If you’ve ever had to deal with identity theft, you know what a nightmare it is — it takes weeks, if not months, to disentangle the mess.
For real estate brokerages, that nightmare could be compounded by thousands if a hacker obtains access to client documents.
Imagine having to make this phone call to your clients: “I’m so sorry, but there was a breach in our security and I’m afraid someone now has access to your name, Social Security number and bank account details.”
Three experts (Craig Grant of the Real Estate Technology Institute, Alex Camelio of Lone Wolf Real Estate Technologies and Juanita McDowell of InMotion Consulting) and two moderators (Warren Dow of Lone Wolf Real Estate Technologies and Houston Realtor Amy Smythe-Harris) — all of them members of the Real Estate Technology Institute — discussed this topic in detail at the National Association of Realtors Annual Conference and Expo, noting where brokerages might be vulnerable and how they can protect themselves.
First mistake: Skimping on virus protection
Are you still using the antivirus software that came for free with your machine? (Or are you on an Apple device and convinced that you don’t need it?)
Craig Grant, owner and course creator at the Real Estate Technology Institute, had this to say: “There are a lot of areas in your business you can skimp and cut corners — virus protection is one area you definitely should not. You’ve got to make sure you get the best tools.”
The tools he typically recommends are Avast, Kaspersky, Malwarebytes and Avira. He added that Norton’s and McAfee tend to rank poorly in tests.
And if a Genius Bar employee tells you that you don’t need antivirus software on your Mac — think twice, advised Grant.
Don’t forget the devices
“A lot of people assume they only need to protect computers,” said Grant.
“The reality is, every device you have these days needs to have antivirus protection on it.”
Free isn’t best
If you do decide to go for a higher-quality antivirus, don’t then shoot yourself in the foot by choosing the free or cheapest version.
“What you need to purchase is typically called an end-to-end solution,” advised Grant. “They’re protecting every aspect of how a hacker could get your data.”
Pick one and keep it updated
“If you have two pieces of virus software installed, they’ll start combatting one another,” said panelist Alex Camelio, director of industry engagement at Lone Wolf Real Estate Technologies.
“It’s about picking one good one, sticking with it and making sure you keep it updated.”
Second mistake: Failing to back up
If someone were to steal your laptop (or break into your office and make off with your desktop), how long would it take you to recover everything?
The panelists recommended using either an external hard drive or a cloud-based program, such as Carbonite, to back up your devices.
If you do decide to go with an external hard drive, store it away from your computer — you wouldn’t want the theoretical thief to make off with both your device and your backup, after all.
Third mistake: Not mixing up your passwords
“Passwords are by far the biggest security risk you have,” said Grant. “If you’re using the same passwords, it’s not a question of if you’ll be a victim, it’s a question of when.”
He recommends using LastPass, a password manager that will allow you to collect all your passwords in one place and just remember one — the one that gets you into LastPass.
You can also ask the product to generate you newer, tougher passwords, “and that way you have different passwords on every site,” Grant added.
Camelio disagreed, however — he said that he prefers teaching a memory trick and showed attendees some information about different levels of password strength — adding in special characters, capital letters and numbers (especially in random places mid-password) is always preferable to a simple password. For example: r3@Ltor4l!f31981 will take much longer to hack (by potentially thousands of years) than Realtor4Life1981.
The trick involves creating a difficult-to-hack base password, then adding something unique to each account at the end of each password so that you aren’t using the same password from account to account.
For example, your Facebook password might be r3@Ltor4l!f31981Zuckerberg, and your Gmail password might be r3@Ltor4l!f31981G00glemail.
“Because it references the site, you have a memory trick to start remembering that you have a different password for every account,” noted Camelio. “It’s easy to remember that strong base, and adding that extension makes it far more safe.”
Fourth mistake: Falling prey to social engineering
This involves manipulating employees into giving up confidential information — and it’s something real estate brokerages are vulnerable to, said McDowell.
For example, you might receive an email from the bank that your brokerage uses asking you to log in and address a problem — then a maintenance screen opens up asking for a name and telephone number.
Then you receive a phone call from someone who says, “We see you’re having problems — please try to log in again using the link we just sent you,” and it’s all over.
The same applies, of course, to social media. “Think through what kind of information you’re displaying out there online,” advised Grant — if the color of your first vehicle is a security question on your bank account, have you considered removing the Facebook photo capturing your surprise on your 16th birthday?
And when you’re going on vacation, it’s probably best not to advertise that information to the world, he added — it means your home (or business) could be unattended.
Fifth mistake: Neglecting network security on your phone
How many of us leave our homes or offices without turning our phones from WiFi to network connectivity?
Here’s a scary thought: “When WiFi is enabled on your phone, your phone is constantly saying, ‘Hey home network, are you there?'” said Camelio.
“I can buy a device for $100 that says, ‘Hi, I’m your home network.’ Your phone connects to your ‘home network’ without you doing anything, because your WiFi or Bluetooth were left on in a public space.”
He suggests using a VPN (virtual private network) for your devices, which encrypts messages and data from point-to-point. A couple of free VPN tools he recommended: Avira and OpenVPN.
Another option involved taking a wireless network with you in the form of a portable hotspot. If your phone is already connected to a “home network” (like a hotspot), it can’t be intercepted.
Sixth mistake: Forgetting about general tech safety
“Beware of phishing scams,” warned McDowell.
“We’re seeing what looks like a legitimate company emailing us — you cannot just open it up. If you do open it up, do not click on any links or any attachments. Be careful of opening up an email from someone you don’t know.
“And be careful opening up an email from someone you do know without taking a second look,” she added.
Dow added that email recipients who are suspicious of an email should examine which email address is associated with the “from” line. “People can make anything show up in the ‘from’ name,” he said, “so it’s the actual email address you should be checking.” If you don’t recognize the address — delete.
Grant recommended that brokers (and everyone) set up one email account for business use, one for personal and a third for internet activity.
“Shopping, signing up for websites — create a free junk account just for the junk,” he advised.
“You can read an email with very little risk. But if you have an account that you’re using for every part of your life, it’s harder to tell if an email isn’t OK.”
Looking for a secure email host? “Google practices and how they store data are among the best,” said Camelio.
Seventh mistake: Eschewing tech etiquette
“I call it my ‘grandma rule,'” explained Grant. “Think of someone in your life you love and respect and ask yourself, ‘If they saw this, what would they think?'”
It’s not enough to just think of your own grandma, either.
“Have a digital and social media policy at your office for agents,” said Smythe-Harris. “We’ve taken it a little step further, and we monitor our agents’ posts.”
In fact, she noted that sometimes the social media activity of her brokerage’s clients were ruining transactions — “We got $10K over asking!” So now, she gives clients a disclosure advising appropriate behavior, and there is a citation policy for agents who violate the code of ethics.
‘Thou shalt not steal’
“Copyright infringement is a very serious issue,” said Dow.
If you don’t own all the images and content on your website — or have written permission to use them — you are opening yourself up to legal liability.
And the same could be true for sharing images on social media accounts, believe it or not.
“If you’re sharing an image from a personal account, that’s OK,” explained Smythe-Harris. “If you share it on your business account, then you are using it to promote your business, and that’s where copyright law comes into place.
“Be the coach and talk to your colleagues,” she added. “You could be the weak link — it takes only one.”