The retail and commercial real estate sectors generate trillions of dollars in market value each year and account for hundreds of thousands of jobs. But despite its considerable assets and impact on the global economy, the industry gets far less attention as a potential target for cyber criminals or in discussions about enhanced data security practices than others do.
Real estate companies, commercial or otherwise, have not featured heavily on the list of businesses ravaged by ransomware attacks or data breaches. But the companies associated with them have endured high-profile attacks and security lapses that should make agents, lenders, insurers, and others take notice.
In 2019, First American Financial Corp. exposed sensitive data for nearly 900 million customers to unauthorized access on their website. First American Financial is the nation’s second largest title insurance provider and a Fortune 500 company. Cybersecurity investigator Brian Krebs broke the news on his blog.
“Closing agencies are supposed to be the only neutral party that doesn’t represent someone else’s interest, and you’re required to have title insurance if you have any kind of mortgage,” said a real estate developer interviewed by Krebs. He added that title insurance agencies routinely gather and store sensitive personal and financial details from buyers and sellers.
The flaw in First American Financial’s computer systems is related to its use of an application called EaglePro for sharing document images concerning title and escrow transactions. It’s not always apparent how interconnected real estate, banking, and financial services are, and how sensitive the data is that these affiliated organizations hold and share with each other.
Enhanced cybersecurity measures are recommended for the real estate sector precisely because of the sensitive nature of the data they handle and store in the course of their business processes. That data regularly includes Social Security numbers, driver’s license and passport numbers, and personal financial data, among other things.
Consumers aren’t the only ones who don’t always recognize the security threat to real estate companies and their affiliated organizations. A KPMG survey from 2018 on cybersecurity for real estate assets found that only half of real estate organizations said they were adequately prepared for a cyberattack.
The KPMG findings are surprising not only because of the considerable assets at stake and the customer data that could be compromised, but also because cyberattacks on real estate organizations were already a problem. The survey noted that 30% of organizations that responded said they had experienced a cyberattack in the previous two years.
The U.S. government’s Cybersecurity and Infrastructure Security Agency and the FBI each recommend having a tested incident response plan in place to mitigate cybersecurity events such as ransomware and other forms of malware attacks when they occur. They also include wider suggestions about data handling practices and endpoint security.
Real estate companies and their affiliate organizations, contractors, and agents need the sensitive data they work with to be protected as well as mobile. This requires storage devices that are encrypted and capable of remote management. This also requires a USB policy across organizations that protects all computer network endpoints, a common pathway for USB-borne malware and ransomware.
Customized Data Security Solutions
SecureData has provided comprehensive, cutting-edge data security solutions for key industrial sectors for more than a decade. Our FIPS-validated and hardware-encrypted SecureDrive BT and SecureUSB BT external storage drives allow users to authenticate via Bluetooth connection and secure mobile apps for Android or iOS users.
Our award-winning BT product line also works seamlessly with our Remote Management subscription service. With RM, IT administrators can take full control of all of your organization’s portable storage devices. Features such as geo- and time-fencing allow drives to be accessed only in specific locations or within exact time frames. RM also logs all user activity and supports remote wipe and remote password recovery.
SecureData also helps you harden endpoint security with our SecureGuard DLP port-blocking software, which works in tandem with your RM license. SecureGuard limits computer access throughout an organization to authorized USB devices only. It also allows blacklisting and whitelisting of specific devices, and it blocks computer access when an unauthorized USB device is inserted.