Consider all the times you’ve made a transaction for real estate – got your credit checked, paid rent or mortgage, spoken to brokers, listed a house, or simply responded to a call-to-action online. In this age where your private information is a commodity, is there enough emphasis on data privacy? With attacks that can misdirect wire transfers and hold computer systems hostage, hackers can target any industry, particularly those that lag behind in cyber security – we’re looking at you, real estate. According to a recent survey, 50 percent of businesses in the real estate industry believed that they were not adequately prepared to prevent or even mitigate a cyber-attack.
A recent news story featured Orbivo, a Chinese company that makes a smart home management platform, leaking data about its customers. The leak contained personal information and device passwords via an Elasticsearch server that it left exposed on the internet without a password, following a server misconfiguration. In an unrelated incident, a consumer almost wired an entire down payment on a house after receiving an e-mail with confidential information requesting payment – an email that was not sent by the broker or anyone related to the transaction. The questions remains that – Is your data safe while all the Real estate pre investment diligence?
Unlike financial institutions, there is no law requiring real estate businesses to implement information security programs to protect data and systems. This has led to real estate businesses having vulnerable systems and being the focus of potential attacks, mainly due to the monetary quantum of business and the volume of personal data involved. However, there are a few ways to mitigate the siphoning of data, through putting data processes in place.
Data processing falls under data protection law. This system contains a contract between two or more parties, and only the person abiding by the contract can gain access to the data. The contract makes it safer for the owner of data in real estate to secure its personal information legally. Software used for data use and transfer in real estate has an option to secure the data by default, but this should be reinforced by manual systems. This system ensures that no data is leaked or unsafe.
Since real estate details with particularly risky details such as financial and credit history, a Data Protection Impact Assessment (DPIA) is critical for any business handling this data. This is a process to help you identify and minimise the data protection risks of handling personal information. Smart homes and the automation of data transfer has exacerbated the risks of hacking and data theft, so a DPIA is essential to keep information safe.
Besides putting data security checks in place, implementing additional processes to safeguard data will ensure that a user is safe from a data breach:
One of the easiest and most effective ways to substantially reduce the risk of becoming the victim of a BEC (business e-mail compromise) scam is to implement a policy of never sending a wire based on an email or digital platform. Verify the accuracy of the information that has been received in the email either by talking to the individual in person or on call. Always implement a two-step verification system before every transaction is made – automate One Time Passwords and maintain recovery emails or phone numbers with legacy accounts in case you lose access to your account.
Most hackers continue to rely on using deceptive emails to induce people to click on links or open attachments that load malware on the computer. Customers or employees must be trained to spot suspicious emails requesting data and avoid clicking on any links without prior knowledge. Training can be an effective tool for lowering the risk of becoming the victim of an attack.
The threat of ransomware is most significant for impacted businesses without adequate backups. Without adequate backups, an organization may become more tempted to pay a ransom because the data is substantially more valuable. Having backups of data and the ability to quickly restore the data makes it easier to ignore the ransom threats and to respond in the event of an attack.
There is no such thing as perfect security, so cyber liability insurance can be an important way to mitigate risk. Most of the people in Indian real estate system do not consider insurance for data loss or theft. There is a wide disparity of what is covered by any cyber liability insurance policy, so it is important to ensure that a policy covers risks like BEC scams, ransomware threats (and payment of ransoms) and, potentially, even business interruption.
The foreseeable future will create new opportunities for the real estate industry to leverage technology to improve experiences for tenants and even streamline business operations, but they will also open new opportunities for hackers looking to disrupt those same businesses. Real estate businesses have become and will remain, a cyber-target. In this landscape, improving cyber security controls and programs should be a priority for all organizations. Taking the right steps can help reduce that risk, enabling real estate businesses to focus more on the business of buying, selling and managing real estate. It takes a lifetime to set a well-refined business, but it just takes a few minutes to devastate it completely!