When it comes to commercial real estate cybersecurity, there is no such thing as being too vigilant, especially for businesses that handle large amounts of sensitive information. Like any other industry, commercial real estate investing is just as vulnerable to cybersecurity breaches as, say, the health care industry.
Real estate businesses have only recently begun to recognize and address this threat, but it is not too late to assess your digital assets and fortify your security practices. Effective cybersecurity does not just protect you—it is also an excellent marketing tool. Potential renters and buyers are more likely to trust you if they know you have put the appropriate effort into protecting their data.
In this article, we will address why real estate businesses are so attractive to cyber criminals, define the most common cyber attacks, and provide strategies to protect your real estate business’s digital information.
Why is Commercial Real Estate Cybersecurity Important?
For cybercriminals, commercial real estate is a goldmine of information that is often less heavily guarded than other sources. These businesses usually store valuable information such as bank account information, buyers’ and sellers’ personal information, and online rental payment systems that contain credit and debit card information. This information can be sold for a profit and used to commit fraud.
Additionally, a rise in the use of “smart” items like energy meters, doorbell cameras, virtual assistant technologies—like Alexa and Google Home—and door locks increase cyber criminals’ available scope of attack. They can use these items to hack into the users’ personal information or access a building information system (BIM). From there, they can either steal personal information or gain access to buildings and homes for fraudulent purposes.
Which Cybersecurity Breaches Are Most Common in Commercial Real Estate?
Phishing
This is one of the oldest, most common cyber security attacks for one reason—it works.
Phishing is when a cyber criminal sends a fake message asking the recipient to download an attachment or click a link that contains a virus. These viruses give the attacker access to personal data.
Another strategy involves simply asking for the recipient’s personal information for some official-sounding reason. It may seem like only the most naive would fall prey to these scams, but modern phishing tactics have become very sophisticated. Many current fraudulent emails, text messages, websites, and social media pages look authentic and may even mimic well-known businesses to lure individuals into freely providing personal information.
How to prevent it:
These attacks depend on humans completing specific instructions to be successful, so the best way to prevent them is to educate your employees and renters. Businesses often have mandatory cybersecurity training that teaches employees how to identify and address phishing scams.
Similarly, providing renters with cybersecurity best practices increases their confidence in you and keeps them and your business safe. It is also a good idea to be aware of trending schemes and emerging phishing tactics so you can alert your employees and renters.
Ransomware
Ransomware is often stored in fake attachments and links frequently used in phishing attacks. This viral software gives the attacker total control over your business’s systems and allows them to access and steal any information they want. They can also disrupt or destroy valuable systems in an effort to harm your company and may demand money in exchange for leaving them intact.
This is not the only way hackers feed ransomware into your systems. They can exploit gaps in your network security and target them with ransomware and other viruses.
How to prevent it:
Educating your employees and renters about phishing prevention is the first and most effective step to defend against ransomware. The second step is to simply invest in a robust cybersecurity program. The best programs alert you to suspicious emails and links, deflect external ransomware attacks, and provide extra shielding for particularly vulnerable systems.
Once you’ve chosen and activated a security program, update it as prompted to ensure your defenses are as strong as possible.
Business Email Compromise (BEC)
A business email compromise (BEC) is a particular kind of phishing attack in which a hacker performs a corporate account takeover by impersonating a corporate-level email user. They may send fraudulent emails to entry or mid-level employees, customers, or business partners in an attempt to gain access to corporate email accounts or—at the very least—the information of the person being targeted.
BEC attacks are particularly sinister because they prey on the fears and anxieties of those associated with the business. These emails often contain messages implying that the employee, customer, or business partner is somehow in violation of their relationship with the company and must take specific action to remedy the situation.
How to prevent it:
Once again, education is the key to blocking BEC attempts. These attacks are effective because no one wants to be in trouble with a powerful corporate employee. They may panic and comply without assessing the situation, giving the attacker exactly what they want.
Strategies for educating your constituents about BEC include:
- Sending them a sample corporate-level email for comparison,
- Encouraging them to take a few minutes to thoroughly examine unexpected corporate-level emails
- Reminding them that it is always better to ask than act
If the message is safe, the only thing lost is a few minutes. If it is malicious, then you may have just prevented a devastating security breach.
The Relationship Between Cybersecurity and Commercial Real Estate Investing
Commercial real estate investing involves more than just knowledge about the real estate industry. Successful investors must also have a comprehensive knowledge of current and emerging technologies. It is crucial to understand how those technologies affect property marketing and management and how they could be exploited by cybercriminals.
Regarding real estate, cybersecurity is more than just preventing crime. It is also a tool for protecting your investment and building trust in potential renters and buyers. People want to feel secure at work and home, and excellent cybersecurity is a facet of that.
About the Author
Roni Davis is a writer, blogger, and legal assistant operating out of the greater Philadelphia area.
