Estate agents are being urged to be do more to protect sensitive data amid a sharp rise in the number of cyber related crimes.
The Guild of Property Professionals points to research by BAE Systems, Britain’s largest defence contractor, which shows that there has been a huge jump in botnet, ransomware and phishing attacks.
Police forces in England, Wales and Northern Ireland recorded more than 6,000 cases of Covid-related fraud and cybercrime during the pandemic, while data from Interpol revealed that ransomware incidents have increased by more than a third, with phishing and fraud claims increasing by 59%.
According to Paul Offley, Compliance Officer at The Guild, cybercriminals have adapted their approach and have found ways to exploit businesses by seeking out remote working security gaps.
He said: “While working remotely has been an integral part of keeping people safe during the pandemic, it has also opened up opportunities for cybercriminals looking to infiltrate networks through more vulnerable IT systems.
“If large corporate entities and government bodies are susceptible to being hacked, how much more vulnerable are independent agents or remote workers who typically have weaker technological defences.
“With insurers inundated with cybercrime claims, there has been a substantial increase in cyber insurance premiums, along with insurers requiring more data and ensuring that stricter risk management procedures are adhere to,” he says.
Offley notes that as a profession with access to highly sensitive data, it is essential for estate and lettings agents to have procedures in place that will safeguard their systems from a cyber-attack.
He advised: “Apart from deposits, rentals and other money collected by agents, there is also a significant amount of sensitive data that should be protected such as client’s addresses, account details, alarm records and passwords to access homes, not to mention passport details and the like.
“Access to this kind of information is what has made the industry a target among cybercriminals.”
He added: “Another consideration should be cyber liability insurance, which would provide some peace of mind if an incident does occur. In fact, with eight out of ten businesses in the UK having experienced a cyber security breach in the past year, cyber liability should be more than a consideration, it is essential.”
How can agents help to reduce the risk of a system breach? The Guild offers the offers the following tips:
Regular password updates on all devices.
Password complexity – use different passwords for different accounts.
Never share passwords.
Two Factor Authentication where appropriate.
Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing.
Software updates.
Ensure files are encrypted.
Monitoring of mobile and home working procedures
Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine.
Cyber Liability Insurance
Comments (2)
We are seeing more frequency of cyber claims than any other class. It would appear the cyber criminals have become stronger and more sophisticated over the last 18 months and there is no sign of it slowing down!
Cyber liability insurance policies vary enormously. You get what you pay for when it come to cyber Insurance with the key section of cover being the instant response cover and cyber crime extension.
Half baked advice.
1) Regular password updates – any cybersec pro will tell you that all this is does is weaken your passwords as you get lazy coming up with new ones. So don’t bother. You can keep the same password, but see points 3 and 4!
2) Yes, but avoid using real words otherwise you just end up with EstateAgent01, EstateAgent02. Use a complex password generator and preferably use a password manager like LastPass. You’ll never need to care what passwords are again. And see point 4.
3) Never, ever, share passwords. And if you do really need to, don’t send them via email or text, use a site like onetimesecret.com. Where possible, delegate access to other accounts rather than offering direct login.
4) ALWAYS use 2FA wherever possible, not just where you think it’s appropriate. If a site offers 2FA, use it. And don’t use SMS or phone call verification, use an app.
5) You should be using cloud based email at this point. Anything less and you’re already exposing yourself to risk. So if you are using Office365 or Google Workspaces, engage a phishing agency to run regular tests and awareness training. And review your tenant against the Microsoft/Google best practice tips to make sure it’s safe, secure and being monitored regularly. Do you or your staff travel overseas? If not, then why is non UK access enabled? Turn it off!
6) Software updates. Generally speaking you don’t maintain cars yourself anymore so why do you think you can manage your own IT infrastructure. Get a professional IT company in, don’t rely on Neville your neighbour’s sister’s cousin’s mate!
7) In line with 6, a good IT company will encrypt your computer AND any backups. You’re doing backups right? And storing them off site? Good!
8) Do all the above, remote working is a breeze. Where you might dictate a password in the office, use OTS remotely. Or use 2FA on the master account and delegate to a secondary account.
9) Obviously. Although perhaps not.
10) Pointless if you don’t do all the above. Like any insurance they’ll wriggle out of it arguing you did nothing to protect yourself. It’s not just free money they give you as a reward for carelessness.
There are lots of ways (mostly easy) of keeping yourself secure online. These are just the basics.
If you need me I’ll be on the dark web wearing a hoodie with the hood up, indoors!