In recent years, the real estate industry (REIT) has seen a rise in digital threats ranging from phishing and email compromised attacks to breaches. These threats have also targeted builders and others in the housing space.
Consider the hack that targeted real estate and title insurance giant First American. The breach exposed the financial information of 885 million customers and pulled records dating back to 2003.
While a title insurance company, or any business in the real estate world, may seem like an unlikely target for an attack, these threats do make sense. After all, the real estate market is worth an estimated $31.8 trillion, and companies within it keep a massive amount of customer data, ranging from social security numbers to financial and banking information. As such, real estate organizations are scrambling to build programs to meet the best practices of standards like NIST or ISO 27001.
When we consider the future of the real estate industry, it’s evident that sound investments in cybersecurity are the only way to secure data and keep customers safe.
The Rising Tide of Cybersecurity Threats
First American wasn’t alone in being targeted. Back in 2018, a Memphis-based real estate company known as Crye-Leike was wrapped up in an international online fraud and phishing scam. One year before, in 2017, the FBI issued a warning about spiking cyberattacks designed to target real estate companies, specifically. According to the Auth0 blog:
“They noted that fraudulent real estate transactions jumped 5,000%, from $19 million in 2016 to nearly $1 billion (US $969M) in 2017. The FBI also saw inbound complaints of cyberattacks related to real estate jump 480% between 2016 and 2017.”
Although cybersecurity threats are becoming increasingly common throughout all industries, the real estate sector is at particular risk, as there is no federal law mandating that these companies must deploy cybersecurity programs. This means real estate data systems are especially vulnerable to attacks.
How Real Estate Companies Can Resist Cyberattacks
Considering the risks laid out above, it’s no surprise that every real estate company wants to protect itself from a data breach. Here are a few ways local and national companies alike can bolster their defenses and make themselves less vulnerable to an attack:
1. Develop Standards Around Wire Transfers
Under no circumstances should wire transfers be conducted via email. Email is a very sensitive system. In fact, it’s what initially led to the Crye-Leike beach in 2018. Instead of doing wire transfers via email, real estate companies should establish a standard of never wiring funds through email.
This keeps customers and organizations safe from phishing scams and reduces doubt around which practices are legitimate and which are not.
2. Familiarize Yourself With NIST Best Practices
While there's no formal mandate that real estate companies hold themselves to NIST best practices, self-imposing these standards is a great way to maintain security. According to NIST.gov:
“The need for cybersecurity standards and best practices that address interoperability, usability, and privacy continues to be critical for the nation. NIST’s cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the country’s ability to address current and future computer and information security challenges. “
More information on NIST best practices can be found on NIST’s website and in their blog.
3. Invest in a Cloud Security Platform
While many real estate industry companies are already digital, many are still using physical paper and filing systems. By just moving their data to the cloud, these organizations could enact multiple security advantages, ranging from distribution to greater behavioral insight and threat detection. This is one of the simplest ways to ensure cybersecurity, as well as being one of the easiest.
The Future of Cybersecurity in Real Estate
While the real estate industry continues to grow, cybersecurity will continue to be a primary consideration. Fortunately, companies that take proactive steps to secure their digital information will be less vulnerable to attacks and hacks than their counterparts.
Need need organizing your cybersecurity program?
Apptega provides software that can help you build, manage and report your cybersecurity program based on 12+ compliance standards. Apptega helps to simplify the complexity of these frameworks, eliminate spreadsheets and help you document and report on your organization’s change and configuration management as part of its overall plan. Plus, with Apptega's intelligent framework mapping solution, Harmony, you can see how your controls overlap other frameworks you are required to follow like ISO 27001, SOC 2, PCI, NIST, HIPAA, GDPR, CCPA and more.
Contact us today to set up your free trial.