Every day, real estate professionals are entrusted with their clients’ sensitive personal information. This can include Social Security numbers, bank account information, credit card numbers, private contact information, and more.
In the wrong hands, this sensitive information can lead to fraud and/or identity theft. Accordingly, it’s the responsibility of brokers and agents to safeguard their clients’ confidential information and implement data security measures.
The reality is that real estate professionals and real estate businesses face countless cybersecurity threats that can lead to serious and even irreparable damage, including loss of clients, revenue, and reputation. But with the right knowledge, preparation, and strategic actions, real estate professionals can help their business avoid and mitigate these risks.
Importance of Cybersecurity for Real Estate Professionals
There are innumerable benefits of conducting business in the digital age, but as technology has continued to grow and evolve, so too have the risks. Our industry’s reliance on the Internet for our businesses has created a modern liability for real estate professionals and their companies.
Statistics show that cybercrimes affecting the real estate industry are on the rise. According to the FBI’s Internet Crime Complaint Center, there were more than 11,000 victims of real estate cybercrime in 2019, resulting in total losses of $221.4 million. In addition, cybercriminals diverted or attempted to divert and wire $969 million from real estate transactions into accounts they controlled.
Cybercrime Impact on Real Estate Businesses
While the very large cyberattacks may be reported in the press, those attacks represent the tip of the iceberg. The FBI’s Internet Crime Complaint Center reported over 467,000 complaints of cybercrime in 2019 — and the number of unreported crimes is likely to be even higher.
Smaller businesses are a prime target for cyberattacks, and over 40% have experienced a data breach. Unfortunately, many businesses find it impossible to recover from the effects of a cyberattack — about 60% of small- and medium-sized businesses go out of business within six months of an attack.
Types of Cybercrime Affecting Real Estate Professionals
Cybercrime consists of a variety of exploitations, tricks, and technologies that criminals use to rob people and businesses of data and money and sometimes simply to wreak havoc in the world. Understanding how these attacks work is an essential component of preventing them. From computer viruses to elaborate social engineering schemes, common cybercrimes include (but are not limited to):
- financial or medical identity theft
- theft of trade secret information
- harm to business or defamation of an individual (e.g., taking over a website and posting false or embarrassing information)
- defrauding money from individuals
- extortion by freezing access to data and demanding ransom
Cybercriminals also target cell phones. The popularity of smartphones, including those used for business purposes, has made these devices a prime target for malware attacks.
Spoofing, Pharming, and Phishing
Despite their quirky names, spoofing, pharming, and phishing are three serious cybercrime techniques used by criminals to prey on businesses and unsuspecting victims.
- E-mail spoofing refers to using e-mail software to make it seem like an e-mail comes from a different address than where it is actually sent from. Cybercriminals spoof e-mail addresses so the e-mail will appear to be from a trusted or familiar source, and the e-mail’s content will either contain links to malware or attempt to convince the reader to provide confidential information.
- Pharming refers to the creation of a fraudulent website that looks identical (or nearly identical) to a legitimate website. A user is tricked into visiting the fraudulent website (usually by clicking on a link in an e-mail) and providing confidential information, such as their login and password. For example, a cybercriminal may target a victim using a fake website designed to look identical to the victim’s bank’s website, tricking them into providing the login information for their bank account.
- Phishing refers to the attempt to obtain personal or confidential information, often by using a spoofed e-mail address. Phishing attempts are most commonly done through e-mail, by they may also be made through phone calls, text messages, instant messages, or other forms of communications. Phishing attacks can also introduce malware by tricking the victim into clicking on a link or opening an attachment containing the malicious software.
Malware
Malware, short for “malicious software,” can refer to any program is installed on your computer without your consent and that causes harm to your computer. Different types of malware include:
- Spyware
- Adware
- Ransomware
- Tracking cookies
- Trojan horses
- Keyloggers
- Viruses
- Worms
Malware programs are able to affect your computer systems in several ways, including through changing or hijacking primary functions, transmitting and/or deleting sensitive or private information, monitoring your online activities, etc.
Mitigating Cybersecurity Risks for Real Estate Professionals
Despite the fact that fraud and cybercrime are top concerns among real estate professionals, most have not taken steps to prepare for these risks and many have reported that budgeting for cybersecurity was a significant challenge. Although developing and maintaining strong cybersecurity can sometimes be costly, the cost of not doing so could be far worse.
To learn more about the importance of cybersecurity and how your office an mitigate cybersecurity risks, order our new real estate continuing education course, Cybersecurity Best Practices for Real Estate Professionals. This course examines common types of cyber risks and offers guidelines and best practices real estate licensees and brokerages can follow to protect clients’ information-and their businesses-from cyber criminals and unintended data disclosure.
Real Estate CE Catalog