Over the past decade, companies in the technology, government, finance, and retail industries have become a common target for cybercriminals, but additional – and less obvious – industries are at risk as well. One of these unexpected targets is real estate, which has recently grabbed the attention of hackers as a source of data that’s easy to dip their fingers into.
The real estate industry does not immediately bring to mind data security, password management, or networking. However, it is important to consider the amount of personal data stored in the networks of real estate firms. Between contracts, personal information, bank accounts, and other details – data floating around the real estate industry is much more valuable (and exposed) than previously assumed.
Real estate companies and agents often work online with housing listings and hosted real estate systems. While these systems offer many modern benefits for real estate agents, they also increase the exposure to different security risks including outdated software, limited password policies, and system vulnerabilities. While these systems are critical for real estate agents to do their job, they must consider the different security risks that can threaten clients’ data and personal information.
The average real estate agent or employee does not consider the security risks that come along with their job. In order to protect their clients’ information, it is pertinent that real estate workers understand what they can do to avoid falling victim to a cyber attack.
Image from One Step Secure IT, 2018
The real estate industry accounts for a large number of financial transactions that involve sensitive information. This information tends to include bank account numbers and the buyer’s personal data based on the real estate system stored via the cloud. With a large amount of sensitive data on the cloud, hackers are finding real estate data is more accessible than ever before.
The most famous attack on the real estate industry occurred in 2019 with a data breach of real estate and title insurance giant First American. The data breach exposed the sensitive financial data of over 885 million customers. This is just one example of recent attacks on the industry. It makes sense to aim at the real estate industry as its market value is evaluated at over $32 trillion: a ripe target that makes it clear why hackers are attracted to this sector.
Hackers enjoy learning more about their victims by taking the time to research the ins and outs of their targets. When attacking targets in the real estate industry they run phishing campaigns to gather personal information in order to exploit the different accounts of real estate agents, sellers, buyers, and anyone involved in the sales process. After gathering the requisite information, hackers might casually wait when the sale of the property is final, and when it’s time to transfer funds they will imitate the person they are hacking and redirect the funds into their own accounts.
Many real estate companies are not up to date with the most recent security risks, which can make them an easy target for hackers. In general, the real estate industry is less security-minded than other industries, lending itself to a weaker security posture.
Unlike governments or financial regulators, which enforce some level of compliance or security policy on various sectors, the real estate industry has relatively less oversight and has not entertained any law requiring relevant companies to adopt policies to protect their client’s data or their network systems and resources.
Even with regulations in place, merely implementing security policies isn’t enough for real estate businesses. Unlike other industries that have been dealing with cyber attacks for years and are more prepared against attacks, the real estate industry is far from safe and must do extra reinforcement.
Most real estate firms are still implementing outdated and non-cloud friendly network solutions to run their infrastructures. These systems don’t have the modern security features in place to fight off more sophisticated attacks.
The systems, and how to revamp them, are not the only problems that real estate players tolerate. They must also be aware of the popular types of attacks that hackers will implement and how they can direct their resources to defend against them:
Business Email Compromise
The most popular attack used by hackers on real estate companies is a business email compromise (BEC) attack. A BEC attack convinces businesses to wire funds to an account by impersonating the business (in the case of real estate it would be the sellers of the property). In most cases, the hackers will send an email from a fake account that looks similar to the employee in the business. Often they will use the name of the CEO or the name of the trusted party in the transaction. According to the FBI, over $3 billion of losses have been due to business email attacks.
Cybercriminals send out malicious emails to victims with the sole intention to click on a link in the email. If the person falls victim, the hacker can easily encrypt all of the victim’s data and resources. A successful ransomware attack results in blocking access to the exploited data and resources, making it unusable until the ransom is paid to the hacker. Real estate is targeted frequently with ransomware attacks due to massive amounts of employee data, significant sums of money in bank accounts, and confidential information that can be exploited.
Cloud Vendor Flaws
Real estate businesses are following the popular trend of adopting cloud-based services for implementing corporate resources on the cloud. While the cloud offers many benefits it does come with some security risks. Cybercriminals won’t need to attack your business to gather your sensitive information, instead they can target cloud vendors to access your data. By adopting a cloud service provider you might think you are decreasing security risks but in fact organizations need to take extra steps internally to stay secure. Stay up to date with securing business devices and enforce strong password protection.
It is important for the real estate industry to understand the risks involved in storing sensitive data without proper security precautions. For the employees who are leading IT and security efforts at real estate firms, it’s vital to think about security on a daily basis and learn to face the ramifications of a poor cyber security policy. Not doing so risks the erosion of the industry and also faith in one of the strongest and most foundational markets in the world.