Editor’s note: With identity theft and mortgage fraud on the rise, the security and privacy of consumer data in real estate transactions is a real concern, and experts say that companies need to manage security policies closely to improve consumer trust and protect themselves from lawsuits. In this three-part report, Inman News looks at three aspects of data protection: online property listings, options for small brokerage offices, and how the lender community is safeguarding sensitive consumer information. (See Part 1 and Part 3.)
Imagine being the real estate broker who has to face a group of homeowners to let them know that a laptop was stolen containing their homes’ listing information, along with their personal financial profiles. Such situations are a rising concern among consumers since high-profile cases at a few major banks and ChoicePoint came to light last year.
The security and privacy of consumer data in real estate transactions is also a concern, and companies need to manage security policies closely to improve consumer trust and protect themselves from lawsuits, experts say.
While many large brokerage companies and multiple listing services are implementing company-wide systems that aim to ward off things like data scraping and password stealing, smaller two- and three-agent brokerage offices have the same concerns but with less money to invest in big technology systems.
Mac McMillan, CEO of Cynergistek, says there are at least 10 simple things that small brokerage offices and individual agents can do at a relatively low cost to protect themselves from vulnerabilities. Cynergistek is an information security consultant with clients in the healthcare, financial and real estate industries.
“First, if they’re running an older version of Windows (operating system), one of the best things they can do from an investment standpoint is to upgrade to Windows XP,” McMillan said. The XP system is the first from Microsoft that comes with a lot of security functionality already built in, he said.
The second thing he recommends for small offices is that they install antivirus software on their computers and keep it up to date. Most antivirus systems have default settings that direct it to look for updates once a day and that’s efficient, he said. Agents and brokers also should ensure that the software does a weekly scan of the system and can do so by checking this option in the settings.
McMillan also advises in his third tip that brokers running Windows XP set their Internet Explorer Web browser settings to automatically search for antivirus and Windows system updates. That way, security patches will be downloaded automatically and brokers just have to install them.
Also within Internet Explorer in Windows XP, McMillan says in his fourth tip, users can turn on security settings to tag certain Web sites as trusted or not trusted.
“Say you’re an independent agent working for Coldwell Banker – you can tell your computer that Coldwell Banker is a trusted Web site and that will allow you to do more things in terms of downloading,” he said. With sites marked as “not trusted,” he said, “it adds a layer of protection so you don’t accidentally download something you don’t want to download.”
McMillan notes in his fifth tip a product called Microsoft Baseline Security Analyzer, a free tool that will scan the broker or agent’s computer and make recommendations on how to make changes in their settings to make the machine more secure.
The data security guru also advises that brokers and agents encrypt files on their computer’s hard drive – especially with laptop computers – so that if the computer itself is stolen, the files won’t be as accessible. “This is another reason to upgrade to XP because it has the native ability to encrypt files on the hard drive so you don’t have to go and buy another encryption tool,” he said.
The encryption tool enables brokers to set up and encrypt certain folders so that only specified agents can view them, or agents could encrypt certain pieces of communication to hide more sensitive information such as when homeowners are away from their houses for showing times.
Another prominent threat to data security is spyware, programs often installed as “extras” through other file sharing programs that can change the appearance of Web sites, alter settings, cause poor system performance and collect information from a computer, among other things. For small broker and agent offices, McMillan pointed to a free Microsoft tool that’s in beta testing called Windows Defender that will check a computer for spyware.
While he said spyware is often used for marketing purposes, hackers can use it for much more malicious doings. “Certain spyware can actually capture bank account numbers, Social Security numbers, and other things and will send them back to the (spyware originator’s) site,” he said.
In addition to running a program to help find and eliminate spyware, McMillan’s eighth data protection tip is to back up data on a weekly basis at the least. Individual agents can back up data on CDs, he suggests, while small brokers who have multiple computer users should consider backing up data on a separate hard drive. Small backup hard drives can be purchased for $200 to $300, he said.
McMillan’s ninth piece of advice is to ensure the physical security of working mobile devices such as laptops and PDAs. He pointed to security breaches involving stolen laptops and the need to secure them just as you would an expensive necklace, for instance.
“Use common sense,” he said. “Do not leave your laptop in the office over the weekend. Don’t leave it in a hotel room when you go out somewhere,” or at least hide it in a drawer or out of site.
McMillan’s last piece of advice for small brokers and individual agents is to use common sense with e-mail and the Internet – i.e., not downloading Web programs from untrusted sources, not opening e-mail from unknown people, not bringing in software that someone gave to you. “If you could get the small independents to do that it would dramatically improve their changes of avoiding incident,” he said.
McMillan’s company, Cynergistek, is a certified tester for the National Association of Realtors’ Realtor Secure program, which certifies technology security practices used by MLSs and real estate brokers.
Todd Costigan, senior manager of industry relations with NAR’s Center for Realtor Technology, said there is a small organization security checklist within Realtor Secure that allows brokers to gauge their office information security. The list is available at the Realtor Secure Web site and by clicking on “Take the self review” and choosing the one for small organizations.
The self review is a questionnaire that, when filled out, will give the organization an idea of security measures they are performing and those they aren’t.
The top three threats that smaller organizations face, Costigan said, are viruses, spyware and phishing attacks, which use bogus e-mail messages to trick people into giving up bank account or other personal information.
One of the largest benefits to real estate organizations in taking security precautions is that “it will allow them to not have interruptions in their business,” Costigan said. “The greatest thing we’re all chasing is more time, and time spent applying these measures – while there’s no guarantee of perfect security – helps prevent problems.”
Send tips or a Letter to the Editor to email@example.com or call (510) 658-9252, ext. 133.