At long last, the wider public is starting to realise that hackers aren’t hooded movie villains – they’re real people doing real damage across the globe, especially in Australia and especially to small businesses.
Real estate agents, in particular, are prime targets for cyber-criminals due to a combination of factors, including the amount of valuable client data they hold, a lack of a security culture in the industry and a dearth of resources to cope with the threat.
AGENTS UNDER ATTACK
Holding sensitive information is unavoidable, and the lack of a security culture is slowly being overcome with education. However, like many players in the SME sector, real estate agents are bearing the brunt of cyber attacks because they lack the kind of robust security systems and capabilities that larger enterprises have access to. They’re soft targets with rich pickings.
Estate agents are particularly vulnerable to ransomware attacks, whereby criminals take control of a computer and demand cash or crypto-currency in exchange for a return to service. These viruses are problematic to counter, as hackers will often refuse to restore functionality once the ransom is paid. Paying the fee does not eliminate future threats either; on the contrary, the victim is then identified as a compliant target and even more likely to be attacked again when a new vulnerability opens up.
Of course, the threat is greater than just malware (that is, viruses and ransomware). The traditional hacker weapons of phishing, DDoS, key-logging, cross-site scripting and session hijacking are still widely practised and becoming increasingly sophisticated.
For agents and auctioneers, the consequences of cybercrime can be devastating. Not only could they lose sensitive client data and critical operational capability, leading to major business interruption costs, but the damage an attack could do to a business’s reputation in the community could be just as harmful. Recent high-profile malware attacks such as the ‘WannaCry’ and ‘Petya’ viruses have highlighted both the ease with which systems are breached and the extent of the damage they can cause.
PREVENTION AS PRIORITY
The Australian Government is acutely aware of the danger hacking presents and has provided a five-minute, easy to understand guide on how small businesses can stay safe online.
Three of the most important things you can do from a prevention standpoint are:
Passwords – Keep them unique and a little bit complicated. If you’re finding it too difficult to remember all your passwords, get onto a password manager application like LastPass, Keeper or RoboForm. LastPass is probably the most popular and widely adopted; it’s simple to use and provided on a ‘freemium’ model, whereby basic features are free and the premium version is available for a small fee (currently $24 per year).
Backups – This is an easy and effective way to mitigate the threat of information hijacking like ransomware. For about $250 electronics retailers will sell you a five-terabyte external hard drive that holds the equivalent of 1.5 million photos. Back up your data regularly, and keep your hard drive off-site in a secure place.
Update and Lockdown – Software and anti-virus updates can be annoying and time-consuming, but they have a vital function: applying patches to known vulnerabilities in the software you’ve installed on your computer or device. Accept them as often as you can, and be vigilant with shutting down your PC or laptop when not in use.
INSURANCE AS A FIREWALL
Whilst prevention is a clear way to minimise the chance of a cyber attack occurring, Cyber Liability insurance will minimise subsequent damage to your business by covering the expenses and legal costs that are associated with breaches. Cyber Liability insurance won’t prevent an attack, but it will help businesses to manage the event effectively and get back on their feet as soon as possible.
Benefits that are generally included in Cyber Liability insurance are:
- Business interruption costs
- Data recovery and investigation costs
- PR & crisis management costs
- Extortion costs
- Penalties and fines
Things that are typically NOT included in Cyber Liability insurance are:
- Damage to property
- Replacement of equipment
- Prior known facts and/or instances
- Intentional acts
KEEP IN MIND…
Hackers are devoting 100 per cent of their energy and resources towards probing for weaknesses in business networks and finding ways to make money off them. If the real estate industry isn’t doing enough on an agency-by-agency basis to prevent and insure against this threat the consequences will be dire.
Of course, there aren’t any magic bullets for preventing cybercrime; even the best security systems are vulnerable to breaches and the kind of client data that agents retain is too attractive for hackers to ignore. But basic preventative measures and robust Cyber Liability insurance will go a long way towards ensuring real estate agents are able to survive cyber attacks, now and in the future.
For more information visit bizcover.com.au
BizCover™ Pty Ltd (ABN 68 127 707 975; AR 338440) is a corporate authorised representative of Mega Capital Pty Ltd (ABN 37 098 080 418; AFSL 238549). This is general advice only.