It seems like every week there’s a big security breach in the news. Although Ashley Madison and Target might get all the headlines, more than half of all attacks are against small business owners.
We recently sat down with cyber security expert Scott Krawitz to discuss his common-sense approach to securing technical systems within the real estate industry. Here’s what we learned:
1. Your wireless router is your biggest liability.
At DEF CON (the world’s longest running and largest underground hacking conference), it was demonstrated that just about every Wi-Fi router can be hacked immediately by even a novice hacker because most people never take the time to change the factory admin password on their router.
This is not the same as the actual network password, but it allows the hacker to change your password, install malicious software on your computer — or even log every single key you type.
In other words, a hacker can basically ruin your life if they can get within 100 yards of your home or business. To protect yourself, change the admin password and hide the SSID. Instructions for doing both are easy to find through a simple Google search.
2. Mobile hacking is the new frontier
Mobile hacks are the fastest-emerging trend in the cyber security world. Many smartphones have very good factory-installed security measures that most users fail to utilize.
You can encrypt all of your inbound and outbound data, so it’s unreadable to any hacker who is able to steal it through an unsecured wireless network. The data will be unencrypted when it reaches its intended destination, so it won’t inconvenience you in any way.
This takes just a few minutes to set up on most iPhones and Android devices. Again, a quick Google search can show you how.
3. Technical attacks aren’t always technical
Much of what we consider “hacking” is actually just psychological manipulation. Hackers call or email and pretend to be someone they’re not, requesting some small piece of information that grants them access to previously secured data.
Never reveal your password, Social Security number, credit card number or any other piece of vital information to someone who contacts you. Instead, when you receive a suspicious request, call or email the main support line for the company they are representing, and ask if the request is valid.
4. Last Pass is essential
Last Pass is a paid software tool that allows you to keep all of your passwords stored in the cloud and automatically log you into accounts without actually seeing or typing the passwords. This allows you to create much more complicated passwords because you don’t have to remember them.
Better yet, you can create a multi-factor root password (a password that requires you to type in a code sent to your phone in addition to the root password), so no one can gain access to your passwords unless they had your phone and your root password at the same time.
If they realize you have a multi-factor password, 99 percent of hackers will give up immediately.
5. Macs are vulnerable, too
There’s a myth that Apple devices don’t get targeted like PCs. That might have been true several years ago when PCs represented 95 percent of the computer market; but now that Macs are more common, hackers are targeting them, too.
Macs need antivirus software, smart password protection and secured networks to be safe. None of this comes pre-installed on your Mac, which can make them even more vulnerable than PCs.
6. One weak link jeopardizes the whole team
It only takes a single access point to infiltrate an entire network. So, if you have a single team member who hasn’t updated to the newest antivirus software, it doesn’t matter if everyone else on your team has — you’re still vulnerable.
As an example, the famous Target attack had little to do with Target. Target’s systems were secure, but one of their vendors who had access to Target’s network was not secure. Once the hackers penetrated the vendor’s network, they were able to gain access to all of Target’s data.
To prevent against these asymmetrical attacks, create a team policy for cyber security that is adhered to by everyone, and have regular audits to ensure there are no weak links.
Take these tips, and protect yourself, your business and your clients. Remember that no one is immune, but you can take precautions to stay safe.