In 2018, it’s become a common practice to lock your car doors, install security cameras and add home security systems. So, why isn’t it a common practice to apply the same security measures to your online accounts? Physical safety is a threat you can see, whereas digital protection is typically out-of-sight, out-of-mind. Until now.
With wire fraud, ransomware and identity theft wreaking havoc in our industry, answer this question: In the last year, what steps have you taken to secure yourself and your brokerage against cyber attacks?
Brandon Wells, president and former chief technology officer of The Group Inc. spoke about cyber security this past week at The Gathering of Eagles. He hit the nail on the head when describing why our industry is falling for these attacks. “One, we are trying to keep up with the pace of innovation in our industry and two, I don't think we’re asking a lot of security questions to the vendors we are plugging into in this industry.”
Real Life Situations
Wells shared a video during his presentation of a man volunteering to be hacked. With the man sitting across from his hacker (a woman), she proceeds to dial his cell phone provider. Before calling in, the woman began audio of a crying baby (found on YouTube). She told a story of how she and her husband just had a baby and that she needs to fix a discrepancy in their account. After apologizing for the crying baby, and explaining how she’s exhausted, the hacker can convince the customer service representative not only to add her to the account but also to change the password—all in under two minutes. Now, it’s easy to get hung up on the fact that she was only on the phone with customer service for a few minutes (jealous!), instead, let’s focus on how SIMPLE this was for the hacker to accomplish.
Why was this so easy? Well, we typically imagine hackers in one of two ways, someone overseas maliciously hacking our accounts from afar, or as someone with his face hidden, typing away in a dark basement. Few see hackers as what they can be: everyday people! Hackers are much smarter than we give them credit for. They don’t get our information by accident; they get it with intentional and calculated schemes. Another reason this task was so easy for the hacker is that she tapped into human emotion (see above). It’s already become harder for customer service reps, or clients, to distinguish real vs. fake, because these schemes are no longer a prince from Nigeria requesting money.
What Can You Do?
Wells provided a list of five things a brokerage can implement. We suggest you do them as soon as possible.
Encourage agents to use company email accounts that have multi-factor authentication over their email. This step can be a hard one to convey to your agents, especially if they run their business primarily through their g-mail or other personal accounts. But merely adding this process makes you less of an easy target. However, don’t stop at e-mail.
As a brokerage, you have a lot of sensitive information on file. Using a form of encryption provides more security and allows those with authorization access to your private information.
Brokerage Training and Education
Incorporate in-house training with your agents and staff members so they know what a cybersecurity threat is and what it can look like. Don’t forget to include your loan officers and insurance providers. It’s your responsibility to arm your agents and staff with what to do if a threat takes place.
It’s not enough to only education your brokerage—don’t forget about the consumer! Add more than a wire disclosure to the bottom of your email. Make this education piece a part of a listing presentation and explain it again during the purchase agreement and again when your buyer or seller is meeting with a mortgage firm.
Wells sources a study that says 74 percent of our industry has no cyber insurance. While it can’t solve all your cyber-security problems, if you were to run into an issue (much like regular insurance!) it’s important to know your options for additional protection.
Don’t wait for a cyber attack to get to your brokerage before you take action. Cyber threats are becoming more frequent and have already made their presence known in the real estate industry. Protect your brokerage’s digital safety just like you would its physical security.