4 Cybersecurity Threats Facing the Real Estate Industry
CARROLL’s IT Team shares a few of the top cybersecurity risks the real estate industry is up against.
Like all business sectors, the real estate industry is heavily focused on the growing risks of cyberattacks. Considering all of the personal information that is needed to rent an apartment, protecting that data and keeping customer information out of the hands of cyber criminals is a top priority for IT teams, like CARROLL’s, across the country.
Pavan Nanduri, Vice President of Information Systems, and Shashank Trivedi, Director of IT Infrastructure & Security, define and discuss a few of the top cybersecurity risks businesses in real estate are facing today:
Phishing is when a cybercriminal, posing as a familiar individual or company, sends an email with malicious intent to a sizeable group of people. The cybercriminal strategically releases this communication to individuals in hopes that at least one individual – if not several – fall victim to the scam and share confidential information such as account credentials, personal information, or financial bits. Phishing primarily involves email, but there are other common methods such as “vishing” that uses voicemails and robocalls, and “smishing” that takes advantage of SMS or text messaging.
Cybercriminals are always on the prowl for gaps within a company’s infrastructure and security. These attacks are often carried out by malicious software, also known as malware. Once a weak spot has been identified and the malware has been deployed, not only is the company’s data susceptible to being compromised, but further damages can be caused with disruptions and shutdown of affected internal systems. As part of a ransomware scheme, cybercriminals often demand a sum of money (ransom) in exchange for release and access to the compromised systems. In real estate, these system outages can jeopardize events such as closings, resulting in potential financial loss for the company.
3. Business Email Compromise (BEC)
Business Email Compromise (BEC) or Email Account Compromise (EAC) are forms of “spear phishing,” which are attacks targeted at a specific individual and/or group. The common goal is to defraud the company, but the difference between this and the general phishing attempt is the target audience. As part of a BEC attack, the criminal attempts to spoof a legitimate source by using a variation of the known identity. By doing so, the attacker is using the power of persuasion and pressure to trick and intimidate their target audience. Since the attacker is using a source that the victim is familiar with, it becomes easier to manipulate and carry out the attack. A common example of this is a gift card scam.
4. Social Engineering
Social engineering is a tactic that exploits trust and emotions to gain unauthorized access to internal systems, rather than hacking into the system. In this approach, the social engineer relies on psychological methods such as sympathy, need, or even guilt, rather than the technical avenues to compromise a company’s infrastructure. Cybercriminals often use social engineering as a way to launch ransomware attacks.
How to avoid these attacks on your organization
IT teams cannot assume users are knowledgeable and capable of detecting these malicious phishing attempts, especially as phishing attacks continue to get more sophisticated. Users should be regularly trained on the types of attacks they could be susceptible to and taught how to detect, avoid, and report the attacks. The following are two simple methods of educating employees and training them to be more vigilant:
- Regular security awareness and phishing training (the general rule of thumb is monthly)
- Internal phishing campaigns and phishing simulations (typically IT teams will define the objectives, initiate the campaign, analyze the results, and provide training modules)
The whole idea behind phishing simulations is to spread awareness and inform the employees to be vigilant. It is imperative that each and every individual in an organization is aware of the common threats and are able to follow best practices.
Learn more about CARROLL’s IT services, including our holistic approach to cybersecurity.