Ways To Protect Yourself, Business Against Cyberattacks
These days, most people know what a cyberattack is, but too many still don’t know how to recognize the signs of an imminent attack or how to prevent one. Out of the six areas of industry that hackers are most likely to target, many real estate professionals overlap in two of those areas. Businesses at greatest risk for a security breach are those that employ fewer than 50 people, which includes a majority of agencies as well as independent agents. And professionals who are in possession of large sums of money and clients’ financial information are also at highest risk for a cyberattack.
Here, we’ll go through a few ways to protect your real estate business from criminals that would love to get their hands on banking passwords, social security numbers, and other personal information that hackers use to enrich themselves and drain cash, savings, and even a sense of security from hard working members of society. But first, it helps to know some of the most common and successful cyberattacks and what makes REALTORS such an attractive target.
Agents that are employed by large, corporate real estate companies are less likely to be a victim of an online crime compared to those who are independent or work for a small agency. That’s because small businesses are much less likely to have the funds to spend on cybersecurity. Instead, owners of boutique brokerages hope that because they are so small, they’ll just fly under the radar. But any cybersecurity expert will tell you that this population of criminals actually seek out under-the-radar businesses. Hackers are extremely savvy. After all, their business is to breach “secure” software programs. In “Data Breach Investigations Report,” conducted by Verizon, researchers determined that 43 percent of cyber criminals target small businesses. And Security Magazine reported that “60 percent of all small business victims of a data breach permanently close their doors within six months of the attack.”
The biggest threat risk for small businesses are social engineering scams — widely known as phishing attacks, spoof websites, and baiting.
Phishing is a type of large-scale cyber scam. It’s when an attacker attempts to trick people into believing that an email or text is from a reliable source — like a bank or credit card company. They typically blast an email or text to a large number of recipients at once and hope a few responses come back. Their goal is to convince people to reset an account password or click on a link. Phishing emails can be extremely convincing because they look and sound like the businesses they’re spoofing.
When victims respond to password requests, criminals can access their account and then change the password. If the victim doesn’t realize they were scammed, the hacker can run up charges on a credit card, clean out bank accounts, and access personal information like social security numbers, addresses, birthdays, and account numbers that hackers can sell on the dark web. These are the types of attacks that lead to identity theft.
Phishing schemes are extremely easy to orchestrate. And while there are new victims every day, most people know that companies shouldn’t ask for passwords by text or email. So cyber criminals came up with another, more direct way to fool victims. Spear phishing is the most commonly used and most successful method of achieving a targeted attack on individuals and small businesses.
The way it works is that the attacker studies a business or a single person. Using gathered intelligence, they design a custom email message that contains a malicious link or attachment. Phishers portray themselves as a known or trusted person and use subterfuge to convince recipients that the content of the email or text is completely safe. But once the victim clicks or opens the attachment, it automatically downloads malicious malware to their network, which offers criminals free reign to read private emails, view passwords, and even encrypt files and lock down the system until the victim pays a ransom.
According to the National Association of REALTORS (NAR), in 2020, the highest reported fraud in the industry was compromised emails. Between 2015 to 2017, the FBI recorded an 1100-percent rise in the number of these types of cyber hacks. There’s even an acronym for it: EAC, email account compromise. “Fraudsters will assume the identity of the title, real estate agent, or closing attorney and forge the person’s email and other details about the transaction. The scammers will then send an email to the unknowing buyer and provide new wire instructions to the criminal’s bank account.”
Smishing and pharming specifically refers to a cyber scam using text messages or a fake website. When smishing, the attacker’s goal is to get the victim to click a link, send a password or personal information, or download a corrupted attachment. When pharming, attackers design a mock website and login portal based on one that’s easily recognizable and would believably reach out to the target. The fake login page prompts the victim to type in their username and password and sends it to the attacker.
As REALTORS are accustomed to sending and receiving documents via email and text, and commonly visit websites belonging to financial institutions, they’re particularly vulnerable to being a target of a social engineering scam.
One of the most insidious things about these seemingly obvious cyberattacks is that most victims aren’t aware there’s a breach until it’s too late. Preventing these crimes doesn’t even require a large budget. In a few hours, staff members can be trained to identify phishing attacks and learn what to do when they suspect someone is trying to access their network.
In 2022, the Cyber Readiness Center at Texas A&M Engineering Extension service provided Texas Realtors with a series of steps individuals can take to protect themselves from cyber criminals.
• Create long, unique passwords with at least 12 characters, including a combination of letters, numerals, and symbols.
• Never reuse passwords for multiple accounts. When a hacker gets ahold of one password, they’ll try using it on other accounts registered to that individual or company.
• Only click a link or download an attachment from an email or text message from a confirmed, reliable source.
• Avoid sharing documents or exchanging personal information in an email, text message, or even a phone call. There are plenty of secure cloud storage and filing sharing programs designed exclusively for the real estate industry.
• Always use two-factor authentication. That’s when you log into an account and then receive a text or email message with a second, single-use code.
• Change your passwords regularly.
• Install software updates on your devices when they’re available. These are often security updates and vulnerability patches.
• Backup your devices frequently and keep all your backed up data offline.
Finally, the best ways to protect your business and clients is by making sure you and your staff know what types of cybercrimes you’re most likely to be a target of and what to do if anyone receives a suspicious text, email, or phone call. So the information stays fresh in everyone’s mind, schedule frequent cybersecurity meetings to remind colleagues what steps to take to prevent a cyberattack because one of the biggest vulnerabilities a business has when it comes to cyber security is human error.