Cybercrime now outweighs drug trafficking as the most lucrative form of crime, and the real estate industry is fast becoming a preferred target. It’s no surprise considering the amount of money and wealth of personal information behind real estate transactions, or the fact that the industry is worth around $16 billion in Australia alone. It really is a gold-mining opportunity for cybercriminals.
Following a spate of high-profile breaches involving the national Property Exchange Australia (PEXA), the insurance industry is forewarning of a potential “cyber security crisis” in the real estate sector. As Australia is transitioning from the 150-year-old paper-based Torrens Title System of exchanging property to the electronic PEXA system, cybercriminals are grinning from ear to ear like kids in a candy store.
But it’s not just the recent PEXA incidents that are a cause for concern. Stories of cyber attacks and security breaches have become commonplace; however, we tend to see them as a problem only for big businesses, as these are the ones making headlines. Attacks on small businesses are largely under-reported, giving a false sense of security to smaller business owners. In fact, according to the Australian Small Business and Family Enterprise Ombudsman, small businesses are the target of 43 per cent of all cybercrimes in Australia. And of those who do suffer a significant cyber breach, 60 per cent go out of business within the following six months. These are some sobering statistics.
A lot is at stake for small businesses, particularly due to their lack of resources to invest in robust security and their limited expertise in understanding their cyber exposures. The scams cybercriminals come up with are simple and take relatively little effort on their part. One method commonly adopted by hackers is the use of phishing scams. An employee receives a fraudulent but legitimate-looking email, and due to the high volume of online enquiries many agencies receive it doesn’t take much for human error to occur – such as clicking on a link that releases malware or ransomware into the business network.
Then there’s the more sophisticated scams whereby these criminals hack into an estate agent’s email account, monitoring it for scheduled sales settlements. They then intercept emails between the agent and their client, sending altered bank account details to trick buyers into redirecting funds to an organised criminal group via layers of money mules – making them almost impossible to track down.
The consequences of cybercrime and scams such as these can be dire. Not only can huge amounts of money be siphoned away, but sensitive client and business data can be compromised, operational capacity can be lost, and major business interruption costs incurred. But perhaps one of the most difficult things to repair is the damage caused to a business’s reputation. Lose the trust of your customers and you could lose your entire business.
As such, it is essential that all agencies are aware of how to protect themselves against falling victim to cybercrime by having robust systems and procedures in place. The onus is also on agents to not only educate their staff, but their clients too.
Here are a few security measures that agencies can take:
- Use firewalls and encrypting information to protect your internet connection
- Regularly update your software with the latest versions and patches
- Install and regularly update anti-virus software
- Use solid pass-phrases rather than simple passwords, for example, ILoveToWatch$ex&TheC!ty
- Use two-factor authentication for added security wherever possible
- Regularly back up your files and keep a copy in a secure off-site location
- Implement a cyber-security policy, and educate staff about online threats and cyber-security best practices
- Provide trust account details to clients in hardcopy form, rather than sending via email
- Advise your clients to contact you immediately if they do receive a request to transfer funds via email
Furthermore, the REINSW advises agencies to ensure that their internet banking doesn’t allow Real Time Gross Settlement (RTGS) payments, which transfer money in a short space of time rather than overnight. They also recommend against allowing the same person to create and authorise payments, as well as making sure all transfers are carefully checked before hitting send.
Whilst prevention is the key to minimising the chance of a cyber breach occurring, it doesn’t eliminate the possibility altogether. Therefore, having an adequate back-up plan in place should form part of your overall cyber-security management plan. Cyber Liability insurance can help protect your business by providing a dedicated cyber breach response team to provide expert assistance in the event of a claim to help restore your systems. It can also cover the costs involved as a result of a breach of the Privacy Act, such as investigations costs, defence costs, fines and penalties, and credit monitoring costs. Some policies also offer an additional option to cover direct financial loss arising from social engineering, phishing and cyber fraud. Protecting your business against a potential cyber attack could mean the difference between keeping your doors open or shutting up shop for good.
To read more on cyber security for small businesses, including the different types of threats, how to protect your real estate agency and what the Notifiable Data Breach Scheme means for your business, download your free copy of Cyber Security Basics for Small Businesses.
This information is general advice only and doesn’t take into consideration your particular objectives, financial situation or needs. Before making a decision please consider the relevant Policy Wording. BizCover™ Pty Ltd (ABN 68 127 707 975; AFSL 501769). © 2018 BizCover