Industry Decoded with Rick Rosenblum
Illustration by Lanette Behiry/Real Estate News

Industry Decoded: Is your company's data secure? 

If you're not investing in cybersecurity, your business may be vulnerable to a breach. Preventive measures are key to protecting your data and your firm.

April 3, 2023
4 minutes

Thinking big about residential real estate success requires a big-picture perspective. Industry Decoded features industry experts who can enrich your understanding of issues affecting the industry as a whole.

Protecting data is important for any business, and real estate brokerages should be especially vigilant given the amount of personal and financial information they store. Yet most brokerage leaders and managers do not devote sufficient resources to developing and implementing effective cybersecurity protocols.

This may be because they know it is virtually impossible for their tech stack to be 100% secure, or more likely because they delegate cybersecurity to their chief information officer (CIO) and move on to the next issue. Cybersecurity is not just the CIO's problem. It should be a priority for boards, executives and entire organizations.

Cyber breaches have been rising year over year, affecting companies of all sizes and across all industries. Small- to medium-sized businesses are often the most vulnerable due to their lack of preventive measures. This trend will likely continue, and the costs of such breaches can be in the millions.

Brokerages are prime targets for cyberattacks

The real estate industry has had its share of breaches impacting small firms as well as mid-market and top-tier luxury brands. Real estate brokerages are excellent targets for cybercriminals, due in part to the high transaction amounts involved and easily accessed system failure points that are especially ripe for social engineering.

For example, it is remarkably easy to track an agent or employee whose life story is on public display via social media. Using that information, a bad actor can then initiate a spear-phishing attack by sending the agent a seemingly relevant, innocent and customized email with an attached pdf file containing malicious software used to acquire company data like passwords or transactional information. Cyber breaches are increasing at an alarming rate, and cyber criminals are getting more and more creative and sophisticated.

Investing in cybersecurity is essential

Will your brokerage experience a cyberattack or breach at some point? Probably. And that is because brokerages underspend on cybersecurity and leave themselves far more vulnerable than they should. Once a breach occurs, business leaders rush to fortify their systems and create incident response plans, but by then it is too late.

Brokerage owners and managers should take preventive action to ensure the security of customer, agent and staff data. Key measures include:

  • Protect access by using multifactor authentication for online transactions

  • Utilize encryption tools

  • Ensure software patches and updates are made promptly

  • Provide end-user training

These measures can effectively create a moat around the company's valuable data assets.

Agents and staff can knowingly or unknowingly expose systems to malicious software, so brokerages should have a framework in place to prevent, detect, mitigate and respond quickly to any threats. By taking proactive steps to protect their business, brokerages can help ensure that they and their data remain safe from cyberattacks.

Common breaches often go undetected (until it's too late)

Below are some common cybercrimes against real estate brokerages:

Theft of personally identifiable information (PII). This includes customer, agent or staff information. Financial information is especially valuable to cybercriminals.

Ransomware attack. Ransomware is a type of malicious software used by hackers to gain unauthorized access to a computer system, encrypt files and demand payment for their release.

Real estate wire fraud. This occurs when someone uses deceptive methods to obtain money from a real estate transaction, usually by sending emails or texts that appear to be from legitimate sources.

These three very common cyber breaches will often remain undetected and lurk for weeks, months or years until the criminal decides to unleash their attack payload.

It is vital that agents, brokers and brokerage owners fully understand the importance of identifying and protecting against these and other threats. Many of these types of attacks originate from organized criminal networks based either in the U.S. or abroad. Other cyber threats can come from hacktivists, industrial espionage for financial information or trade secrets, or disgruntled or former agents/employees. Additionally, they can be triggered innocently by sheer human error.

Most real estate brokerages greatly underestimate the need for cyber awareness training, system hardening and incident response and recovery planning. But this is the time to implement those measures — before a cybercriminal strikes.

Richard Rosenblum is VP of Strategic Projects at T3 Sixty and is a Certified Fraud Examiner and Certified Financial Crime Specialist. He is a licensed real estate broker who has worked for traditional and proptech brokerages, as well as in the mortgage industry, for almost 35 years. The views expressed in this column are solely those of the author. (Note: T3 Sixty founder Stefan Swanepoel also founded Real Estate News.)

Get the latest real estate news delivered to your inbox.