The modern real estate sector is increasingly reliant on tech. PropTech and Internet of Things (IoT) enabled devices to promote innovation in the space and better living experiences for home and property residents, but they also leave real estate professionals widely exposed to cyber threats.
In a field where reputation is tied to success, being protected post-breach isn’t enough: The National Cyber Security Alliance reports that 60% of small to midsized organizations that fall victim to hackers are no longer in business six months later. Regular evaluation of your cybersecurity posture is critical to the long-term health of any business, particularly in real estate, where large money transfers over digital networks are commonplace and juicy targets for bad actors.
Real estate agencies are low-hanging fruit for hackers. Since the real estate industry routinely works with and transfers large sums of money, real estate firms are on every cyber criminal’s radar. Hackers have broadened their scope to attack all the players in the real estate industry including agents, buyers, inspectors, title companies, etc. Large sums of money being transferred is not the only reason cybercriminals go after real estate professionals, the vast amount of personally identifiable and financially sensitive data that are handled such as bank credentials, social security numbers, and credit card details are worth the work for these criminals.
Firms across the industry need a cyber insurance policy that responds to both first and third-party coverages that address the traditional and non-traditional forms of attack. Getting a cyber insurance policy from The Bunker, you will receive a cybersecurity health evaluation and be covered for costs involved in dealing with, and recovering from, the most common and the most costly cyber incidents.
Tactics Used Against You
Business Email Compromise
Cybercriminals and hackers have all the tools, techniques, and tactics they need to launch their attacks. Business email compromise (BEC), for example, is one of the most popular attack methods. A BEC is when the attacker impersonates a business to convince another business to wire funds to a fraudulent account. Usually, the hacker will send the email from a fake account that looks just like it belongs to a legitimate business.
It starts with research. The attacker will sift through publicly available information about your company from your website, press releases, and even social media. They might look for the names and titles of company executives, your corporate hierarchy, and even travel plans from email auto-replies. The attacker tries to gain access to an executive’s email account. To remain undetected, they might use inbox rules or change the reply address so that when the scam is executed, the executive is not alerted.
Another common BEC trick is to create an e-mail with a spoofed domain. For example, the attacker might use email@example.com instead of firstname.lastname@example.org. If you don’t pay close enough attention, it’s easy to get fooled by these slight differences.
Most ransomware attacks follow the same playbook. Once infected- usually by a phishing scam or through an unpatched computer- the ransomware locks users out of the system. Your data gets encrypted and inaccessible, and a ransom message is sent to the company.
Here are a few ways to protect yourself from a ransomware attack:
- Backup your data
- Patch and update your software
- Educate your end users
- Create strong passwords
Four Reasons You Need Cyber, Now
- Privacy Laws – Property managers and real estate agents maintain a wealth of personally identifiable information (“PII”) about their clients, including rental applications, credit reports, background checks, etc. All fifty states, the District of Columbia and the federal government now have privacy laws requiring prompt notification if PII that is not encrypted is lost, stolen or disclosed. Cyber coverage will pay for the costs of investigating a potential breach, determining if notification is required, and providing notification services and credit monitoring to affected individuals. Cyber insurance will also cover claims by clients or other third parties arising out of a breach. Most E&O policies for property managers and real estate professionals do not cover these first or third party exposures.
- Shutdown – Cyber-attacks can disable, corrupt or shut down a business’s computer system, preventing any work from being done on the network and resulting in lost profits. Cyber coverage can include “business interruption coverage” which will pay for the loss of profits while these systems are down, awaiting restoration.
- Internet-Based Property Management Systems – More and more frequently, building management systems are being controlled by internet-based devices. This makes them susceptible to breaches, as hackers could infiltrate the building security system and use that capability to steal or corrupt data or other property, or commit other crimes. Cyber insurance can protect property management firms from exposure to the consequences of breach of building management systems that maintain.
- Third-Party Providers – Real estate professionals increasingly transfer or entrust data to third party vendors such as cloud storage companies, document storage or destruction providers, PEOs or other third parties. While this might help cut expenses, it increases risk. A recent Shockwave study revealed that in 65% of breaches, some third party data company was involved. In such situations, the real estate professional remains responsible for safeguarding that data. If these third parties experience a breach, the data owner is responsible for providing notice to the affected individuals under most privacy laws. Cyber coverage will provide coverage for the real estate professional, regardless of who caused the breach or where the data resided at time of the compromise.
Cyber Claims Scenarios
- A flash drive that was sent by a real estate agency via FedEx was lost. Approximately 170,000 files containing personally identifiable information were contained on the flash drive. Over $300,000 was incurred to pay for consumer notification costs, forensic expenses and legal support.
- Malware was remotely placed into a real estate agency’s computer system and all customer data was removed. The company incurred over $200,000 in forensics expenses and $240,000 in legal expenses.
- In 2012, the Massachusetts Attorney General fined a property management firm $15,000 after unencrypted personal information was breached. The firm was also required to train employees on the policies and procedures for securing and maintaining the security of personal information.
Why The Bunker?
At The Bunker, we’ve partnered up with the leaders in Cyber Liability Insurance in order to best serve our customers. With just a few details of your business, we can provide you with a Dynamic Loss Prevention report that goes over eight types of risk exposures that your business is facing, and we provide you with the solutions to fix these exposures. Give us a call today, and we can run a complimentary Dynamic Loss Prevention report for your business! Call us at 954-239-7346.