Digital By Default: Prioritizing Cybersecurity in Your Real Estate Business

May 30, 2019

As smart cities continuously evolve to stay ahead of demand, owners and developers adapt by rapidly digitizing their buildings and transactions. Currently, there is no federal law requiring real estate businesses to implement information security programs—leaving multi-party transactions, credit reports, building automation systems (BAS) and leasing agreements vulnerable to attacks.

Until recently the real estate industry flew under the cyber threat radar, but in 2018 alone the FBI’s Internet Crime Complaint Center recorded 11,300 cybercrimes costing nearly $150 million in losses due to real estate-related fraud. As decision makers begin to prioritize cybersecurity, they are uncovering major gaps in their approach to data protection.

Whether you’re now considering cybersecurity or submerged in new challenges to your existing plan, these techniques will keep you well-grounded as you create long-term solutions that protect your systems, employees and data.

Protecting Home BAS.

While building automation systems may improve daily operations—from monitoring and servicing several systems remotely to reducing energy consumption— when it comes to BAS’ centralized access, not all that glitters is gold.

In 2016, IBM’s X-Force, the company’s ethical hacking team, ran a test on a property management firm that oversaw 20 buildings nationwide. X-Force probed one building’s internet firewalls and broke into its management system with relative ease, gaining access to the HVAC unit and building-wide servers. Consider these four cybersecurity steps to help you protect your facility and your inhabitants’ wellbeing from a similar intrusion:

  1. Identify all building automation systems within the environment.
  2. Document, monitor and control access to all BAS.
  3. Enable security features, if supported.
  4. Segment building automation systems.

Hold Your Ground – Stay Uncompromised.

Cyber attackers camouflage themselves to blend in. They may impersonate a trusted vendor, real estate seller, attorney, escrow agent, or even a CEO. The FBI stated that nearly 10,000 people were reported victims of fraudulent emails resulting in losses totaling more than $56 million in 2016 alone. The frequency of wire transfers in real estate make the industry a particularly appealing target.

The devil is in the details. Look for small changes, such as different email addresses or signatures, illogical instructions, conflicting bank information, emails out of context or with poor writing. Be suspicious if a client can only be reached by email – cybercriminals can alter email addresses and compromise communications channels.

Implement policies with strict guidelines, such as never sending a wire based solely on an email and requestign actual checks. Also, consider hiring a third party to perform a vulnerability or penetration test of your business’s systems to highlight vulnerabilities by scanning and testing databases and networks for weaknesses.

Call for Backup.

Real estate is one of the industries most frequently attacked by malware accessed via email. Opening and clicking on an email containing malware can install key loggers, harvest sensitive information or spread ransomware which encrypts data on the computer and makes the data unavailable until a ransom is paid. Without adequate backups, you may be tempted to pay a ransom.

Backing up your systems allows you to quickly restore data and makes it easier to ignore ransom threats. As a best practice, keep your passwords unique. Use a password manager application such as lastpass or onepassword to keep track of your passwords.

Most hackers continue to rely on phishing to execute attacks. This includes using deceptive emails to convince unsuspecting users to click on links or open attachments that load malware onto computers.

Deploying “next-gen” endpoint solutions as part of your cybersecurity strategy can give you an added layer of heuristic-based software that not only blocks malicious processes, but allows cybersecurity professionals to detect and respond, should a user falls victim to clicking a phishing email.

Training and simulations of spear phishing raises awareness and accountability. Teach your employees to be careful about opening and responding to emails, especially those with links, attachments, or wire transfer requests.

Stay Above the Cloud.

Real estate businesses are increasingly reliant on cloud computing applications, but could system vendors also represent a cybersecurity vulnerability. Hackers pose a particularly dangerous problem for companies whose data resides in the cloud, because stolen credentials can allow hackers to access several features, including email, files, chats and calendars. If a cloud provider gets hacked, your real estate business may be liabile.

Provisions in cloud computing agreements often provide minimal protection for cyber-attacks. Ask your provider what techniques they use to secure your assets. Cloud providers can store sensitive information about projects and employees, so you should determine if it’s worth requesting additional notifications or boosting your security package.

Strength in Small Numbers.

According to a recent statistic, 61% of breaches occur in organizations with fewer than 1,000 employees. If your real estate business has limited resources or is unable to staff in-house security consultants, offloading your security challenges through a virtual security operations center (VSOC) can strengthen your small, but mighty team. This cost-effective solution is based on security information and event management (SIEM) 2.0, which offers full network to endpoint visibility 24 hours a day.

If you’re new to cybersecurity, it may feel like you’ve struck a geyser—the further you dig, the more there is to manage. However, laying the foundation for a long-term strategy that speaks to the natural rhythms of your organization will protect your operations, employees and clients in the long run.

Contact Jake Lehmann, managing director at CyZen to determine where you are in your cyber journey.


Message Us 212.842.7000

Sign up for Our Blog!

* All fields are required

By choosing to submit data, you are agreeing to the storage and usage of your contact information to deliver the requested services.