A Broker's Guide to Cybersecurity

As a real estate Broker, you want to provide your customers, staff, and agents with access to the Internet and information in a way that is easy, quick, and timely. However, with that service comes the responsibility of making sure it is secure.

Not many months go by where we don’t hear about a cybersecurity breach (i.e. Home Depot®, Target®, Equifax®, Yahoo®, Facebook etc.). While these breaches cost companies millions of dollars, the loss of customer confidence is more expensive still.  

Your brokerage is a target, no matter the size. 

I know what you’re saying, ‘I’m just a real estate Broker. I don’t have hundreds of offices. I’m too small to be a target.’ 

I’m going to be frank: Yes, you are a target. And no, your business is never too small to be a target.

For every major-publicized breach of a multi-billion corporation, there are hundreds of small business attacks that go completely unnoticed.

According to Verizon’s security research division, more than a quarter of data breach incidents in 2016 took at least one month for companies to discover. One in ten went unnoticed for at least a year. 

When companies do find out, it’s often too late to fix. The National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack.

You host information that is extremely valuable to hackers.

Below is just an example of the sort of information you are the steward of that may be useful to a hacker:

  • Agent credit cards used in your monthly office billing cycles
  • Agent’s personal identifiable information (PII)
  • Staff’s personal identifiable information 
  • Buyer/Seller personal identifiable information
  • Lawyer’s personal identifiable information
  • Buyer Social Security/Insurance Numbers (SSN and SIN), if you have in-house mortgage services
  • Banking information for trust/escrow accounts

As a small/medium business owner, you are not exempt from protecting this type of data.  In the U.S., the PII (Personal Identifiable Information) and Canadian PIPEDA (Personal Information Privacy and Electronic Documents Act) regulations can hold you accountable for a security breach. Each of these federal regulations spell out what actions you as a business must take in the case of a cybersecurity breach.

The first line of cybersecurity is your network followed closely by your staff. You don’t need to understand the ‘geek speak’ associated with IT and computers, however, you do need to be able to ask the right questions of your vendors and staff to make sure you are using industry best practices to secure your environment.

Keep your eyes open for part 2 of this blog coming soon!