As the festive season approaches, estate agents across the UK are preparing for a well-earned break. But cybercriminals are just warming up warns Hicomply, a specialist firm in information security management solutions.
Nick Graham, chief technology officer at Hicomply, warns that cyber criminals see this period as the perfect opportunity to exploit vulnerabilities and that estate agencies are a prime target for cyberattacks and data breaches over the next few weeks.
Recent figures highlight the alarming increase in cyberattacks targeting UK businesses. According to the latest UK Government Cyber Security Breaches Survey 2024, 32% of small to medium-sized businesses reported experiencing cyber breaches or attacks in the past 12 months, with estate agents featuring prominently on that list. Nick explains that estate agencies are desirable targets due to their handling of large volumes of sensitive client data, including financial details, identification documents, and property transaction data.
Graham said: “Unfortunately, it’s not the time to take your eye off the ball – as much as you might want to. The risks are even greater during the Christmas period, as cybercriminals exploit reduced staff levels and the automated systems or third-party vendors that businesses rely on. Cybercriminals often wait until the summer holidays or December to pounce so that they can take advantage of this, launching phishing emails, ransomware attacks, and data breaches when vigilance is at its lowest.”
Festive phishing scams are the biggest risk, with cybercriminals exploiting the season through fraudulent emails disguised as promotions, client requests, or payment notifications — particularly around pre-Christmas deadlines and information requests.
The impact of a data breach can be devastating for estate agents. If the potential to bring property transactions to a standstill or the financial penalties under GDPR regulations which can reach up to 4% of annual turnover isn’t a big enough risk, reputational damage and lost client trust can bring long-term recovery challenges that no agency wants to face.
Six steps to protect your business from Hicomply
Hicomply urges everyone to take proactive steps to safeguard their data and systems during the festive break. By implementing a few key measures, agencies can significantly reduce the risk of falling victim to cybercrime:
+ Pre-Christmas risk review
Before the Christmas shutdown, conduct a thorough review of your systems, software, and third-party vendors to identify any vulnerabilities. Ensure any updates, patches, or security measures are put in place ahead of time.
+ Educate teams on festive phishing scams
Quick-fire training or reminders for the team to help them to recognise phishing emails and fraudulent messages disguised as seasonal greetings, client communications, or urgent payment requests. Encourage employees to verify any unexpected requests.
+ Ensure backups are up-to-date and tested
Regularly back up all critical data and test these backups to ensure they can be restored in the event of a ransomware attack or system failure.
+ Monitor third-party vendors
Check that any third-party services or platforms you rely on have robust security measures in place. Review contracts to clarify responsibilities in the event of a data breach.
+ Develop a robust incident response plan
Those hackers won’t wait until Boxing Day. A clear incident response plan ensures your team knows exactly how to respond to a cyber incident. Establish key roles, define reporting processes, and test the plan regularly to minimise disruption.
+ Enhance password security
If there is time, change up your passwords pre-Christmas. Ensure strong, unique passwords are in place across systems and encourage multi-factor authentication (MFA) to add an extra layer of protection.
Graham added: “The festive season should be a time of celebration, not crisis. By staying proactive and vigilant, estate agents can ensure their businesses remain secure and resilient in the face of rising cyber threats.”