Shockingly, only one in four small businesses believes they are prepared for a cyber attack. How does cybersecurity at your real estate company stack up?
Small real estate and property management companies have much to worry about in the area of cybersecurity. In 2015, Deloitte produced a report called Evolving cyber risk in commercial real estate (CRE): What you don’t know can hurt you. Deloitte stated, “the top three risks that the CRE sector should be aware of and prepare for are theft of personally identifiable information (PII) data, an attack on tenants through building systems, and destruction of physical infrastructure.”
As buildings become more connected and more convenient to manage remotely, a threat emerges. In the famous Target breach of 2013, the attack originated with stolen credentials from a 3rd party HVAC provider. Real estate companies need to be on the lookout for vulnerabilities and prepared on multiple levels because business is becoming increasingly complicated.
What is Cybersecurity
Let’s begin with the definition. Cybersecurity is the method used to protect sensitive information from being stolen, comprised or even attacked. Confidential or sensitive information includes information that identifies an individual, including their social security number, and their accounts. Cybersecurity also extends to the processes that protect systems, programs, and networks from attack as well.
How People Play Into Cybersecurity
According to Netwrix’s 2017 IT Risks Report, an alarming 66 percent of companies surveyed reported they believe their employees are the most significant threat to their security. But, how does an employee put an organization at risk? Primarily this comes down to email and password hygiene.
Most of the best practices we have all heard time and time again. Email and password practice are any companies most significant place of vulnerability.
What should you do:
- Use a password manager, such as LastPass, 1Password, or Dashlane, to keep track of all your passwords. Once you get the hang of it, you will be sorry you hadn’t started using a system like that earlier.
- Quit using your kid and pet names for your passwords. It’s not safe. Create long passwords that are complicated and contain a long phrase, combination of letters, numbers, and symbols. Use your password manager to create these. Greg Edwards from WatchPoint Data has this to say about passwords,
“Using secure passwords is one of the best steps you can take to protect your online accounts. Hackers will use a list of the top 10,000 passwords to try to crack into your accounts. If that doesn’t work, they will attempt a brute force attack. The longer the password, the better, I use a minimum of 24 characters. For sites that don’t allow that long, use the maximum you can.”
- Make your passwords unique between systems. After all, if someone figures it out for one system or account, they can figure it out for multiple accounts if you reused your password.
- As tempting as it may be, don’t open attachments or click on links that are unfamiliar to you. Often these attachments and links are trojan horses for malicious viruses or ransom attacks.
- Change your passwords on a regular basis.
- Use of unsecured networks is an absolute no-no. Accessing an unsecured Wi-Fi allows unscrupulous people to virtually eavesdrop on your conversation and activities. In short, people or systems can gain access to your usernames, passwords, and account numbers.
- Lastly, avoid sending sensitive information through email. Instead, use sharing programs designed for holding and maintaining sensitive information.
Patches and Updates – Critical for Cybersecurity
Despite it being easy to update software and install patches, organizations struggle with this. Regularly, news headlines confirm evidence of this.
Both the WannaCry and Petya cyberattacks could have been mostly prevented had organizations installed their system updates. In both instances, the attacks came from a vulnerability as a result of Microsoft patches not being installed. For many organizations, including Equifax, they were months behind in installing software updates. Combined these attacks impacted well over a hundred million people and thousands of organizations. At the same time, these cyber attacks significantly disrupted business operations and cost even more both financially and in customer confidence.
In reality, it all comes down to this, keep your firewalls and software up to date. This includes updating your website with the latest updates for your content management systems and associated plugins.
Subscribe to our Newsletter
Company Processes Around Cybersecurity
Establishing systems and processes within your company are vital to managing your cybersecurity risk.
Here are some steps your organization should take:
- To summarize, train your staff. Every single year, remind your employees about cybersecurity and the risks around their behavior. Remind them of email and password hygiene and where they make an organization vulnerable to their activity. New employee orientation should include a section on the company policies and risks around cybersecurity.
- Limit what your employees have access to download. Limiting admin rights at the user level is often met with frustration by users but is highly effective.
- Automate patch management. Let’s face it, employees are not great at installing their own updates. Where you can automate this, you are ahead. Several tools can do this – Windows Server Update Services, PDQ Deploy, and Comodo One.
- Protect yourself against attacks like WannaCry and install ransomware detection software like CryptoStopper from WatchPoint.
- Quit using Admin as a username. In essence, Admin is far too commonly used and makes you a target.
- Identify a responsible party and a schedule to systematically check and apply any needed system updates. Then, ruthlessly stick to the schedule.
- Set up two-factor authentication for any access to your website or products which means you need to supply 2 of 3 elements to gain access including something you know, have, and are. In most cases, this includes your password and a cell phone number. But, could also include a fingerprint. In fact, many phones and other devices have already incorporated fingerprint technology.
- Finally, if you store any information from your users, install the right Secure System Layer (SSL) certificate on your website.
Look at your policies too:
- Develop a cybersecurity and data policy.
- Create a breach response and notification policy so you are prepared in the event a breach does occur. In short, once a breach happens, the sooner you can rectify the situation, the better off you are.
- Review your insurance policy around cybersecurity. In short, make sure your policy clearly states it covers cybersecurity attacks.
Finally, establishing a robust process, procedures, and education within your real estate firm will go a long ways towards improving your team’s cybersecurity needs. This solid foundation along with staying current on the latest cyber attack risks should be the goal of every organization. Furthermore, cybersecurity is an ever-changing landscape so stay alert. An attack on your real estate company could cost your organization significantly in both time and money.
If you liked this blog, please share it with a friend. Also, if you would like to receive regular articles to help with asset management, subscribe here. Learn more about us!