Cybersecurity might not be as glamorous as closing a sale, but it's just as important to the health of your business. As a real estate agency, big or small, you work with valuable client data and sizable financial transactions that make you a tempting target for cybercriminals.
Unsurprisingly, this has led to a growing concern within the industry. Over 50% of local property practitioners have expressed extreme concern about cybercrime in a Prop Data poll. But there’s no need to panic. While the threat is real, so too are the solutions. In part three of our cybercrime series, get cybersecurity tips from property experts to help you avoid becoming a victim.
Make cybersecurity a priority
“The entire real estate industry from large corporates to small mom-and-pop shops needs to take data security very seriously and realise that part of our service offering is to protect clients from potential cybercriminals,” says Lesley Saunders, Head of Marketing at Broll Auctions and Sales. “Cybercrime is also constantly evolving so we need to evolve with it.”
Think before you click
A healthy dose of caution should be exercised at all times. “The old saying that ‘if it looks too good to be true, it probably is’ rings true online,” says Jeanne van Jaarsveldt, Head Office Franchise Manager at Jawitz Properties.
“I would suggest just using common sense and if you in any way suspect anything out of the ordinary, rather be safe and ask your principal, conveyancing attorney, IT specialist, or other relevant professional,” he says.
Invest in employee training
Human error remains the primary cause of security breaches. “Real estate businesses need to ensure staff undergo regular cybersecurity training and assessments,” says Saunders. “At our company, we receive regular updates from our Group IT and Risk Management team on keeping abreast of the latest in cybercrime. Regular threat audits are conducted and the company implements specific procedures for monitoring potential malicious activity and risk exposure.”
Also agreeing, Adam Barnard, Principal Property Practitioner at Harcourts Oudtshoorn, says awareness and training should be compulsory. “While it’s especially important for new estate agents, it should be a company-wide initiative irrespective of the level of education/qualification.”
Use reliable cybersecurity software
By scanning your system for malicious code, antivirus software safeguards your sensitive information from unauthorised access and prevents potential system damage. “All estate agents should have a reputable antivirus programme on their laptops, especially Android devices,” says Van Jaarsveldt. According to NordVPN, mobile malware targets Android devices more often than iOS because of its broader range of devices, which makes it harder to manage, and also due to the open nature of the Android operating system.
“At Harcourts, we use KYC Register as one of the fundamentals to verify clients before any communication is sent,” says Barnard. “This can be tricky as some clients do regard this as almost an invasion of privacy, but after communicating the reason for the verification process, clients do understand how important it is for our and their own security.”
Block cyber threats with a firewall
While antivirus software detects and removes malicious software, prevention is better than cure. “Property practitioners should also include a firewall in their security toolkit,” says Saunders. It acts as a barrier to block unauthorised access to and from a network or system.
Keep all software updated
It’s pointless having the best antivirus software and firewall if they aren’t updated regularly, highlights Saunders. By doing so, the latest security patches will address vulnerabilities that cybercriminals exploit in order to get access to a system.
Inspect emails closely for any red flags
Over the years, emails have become a key attack vector for cybercriminals. Messages can carry malicious links, attachments, and phishing scams designed to steal personal information, infect devices with malware, or gain unauthorised access to systems.
“We scrutinise the original email account to see if it was sent from a reputable source,” says Barnard. “Besides considering the language, we also have a policy of not opening or replying to a message if its authenticity can’t be verified.”
Boost email security with encryption
Statistics show the average office worker sends 40 emails a day. And as a prime platform for property practitioners, it’s also an area where they can be most vulnerable. Saunders says email encryption is a must, which is an authentication process that prevents messages from being read by an unintended or unauthorised individual. This can be easily done if offered as a feature by an email service provider.
Protect yourself with multi-factor authentication
This makes sign-ins more secure by requiring users to enter more information than just a password to access an account. “I would highly suggest an authentication app like Google Authenticator or Microsoft Authenticator, which adds another layer of protection against easy access to files and sensitive documentation,” says Van Jaarsveldt.
Create complex and unique passwords
According to TechReport, the word “password” is used by more than 4 million people as the code word for their account. If you’re one of them, Saunders advises switching to complex passwords that are harder to crack and using password managers to ensure these access codes are unique across your accounts.
Beware of suspicious downloads
Cybercriminals use files to transfer viruses and malware or embed content that could harm your computer, compromise your personal data, or lead to potential security risks. Always verify the source of any downloaded file and be cautious of unexpected attachments or links, as these could be malicious. “As mobile connectivity increases, this arena has become a playground for malicious apps,” says Van Jaarsveldt. “Only download apps from your app store and not from third-party suppliers where the app is not authorised by Google or Apple.”
Only sign into secure Wi-Fi networks
Estate agents are often on the move, making public Wi-Fi hotspots a convenient way to stay connected. While tempting to use free Wi-Fi at coffee shops or client homes, these networks can be vulnerable to hackers, shares Saunders.
"Sensitive client data, property details, and financial information should never be accessed or shared over unsecured Wi-Fi connections. Always prioritise secure, private networks to protect confidential information," she says.
Enhance your online privacy with a VPN
A virtual private network (VPN), protects its users by encrypting their data and masking their IP addresses. Saunders believes it can help property practitioners by providing an extra layer of security when accessing remote servers or cloud-based platforms. By encrypting an internet connection, a VPN protects against potential data breaches and ensures that client information remains confidential.
Analyse systems and processes regularly
Saunders says that by conducting thorough security assessments, you can identify vulnerabilities and implement necessary safeguards. This includes evaluating your email security, password policies, access controls, and data backup procedures. “At my company, we work with a lot of third-party vendors, so we also find it critical to assess their cybersecurity practices and ensure they meet our security standards,” she adds.
Be prepared for the worst-case scenario
“While no one wants to be the victim of a cybersecurity breach, we all need to be prepared if our companies are impacted by a cyber attack,” says Saunders. “It’s crucial to have a plan and measures in place to mitigate the damage and ensure a swift recovery.” This plan should outline steps to contain the breach, protect sensitive data, communicate with clients and stakeholders, and restore systems. By being prepared, real estate businesses can mitigate the impact of a cyberattack and maintain their clients' trust.
Act now to strengthen your digital defence
Cybersecurity breaches can be a real estate agent's worst nightmare and a costly headache that can erode trust and damage your reputation. But the good news is that many of these digital dangers can be avoided with a little foresight and planning. By implementing the strategies outlined in this article, you're not just protecting your business, you're investing in its future.
To find out more about the rise of cybersecurity threats in South Africa, read part one of this series. For first-hand experiences with cybercriminals, read the reflections of local property practitioners in part two.