Our goal is to help people in the best way possible. This is a basic principle in every case and cause for success. contact us today for a free consultation.
Newsletter
Sign up to our newsletter
Market Segment
While not traditionally associated with high-risk industries like finance, healthcare or manufacturing, real estate still has its fair share of cybercrime. Given the large amount of money and personal data associated with many real estate transactions, it’s easy to see how real estate companies can become easy targets.
How much risk will be presented and whether a successful cyberattack will occur depends on many factors, such as the level of preparedness or lack thereof. Real estate companies should take a step back to assess where the risk comes from and how to avoid it.
Social engineering attacks are the biggest collective cybersecurity risk for real estate companies. This grouping includes data banking transfers, CEO scams, and phishing emails or calls. A hacker may appear to be a trusted but unknown person, such as a vendor or new employee, to gain access to company credentials. Or the perpetrator could impersonate a company leader and send a fake email to request access to payroll records, for example.
Business email interception (BEC) attacks are another type of cybercrime to look for, as bad actors who successfully hack a corporate email will impersonate the owner to defraud the company and its employees, customers or partners. From Forbes: “According to an FBI public announcement, between 2015 and 2017, there was “over 1100% increase in the number of BEC/EAC victims” and an almost 2200% increase in reported monetary loss in the real estate industry.”
Social engineering attacks are the biggest collective cybersecurity risk for real estate companies. This grouping includes data banking transfers, CEO scams, and phishing emails or calls. A hacker may appear to be a trusted but unknown person, such as a vendor or new employee, to gain access to company credentials. Or the perpetrator could impersonate a company leader and send a fake email to request access to payroll records, for example.
As transactions and internal data move to the cloud, the rate of data breaches has increased, particularly due to misconfigurations or a lack of cyber due diligence at newly leveraged third-party vendors. When employees start working from home, companies without solid IT infrastructure and security awareness training are at higher risk of unresolved vulnerabilities and exposure to human error in company systems.
Third-party vendor risk is also a very real and persistent threat. Consider how many vendors and subcontractors there are in some way connected to real estate companies. If a data breach occurs with one of these vendors, the real estate company is likely to be at risk as well. Many real estate organizations do not take sufficient care on their vendors to ensure that they meet minimum security requirements, which can preferably be identified through third-party SOC 1 and/or SOC 2 approval reports, or at least through completed IT questionnaires annually.
The consequences of an attack extend far beyond the initial event. For smaller real estate companies, a well-executed cyberattack could even risk putting them out of business. In fact, 60% of small businesses that get hacked go out of business within six months.
According to a KPMG survey, only half of real estate companies are adequately prepared to prevent or mitigate a cyberattack. The less prepared a company is, the more vulnerable it is to hackers and scammers.
Our goal is to help people in the best way possible. This is a basic principle in every case and cause for success. contact us today for a free consultation.
Sign up to our newsletter