There are few businesses that aren’t at risk of cyber attacks in some way, but a few aspects of real estate businesses make them a particularly appealing target. Firstly, you’re likely to hold a lot of personal information on your clients, including bank account details and forms of identification. This type of information is valuable for cyber criminals as it provides them with an easy avenue for identity theft, where cyber criminals steal personal information to, generally, steal money or gain other benefits. Another reason for real estate businesses being a lucrative target is their involvement in facilitating high-value transactions, with large amounts of money passing through various accounts through settlement platforms. In addition, small businesses tend to be an easier target for cyber criminals as they may not have the resources to protect their assets and data compared to larger organisations. The combination of these factors has created the ideal environment for cyber criminals to hone in on unsuspecting real estate agents in their attempts to infiltrate their networks and systems.

Cyber crimes and attacks can take many forms, such as malware, ransomware , business email compromise, phishing, and much more. To demonstrate a few examples of how real estate agents in particular may fall victim, here are a few of Aon’s clients who have fallen victim to cyber attacks:

• House Real Estate² discovered its computer system had fallen victim to a ransomware attack one morning. In attempting to access the agency’s server, a message displayed on screen demanding payment of 5,000 USD (via Bitcoin).
• An employee at ABC Real Estate² received an email which looked like it was from their energy provider. When the employee clicked on the link in the email, malicious malware in the email proceeded to lock down the agency’s computer network.
• Homey Real Estate² sent an email to their client asking for bank account details to transfer money for a deposit. The agency received an email that appeared to have come from the client with bank account details and transferred the money into this account. It turned out that the email chain had been compromised by a hacker in the US, and the money had in fact been transferred to the hacker’s account.

It might be easy to assume that because you use a cloud-based application or provider, your systems are immune to unfortunate cyber incidents. But it’s important to remember cyber crime goes beyond hacking of your virtual networks – even using a computer in the office means that the device itself may be hacked. Furthermore, your data being stored in the cloud does not completely secure it from unauthorised access, use, theft, deletion or cyber extortion. Privacy breaches may result from unexpected sources such as a disgruntled employee.

Aon’s real estate insurance expert, Peter Lynch, outlines three basic steps for cyber security in the real estate industry as

1. Network Security – this is the first line of security that any computer system must provide to stay protected from malicious attacks. It covers the way computers are connected to the internet and protects all network-connected equipment including laptops, servers, printers even smartphones. Common features of network security are firewalls which regulate how internet traffic can be handled or blocked from third parties.
2. Staff Education - educating staff during the onboarding process and at regular intervals can help them understand the importance of cybersecurity, recognise potential threats, and adopt good security habits to help protect themselves and the company from cyber threats.
3. Multi Factor Authentication – a security mechanism that requires one or more additional verification factors on top of username and password. This is an extra layer of security, making it more difficult for attackers to access sensitive information.

For more tips on how you can enhance the cyber safety of your business, read this article on staying cyber safe.

The steps outlined above are all sensible measures to help the likelihood or severity of cyber crime, but your business may still fall victim to cyber attacks and crime. Cyber Insurance has been designed to help protect businesses against financial losses arising from cyber attacks and crime, and should be considered by businesses with a digital footprint assessing their insurance options.

¹Based on real claims from Aon clients

²Names anonymised for privacy reasons