(5 min read)
A cyber attack is one of the biggest business risks facing estate agents and property agents today.
Protecting your property agency against cyber crime
Criminals are targeting businesses that hold valuable private data, and estate agents collect precisely that – highly sensitive personal information including bank account details, passport copies and other data.
With Verizon’s 2022 Data Breach Investigations Report stating that at least 82% of the breaches they knew about being caused by human error, it’s never been more important to make sure staff across your agency – including those working part-time or Saturday hours – have clear and useful cybersecurity training. Common reasons for a successful breach include:
- Phishing scams
- Stolen credentials
- Compromised work devices
- Poor cyber discipline
- Breach via a third-party provider
Estate agents and property websites have already been targets of successful attacks. In 2021, six agencies had their Rightmove listings altered by hackers, and the UK’s Guild of Property Professionals says that hackers are looking both for ways of diverting money during the sale process, and for valuable data they can sell on the dark web.
Do you know where you’re vulnerable?
Cybersecurity should be part of your regular risk assessment reviews. Do you know where you are vulnerable to attack? Here are some key questions you should be asking:
- Do your agents share devices, and therefore also share passwords?
- What information do you collect from sellers, buyers, landlords and renters?
- How do you store this information, and for how long?
- How do you securely delete or dispose of private data?
- Who do you use for data storage and IT support? Do you know what their cyber security position is?
- What process do you have in place for responding to an attack?
Companies operating in the property or estate agency environment often recommend other third-party services to their clients. This might include surveying companies, mortgage brokers, conveyancing solicitors and insurance brokers. If you do this, you should also be confident about the security that these third parties have in place.
For example, 18 months ago the Simplify Group, which offers a range of conveyancing services to property agents, including major platforms like Purple Bricks and Yopa, was affected by a ‘major security breach’. This breach affected several companies within the group and had a knock-on effect on transactions in progress, putting sales at risk.
Your obligations to your clients
To meet regulations like money laundering requirements, estate agents and property professionals need to ensure that clients are who they say they are. In most cases, this means collecting copies of passports, details of bank accounts, employment details and more. In the wrong hands, this information is incredibly valuable, and losing it can be disastrous both for your clients and your business.
If you are collecting this type of information from your clients, you must be able to give them the confidence that you are storing it safely, and that your staff take their responsibilities seriously. Failing to do this will damage your business reputation – and in a highly competitive industry, you can’t afford to let that happen.
And, just as importantly, if you lose client data in a cyber attack, and it looks like you didn’t have suitable defences or mitigations in place, you could be liable for a large fine from the Information Commissioner’s Office (IPO), which regulates data protection.
Staff awareness is critical
It’s important to put in place the full range of cybersecurity protections, including ongoing and thorough staff training. One course simply isn’t enough – this is about how your staff behave every day, whether it’s how they look after their devices, how they respond to unsolicited emails and how they treat your clients’ personal data.
So, why wouldn’t you invest in the best quality online staff training. It can be quickly rolled out across your business, you can add new people as they join, and prove to your clients that all your staff are involved in ongoing, up-to-date cybersecurity training that helps to protect their data and your business.
Contact us today to find out more about how we can put your agency on the road to better cyber protection.
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.