Every week, we ask a real estate professional for their Short List, a collection of tips and recommendations on an essential topic in real estate. This week, we talked with Darren Guccione, the CEO and co-founder of Keeper Security, Inc., for his three tips on how real estate professionals can keep their data safe.
Cybersecurity is a high priority for industries like government, healthcare and banking, but should real estate professionals care about it?
In Sept. 2014, Essex Property Trust, a Palo Alto-based real estate investment trust, reported that its computer networks, containing personal and proprietary information, were compromised by a cyber-intrusion. That news is only the tip of the iceberg for the real estate industry.
Any industry that collects large amounts of sensitive information or relies on technology is at high risk when it comes to cybersecurity. Real estate principals collect significant amounts of personally identifiable information, such as tax records, federal identification data and social security numbers, through the real estate rental and purchasing processes. Principals are collecting this information in rental applications, credit reports and lease agreements, often using insecure means of collecting and storing the documents. Just like any other business that collects sensitive company information, real estate professionals are required to comply with state and federal cybersecurity laws for storage and use of confidential data. It’s time to take a very close look at how client data is handled in your agency, so that you aren’t putting the company at stake for major lawsuits or clients at risk for stolen identity.
Security awareness is the first and most important step to take. Here are three cybersecurity tips to help mitigate risk for your clients, employees and co-workers.
3. Stay Alert for Phishing Attacks – Phishing attacks are fraudulent messages (usually via email) with the intention of tricking the victim into completing a form that captures sensitive information such as a password. Phishing has become so sophisticated that many times it can be difficult to tell the difference between a phishing attempt and a legitimate message from the company.
Real estate agents are flooded with emails on a regular basis. It’s important to always look closely before opening a link or attachment in an email from a suspicious email address. Sometimes, hackers will mask URLs and create replicas of existing forms on the Internet to emulate the brand they are pretending to be. On a broader note, make sure that everyone at the company is trained to detect a phishing attempt. If you want to test the security-savvy of your employees and colleagues, you can try a free phishing security test for up to 100 users with the cybersecurity awareness company, KnowBe4.
2. Be Smart about Password Management – Good password hygiene has become more difficult to achieve with the amount of passwords required to live in today’s world. The average person has 19 passwords to remember (and that number is typically even higher in real estate). As a real estate professional, it can feel overwhelming to keep track of this. If you’re in a hurry, it’s easy to make the seemingly-innocent mistake of writing a password down on a random manila envelope, but in cybersecurity, it’s the seemingly-innocent habits and mistakes that can turn into a major problem.
Seventy-five percent of all data breaches are due to weak passwords or the poor management of passwords. A major reason for this is simply because employees don’t take the time and effort to create complex, unique passwords. Studies have shown that 60 percent of people use the same password across multiple accounts, which means if a hacker gets unauthorized access to one account, they can easily access other accounts by trying the same password. Password managers are designed to address this problem with randomly generated, encrypted passwords stored in a secure military-grade vault. Password managers provide a number of benefits in addition to security, one of them being time savings by randomly generating secure passwords and autofilling passwords across all applications.
“Storing and finding passwords is one of the most unnecessary time-sucking activities a broker can face,” said Brendan McNab, broker at RE/MAX at Home in Rolling Meadows. “From signing in to the MLS (which requires a password change twice a year) to document signing websites, to marketing websites like realtor.com or Trulia, having access at a click or tap of a finger can save hours of valuable time.”
It is also critical for access codes to a customer or client’s residential or commercial property be stored in an encrypted vault – and not handwritten on a manila folder.
1. Store Documents in a Secure Place – A study was revealed recently at a major cybersecurity conference that shows how an attacker can easily get their hands on cloud storage accounts without even needing the user’s password. The report, by Imperva, describes a new technique called MITC (Man in the Cloud), which can potentially affect such world-class cloud storage providers like Google Drive, Dropbox, OneDrive and Box. It’s chilling to think about the number of sensitive documents that are potentially at risk in the event that hackers exploit this vulnerability.
The reason these services are vulnerable is not because the cloud is an unsafe place to store information. It’s because they weren’t built for storage of sensitive information; they were built for convenience. There are cloud storage providers offering zero-knowledge architecture, which means none of the sensitive information you store in the cloud can be accessed by hackers, because the key to access it lives locally on your device. That is the level of security necessary when storing credit applications, lease agreements, purchase contracts and other sensitive client documents.
Darren Guccione is the CEO and co-founder of Keeper Security, Inc. Keeper is the world’s most downloaded password security application, is certified SOC-2 and HIPAA compliant. Keeper utilizes world-class encryption and a zero-knowledge security architecture to safeguard its users. Keeper and Keeper Enterprise, a globally-used business solution for storing, accessing and safeguarding passwords and personal information, is available on all major Smartphones, Tablets and Computers – covering iPhone, iPad, Android, Mac, PC, BlackBerry, Kindle, and Windows Phone.