How to Protect Your Real Estate Business from Cyber Attacks During and After the COVID-19 Pandemic

Aug 06, 2020

Ransomware attacks have risen a staggering 148% since March of this year. Among the dramatic incidents are a cyberattack that successfully halted an entire region after a ransomware attack in North Carolina; phishing campaigns that targeted real estate agents, lenders and clients in the bay area; and a Texas-based property management company that lost $10.5m after a user was compromised. Two questions arise in the light of these incidents: Why is the real estate industry such an easy target, and what can you do now to protect your business?

The Real Estate Industry is Ripe for an Attack

For every organization, the maturity of the security program is determined by three items:

  • people,
  • processes and
  • technology.

People become the first organizational weakness as real estate companies increase their attack surface by enlisting services from third-party vendors and contractors, creating more external touch points.

Gaps in processes become a risk in the real estate industry, because the personnel used to maintain cybersecurity often lack the resources needed to handle and respond to attacks. Typically, real estate companies rely on an IT staff of one or fewer people in addition to outsourced Managed Service Providers (MSPs). These MSPs are spread thin across multiple functions and several organizations, which makes it difficult to secure high-risk areas. According to Verizon’s 2020 DBIR Report, misconfiguration was the top error in real estate. This demonstrates a lack of security-specific knowledge among technology personnel in the real estate sector.

Verizon’s 2020 DBIR Report goes on to mention that, “criminals [targeting real estate] have been actively leveraging stolen credentials to access user’s inboxes and conduct nefarious activities.” Attackers recycle old information from data breaches to gain entry into an organization by posing as an employee. For most organizations, checking for breached passwords and enabling controls like multi-factor authentication are a minimum security requirement, leaving many organizations within the real estate industry vulnerable to significant losses.

The right technology is critical when it comes to identifying and responding to threats. With budgets allocated elsewhere, many real estate companies lack industry leading detection and response tools. With the mass migration to remote working and cloud infrastructures, organizations must protect a wider and deeper attack surface than ever. According to Verizon’s 2020 DBIR report, one of the key gaps in real estate was “boundary defense,” which becomes harder to protect with the mass migration to cloud. With these three critical gaps in mind, how can you protect your real estate business in a post-COVID world?

Real estate companies must focus on how to protect their employees, their data and their assets. Here are a few steps you can take to protect your real estate business in the post-COVID world:

  1. Review All New Configurations: Many companies were hasty in configuring new tools and services. It is important to review all accounts to ensure that the least privileged access is configured so users can access only necessary applications, with a minimum amount of privileges, to get their work done.
  2. Assess Your New Attack Surface: Conducting a risk assessment against your new assets and service providers is crucial. Understanding how an attacker would penetrate an organization is critical in building a security program. Knowing your attack surface is the first step in identifying your overall risk posture.
  3. Implement A Continual Monitoring Program: The only way to respond to a threat is by having the ability to identify it and remediate it. The best way to do that is to have a centralized tool to collect the necessary data and logs from your environment to detect anomalies and threats specific to your organization. Having eyes trained on your organization 24 hours a day and 7 days a week is truly the only way to limit the potential for damage.

The past few months have posed significant cybersecurity challenges to the real estate industry. It’s important to learn from these challenges so that you can implement the changes needed in the future to secure your valuable assets. For more information on how we can help you fortify your real estate business from cyber-attack, please contact one of our cybersecurity experts.

Message Us 212.842.7005







Sign up for Our Blog!

* All fields are required




By choosing to submit data, you are agreeing to the storage and usage of your contact information to deliver the requested services.