Small real estate businesses, agents and their clients are fast becoming the targets of sophisticated cyber scammers, according to panelists at the Risk Management and License Law Forum yesterday at the 2015 Realtors Conference & Expo, who discussed potential threats and offered tips for agents to protect themselves and their businesses and clients from cyber-attacks.
Melanie Wyne, National Association of Realtors technology policy expert said that while we often hear in the news about large companies falling victim to hackers, small businesses, which often lack the vast technology and legal teams of larger businesses, actually account for the majority of attacks. “Small businesses need to pay just as much attention as large companies to possible cyber threats,” Wyne said.
Darity Wesley, founder of the Lotus Law Center, said hackers are seeking personally identifiable information, data that could potentially identify a specific individual, such as credit card or bank account information, login credentials, employment details or a physical address, e-mail address, and phone or social security number.
“Most people don’t know the vast amount of data stored about them in a variety of systems,” said Wesley. “Identity thieves can do a lot of damage with this information; your credit and whole life could be ruined.”
Wyne said data breaches can impact real estate businesses in three main ways: businesses can suffer from financial harm from expenses resulting from the breach; legal risks from lawsuits from clients or others impacted by the hack; and reputational risks from having to publicly disclose the hack. She said commercial properties are also vulnerable from hacks into their automated or building control systems.
While cloud and free email services are convenient for business they are never completely secure, and Wyne recommended that Realtors research the level of security those companies are employing before using their services and storing information or documents into them. She also recommended that agents ask these services to be indemnified in the service is hacked. Wesley said anyone using a free email service for business should encrypt emails with client data; she recommended visiting lifehacker.com (then search on “encryption”) for great tips for encrypting e-mails.
Jessica Edgerton, NAR associate counsel shared that in recent months, real estate professionals have reported an upswing in a particular wire scam, where a hacker breaks into an agents email account and obtains information about upcoming real estate transactions. After monitoring the account, the hacker will send an email to the buyer as he or she nears closing, posing as the agent or someone from the title company and requesting that the buyer wire transaction-related funds. Edgerton recommended that agents inform their clients at the beginning of any transaction about this scam and that if buyers do receive an e-mail about wiring funds that they immediately call the agent on the phone.
Currently, the majority of laws governing data security are at the state level, although NAR has been advocating federal law for years. Therefore, Wyne also said it’s important for agents to know the state laws regarding data security and privacy that affect their organization, especially since some states have enacted laws that require businesses to have proactive security programs in place.
All of the speakers recommended strong passwords and developing a data security program and implementing and maintaining safeguards to protect private data. A privacy policy disclosing some or all of the ways the business collects, shares, protects, and destroys personal client information is also a good business practice.
Agents seeking more information about data security and privacy or complying with legal responsibilities can download NAR’s free Data Security and Privacy Toolkit. The Center for Realtor Development® also offers a four hour online training course for Realtors®, and local and state Realtor® association and multiple listing service staff. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.”
