Cybersecurity threats are becoming increasingly common, with high-profile data breaches affecting some of the country’s largest companies including lender Latitude Financial, which has now put the real estate industry on notice.
According to an ABC report, Latitude initially disclosed that 330,000 customer details were stolen, but that figure has now risen to 14 million customer records, including 7.9 million drivers licences.
PropTech Accelerator, REACH Australia’s Director, Peter Schravemade says the Latitude hack should make real estate businesses understand the importance of taking these types of risks seriously and start putting systems in place.
“The thing I would say to any real estate business owner is that you need to look for an all-encompassing solution, rather than just a silver bullet,” Mr Schravemade says.
Mr Schravemade says the Latitude Financial breach occurred because passwords were compromised, which highlights the fact that human error is often one of the leading causes of cybersecurity attacks.
He suggests real estate businesses in particular should start putting more focus on better training for their employees.
“The number one way I feel as though a cyber threat, turns into an actual cyber attack, is from a lack of common sense or when staff are not aware of the threats that they may see on a daily basis,” he explains.
“Misappropriated emails or text messages or phone calls coming in, we all experience them.
“It doesn’t really matter who you are and generally they’re just after individual detail, but those happen on a business basis as well.
“So you might be in Victoria and you get an email from the Queensland Government saying that you’ve got an unpaid bill, but you’ve never been to Queensland, or you haven’t been in the not-too-distant past, so common sense would tell you that’s probably something you don’t need to open.”
Mr Schravemade says that it’s worth bringing in experts to help educate your team.
“That might involve getting a specialist, like someone from an insurance company or someone from a security standpoint actually coming in and talking to your staff and going, ‘here are the things that you see on a daily basis and you are our first line of defence’,” he says.
Proper procedures
Mr Schravemade says real estate businesses also need to focus on putting the right policies in place around money.
“One of the reasons that real estate agencies are targets for cybersecurity threats is the sheer amount of transactions that are transferred,” he says.
He explains that if your business is making large transactions regularly, then you need to have procedures in place to manage them.
“For example, if you are transferring sums of over $5000, they need to be dealt with ‘in this way’ or only handled ‘by this person’ or approved ‘by this person’ and checked,” he says.
“Just having those policies in place will protect a lot of the heartache that will go around having those sums of money go somewhere else.
“And the excess fees that you will then pay for insurance, assuming that you are insured, or to repair the damage done to a client.”
Who has access
Mr Schravemade also says it’s critical to identify who in your business has access to the information that is sensitive in nature.
“A great example of that would be having different security levels for people who handle funds or people who handle sensitive private information,” he explains.
“Let’s talk about rental applications, which has people’s driver’s license and their whole identity attached to that.
“Who has access to that and the dissemination of that data?
“Does everyone have a password and access to that and are they all targets for phishing scandals or hacking in general?
“If I was a business owner, I’d be looking at that and looking to minimise it.”
According to Mr Schravemade, there are also a number of security measures that are easy to implement that most business owners don’t do.
“Multi-factor authentication, for example, a lot of businesses don’t implement it just because it takes a lot of time when you’re logging into something, but it’s really hard if you’re trying to hack a business to get around that,” he believes.
“None of those things will make you a hundred per cent bulletproof against a cyber threat of some kind, but they are things that you can put in place around the transferring of money.”
Confirming in-person
Mr Schravemade says another way to ensure money transfers don’t get compromised is by directly contacting clients and vendors.
“One of the bigger issues we see coming into real estate at the moment is when the client’s email has been hacked in some way and the invoice that you have sent to the client is somehow intercepted, with bank account details that are not yours on it at the other end,” he says.
“To safeguard yourself against something like that happening outside of your office is to make the phone call and go, ‘just confirming we are sending this through and here are the account details that should line up with that invoice’.
“Or if you are paying out on an invoice, actually calling the client and confirming the details that have been sent through.
“That may be viewed as an inconvenience and it may take time out of your day, but some of these invoices in commercial and industrial leasing, they’re hundreds of thousands of dollars, so that’s not the kind of money that you want to go missing.”