Cyber security for real estate agencies

Trust is the bedrock of every successful real estate agency and in today’s world of data breaches, that trust must now extend to digital trust, according to an expert. 

On the back of a number of high-profile cyber attacks, including in the real estate sector, MRI Software, Vice President of Product APAC, Mark Cohen said agencies risk losing their clients’ trust in an instant if they fail to keep their data safe and secure.

The role of trust in data security featured in a recent MRI webinar that Mr Cohen hosted featuring industry leader Fiona Blayney, CEO of Real+ and Laura Khoury, an Online Fraud Manager of Macquarie Bank, on the topic of Cyber Security for Real Estate Agencies. It’s an issue he intends to explore further in a presentation he will give at the Business of Real Estate (BizRE) Annual Conference on the Gold Coast on September 11-13.

“When you’re buying or selling a house, there’s a huge amount of trust that you’re putting into this person with the biggest asset in your life,” Mr Cohen said.

“What’s changed now is trust and cybersecurity have become the same thing.”

Mr Cohen said while trust once meant an accurate price guide and transparency it now extended beyond that to digital trust, including keeping details such as names, addresses, bank account details and identification documents safe.

He said in the current environment, many scammers are targeting trust accounts and putting agencies’ reputations at risk while causing uncertainty and distrust among buyers and sellers.

The property management sector isn’t immune either.

“Basically you can follow the money whenever it comes to fraud like this,” Mr Cohen said.

“What we’re seeing is some very sophisticated attacks, coming in from all kinds of attack vectors. 

“Really what they’re doing is that they’re chasing the dollars. 

“They’re trying to figure out how to get into trust accounts and steal cash.”

According to Mr Cohen, when a vendor elects to hand the sale of their property over to an agent, or even when a potential buyer enquires online, they expect the agent is managing that safely for them and their personal brand is associated with that level of trust.

“The cost to repair the damage is way beyond what gets stolen – it’s reputational damage,” he said.

“We’ve been trying to tell people and to help people understand how to minimise their risk, how to minimise their footprint, how to minimise the attack perimeter where people can get at them and to understand their obligations under the law. 

“We’ve been trying to help a little bit with training and encouraging people with understanding what they should or shouldn’t do and helping with reviewing processes and providing information around that.

“How you run your business, what kind of data are you collecting, when are you keeping it, when should you not keep it anymore and what are the standards?”

According to the Office of the Australian Information Commissioner, 45 per cent of data breaches in Australia were caused by cyber security incidents.

The top causes were ransomware (29 per cent), compromised or stolen credentials

(27 per cent) and phishing (23 per cent). 

Mr Cohen said Microsoft had revealed that of the hacks on Office 365 online, 99.9 per cent could have been avoided by enabling two-factor authentication.

“When you do turn it on, if you enable two-factor authentication on your line of business system, the very next attack vector is your email,” he said.

“If you don’t have your email secured, then they’re going to target that. 

“Then the very next attack vector will be whatever the next system is in your supply chain.

“So it’s really important that two-factor authentication is enabled everywhere, wherever you can, turn it on.”

Mr Cohen said other ways MRI Software recommends agencies take responsibility for digital security and trust startswith being vigilant and not underestimating a hacker’s interest in your business.

He said that it’s also important to continually focus on staff training to make sure they are aware of the risks and potential vulnerabilities, as well as ensuring you only collect necessary data from your clients and regularly review your practices.

It’s imperative that all agencies know their obligations under privacy law and always be as transparent as possible about how you are using your client’s data and who you are sharing it with, Mr Cohen said.

The Cyber Security for Real Estate Agencies video on-demand, MRI webinar, featuring Mark Cohen with Fiona Blayney, CEO of Real+ and Laura Khoury, an Online Fraud Manager of Macquarie Bank, is available here.

He will also present at the Business of Real Estate (BizRE) Annual Conference on the Gold Coast, September 11-13 on the topic of “Transforming Real Estate through Trust and Innovation“.

Show More

Rowan Crosby

Rowan Crosby is a senior journalist at Elite Agent specialising in finance and real estate.