones are primary tools for communication, and much of the transaction and documentation process is accomodated online too. Now, an assortment of hacker groups and cyber-criminals are finding residential sales firms to be particularly valuable targets, with unique opportunities for exploitation, and common vulnerabilities that set them apart.
Our customers, vendors, and industry contacts are reporting an increase in activity related to residential real estate sales firms. The targeted firms seem to be especially those that focus on high-end, exclusive properties. Why this is happening? How the breaches are taking place? And, what can agents and sales firms do to mitigate the risks for their clients and reputations?
A residential real estate transaction takes place in great part between personally owned and unprotected phones and computers, over open networks, with unsecured methods of communication and documentation. By contrast, commercial, business-to-business transactions are more likely consummated over IT managed and administrated networks and operating environments, which in many cases include compliance protocols and audit level accountability.
At the residential sales level, most sales agents use their personal phone and devices for transacting business. And, while they may have been issued a corporate email account by their brokering firm, much of their sales activity is still on the Gmail, AOL, Yahoo and other "free" email accounts they had before joining their respective firms. It is in the nature of the business to have professional information and communications on their own, personal devices and it serves agents well if they move to another firm or start one themselves.
Why are High-End residential sales firms being targeted?
1. It's where the money is, and much more.
The targets have elevated reputational, privacy, and personal safety risks.
2. It's where the information is, and it is rich with potential for exploitation:
Banking, accounting, and tax information.
Legal documents and records.
Detailed personal information from leases, applications, and association agreements.
Itineraries and personal schedules.
3. Hackers and cyber criminals exploit weaknesses
The industry is regarded as unprepared in light of the stakes at hand.
Successful online attacks usually originate from the weakest point of the target. Today, it is not the firm's corporate servers and systems that are especially vulnerable to hacking, it's the perimeter of the firm's eco-system that the intruders are finding enticing. For residential real estate firms, it's the sales agents and brokers that are vulnerable, and the attacks are originating in these ways:
Email phishing and socially engineered attacks.
Hackers and cyber criminals collect vast amounts of personal information over periods of time to create highly convincing and effective emails and scenarios. The information included in a real estate transaction can feed multiple attacks across different parties and with an assortment of end-results. Years can lapse before being contained from ID theft, financial fraud, blackmail, and extortion.
Infected photo and media files.
Using media files for hacking is particularly distinct to real estate sales as the trading of large photo and video files has become commonplace in the business. Large media files are ideal for embedding malicious code and can grant the hacker complete control of the victim's technology.
Like any other risk, there is no elimination of cyber risk, or it's potential consequences. Substantial mitigation of the risk, however, is possible without great expense or requirement for significant change in user behavior.
After decades of development in IT security at the large, enterprise-level, solutions are now better, easier to use, and cheaper than ever before. Now, great solutions that will dramatically reduce the probabilities and potential consequences of a breach are available "as-a-service", without the need for expensive hardware, local IT expertise, or long-term brand and service commitments. Individual agents and brokers managing teams can now protect their clients and their practices with the same technology Fortune 500 companies do.
For the real estate sales professional and firm, the IT security solutions they focus on should include four key components:
Antivirus, intruder protection, application controls, web filtering are all aspects of device protection for smartphones, tablets, pads, laptops, and computers. The service should include "real-time" monitoring and management, and include automatic software security updates for Microsoft, Apple, Adobe, and Java.
A VPN, or Virtual Private Network. A VPN will automatically encrypt all of your online activity, including browsing, shopping, and banking, and protect you on public networks and in remote locations. Read more here "VPN's - 3 Reasons Why It's Time to Start Using One Every Day."
3. Private Email Service
Before long it will not be commercially acceptable to conduct business using a "free" email account. An ideal solution is a private email domain that automatically strips IP addresses and metadata from the email as it travels the internet.
You don't have to give up the cloud for cyber security with your file and document management systems. Now, it is simple to share and collaborate on documents in a highly secure fashion, without encryption keys or lots of user-input required by using state-of-the-science digital vaults for your practice.
These four components to total digital security can be installed as an "eco-system" for harmonious interaction with maximum automation and simplicity. The eco-system acts as a platform for individuals and teams to leverage the internet for all it is worth with maximum effectiveness and productivity, but safely and securely for all parties involved.
http://www.afponline.org/pub/res/news/The_Four_Fundamentals_of_Cybersecurity.html