Several mortgage companies were beset by cyberattacks in 2023, and as real estate companies carry valuable customer information, this makes them valuable targets. If you’re on a team, you share the risk with your teammates. There’s a plethora of good options out there to firm up your business cybersecurity, including group-focused options that will ensure everyone is on the right track.
Institute two-factor authentication (2FA) rules and more
Under two-factor authentication, you must supply not only your username and password to log into a secure account, but also a numerical code (whether sent to your cellphone, generated by an app, etc.). If you don’t have the trusted device that receives the code, you (read: any cybercriminals) can’t log in.
If you’re a team leader, consider making all office/business accounts 2FA by default. If you’re not the boss, you can still persuade your teammates as to why 2FA is the right call when it comes to protecting clients’ info.
Jennifer Keller, director of operations at Latter & Blum, praises 2FA, but believes brokerages can go a step further.
“While we consider 2FA essential, we also recommend using a password manager. Randomized passwords across all your logins helps protect your password from being exposed in a data breach. Not all platforms support 2FA, so it is still important to not use the same password everywhere.”
Structure a process for sharing sensitive information
According to Corey Hasting, broker/owner of Engel & Völkers First Coast, “everyone has to understand that no matter how ‘secure’ something is, if hackers want it, they’ll probably get it.”
This isn’t a cause to give up on cybersecurity, though. In fact, it’s quite the opposite. It’s essential to put standard operating procedures for sensitive information in place among your team to minimize any openings in security. For Hasting, that means training agents to never send wiring instructions to and from clients (given the potential for impersonation).
“Have the title companies or lenders send directly to the client, and we strongly encourage the client to call the respective party before hitting send on their wires,” explains Hasting.
Take a cybersecurity class
If cybersecurity isn’t your area of expertise, there’s no shame in learning from the pros. Check if any local (or online) community colleges are offering courses on cybersecurity for professionals. Even a simple LinkedIn certification can go a long way.
Education is inevitable with cybersecurity, because protocols and tools are always evolving. “We understand that cybersecurity threats are constantly evolving, so our focus is on tools and preventative measures to improve continually,” says HomeServices of America’s Chief Technology Officer Patty Smejkal of the company’s philosophy.
Bringing a cybersecurity instructor into your office for a group seminar can be a valuable team-building exercise. Just be mindful of the time commitment, as the work of real estate professionals is all about hustling—and you don’t want team members feeling like they’re stuck in the office or tied down to a desk for an extended period of time when they could be out in the field.
Find the best tools and partners
Real estate professionals agree that since there are many options for cybersecurity, teams and brokerages should be open to trying out the various options and finding what works best.
“We use enterprise-grade security products to prevent malware and other known malicious cyber attacks from occurring, protecting our equipment and networks,” says Smejkal. “Additionally, we partner with a highly experienced security team that provides 24/7 monitoring and alerting.”
If you’re a team leader, one way to keep team members on their toes involves using phishing test emails, i.e., emails that mimic a spam/malware email. If it’s ignored, then you know your team’s cybersecurity aptitude is where it needs to be. If one of your team members clicks on the phishing links, that’s a good indicator that some education is needed.
On top of that, make sure your third-party partners take cybersecurity as seriously as your team does. For Hasting, those partners include Dotloop, kvCORE and Docusign.
