Cyber risk has become a national conversation as high-profile data breaches at major retailers and banks have forced organizations across multiple industries to take a hard look at their potential vulnerabilities in network security and privacy liability.
While the real estate industry is usually not categorized as high-risk, that could change. Real estate professionals routinely obtain, store and transmit personal client information, including Social Security numbers and financial records.
This data is often collected from credit reports, rental applications, leases and rental agreements.
Collecting personal information imposes legal duties on the real estate industry to safeguard it. Should it be compromised, real estate professionals could find themselves in the same situation as those retailers and banks that experienced mass data breaches.
Legal fees, IT forensics expenses, notification, credit monitoring costs and investigations from government authorities would be expected. The financial impact and reputational damage could be significant.
Data breach costs studied in detail in a 2015 worldwide research report by the Ponemon Institute found that the average cost paid for each compromised record rose to $154 per record. That’s a 6 percent increase compared to Ponemon’s 2014 study.
Small business owners fail to protect themselves from hackers for several reasons that include a misunderstanding of the threat and believing they have protection from general business insurance.
While real estate brokerage firms might seem the least likely to be targeted by hackers, the fact is they do happen and even make headlines as in the case of Essex Properties in 2014.
The greater threat though is for the small to mid-sized business owners who fail to recognize that hackers look for easy targets. It is prudent to protect your customer information and business integrity by putting into place those safeguards that will ensure your longevity in real estate.
You should have a plan that follows these four steps to combat a data breach: avoid, prevent, mitigate and transfer.
- Avoid: Set clear policies and guidelines for data protection
- Prevent: Secure your data with appropriate software and practical safeguards
- Mitigate: Limit the damage of a data breach with a robust alert system
- Transfer: Cover the liability of the violation with a cyber insurance policy
Real estate professionals, just like all other business owners, must consider how best to protect their customer data. If you have private salary information for loan evaluations, banking routing numbers for escrow accounts or personal profile information, then you have data that is desired by hackers.
No business is guaranteed complete protection, but with some diligence your risk can be reduced.
John Farley, Vice President and Cyber Risk Practice Leader at Hub International, has 23 years of experience in insurance and risk management. Connect with him on LinkedIn.