Technical Consultant, Mimecast
User Name
Bradley Sing
Bradley Sing
Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.
Related Articles
How your printer can be a hacker’s paradise
Despite being the source of countless vulnerabilities and exploits, Windows’ Print Spooler continues to be an attack surface in constant need of patching and maintenance. Here’s what you can do about it.
Read MoreHow to defuse the ticking API timebomb
Application Programming Interfaces (APIs) are what enable different apps and platforms to connect and swap data with each other. Most users never know they’re there – until something goes wrong.
Read MoreThis month in security: December 2021
Log4Shell vulnerability is the biggest in a decade, foreign cyberattack almost shut off power for three million Australians, government promises crypto reform, Google takes on Glupteba, ASD to strike back at cybercrime, and a leak may have exposed the data of 80,000 Aussie workers.
Read More
Content
In 2018, advisory firm PwC revealed that customer fraud was already the number one economic crime in Australia, with 45 per cent of companies surveyed attacked during the two previous years. The real estate sector, in particular, is proving to be a goldmine for smart cybercriminals looking for a big payday.
ASX-listed property valuation firm Landmark White experienced the danger first-hand when they suffered a breach in February 2019, which forced the company into a trading halt. The company is estimated to have lost $7m in revenue as a result and led to the resignation of its CEO at the time. When the company resumed trading in May 2019, their share price had dropped by 40%.
Why cyberattackers target real estate agencies
Considering the big sums of money and wealth of personal information involved in buying and selling property, it’s hardly surprising real estate firms are an enticing target. The real estate industry is worth around $16 billion in Australia alone and poorly secured in terms of cybersecurity.
Australia is still transitioning from the 150-year-old paper-based Torrens Title System of exchanging property to modern digital record systems. Most agencies are also in various stages of their own digital transformations, which means enterprising hackers have many potential vulnerabilities to exploit.
How criminals hack real estate firms (and why residential agencies are their favourite target)
Hackers tend to focus on residential real estate in particular, given the less-rigid security they’re likely to encounter. Phishing scams are still the go-to tactic for most hackers. An unsuspecting employee receives a fake but convincing-looking email, and given the huge number of online enquiries the average real estate agent receives, they make a simple human error - like clicking on a boobytrapped link or malware-laden attachment. Now the hackers can steal confidential data, hold the entire agency to ransom or hijack the identity of an employee to scam a customer.
If their intention is to steal funds, they usually lie in wait for a scheduled sales settlement to come through. When they see one in progress, they hijack the emails between the agent and the client and trick the buyer into sending funds to a fraudulent account. The criminals then move the funds through a complicated network of dummy accounts, making the money trail almost impossible to track.
The consequences of scams such as these can be severe. Not only can huge sums of money and confidential data be stolen, but the losses from the interruption of business operations can also be significant. The biggest blow, however, is the damage to a firm’s reputation. Once trust is lost, it can be very difficult to regain.
Real estate agencies need to become more resilient
Security risks are an inherent part of the digital economy. But that doesn’t mean the risks can’t be managed. By taking a few precautions, real estate firms can greatly reduce the chances of suffering a crippling cyberattack.
-
Update your security measures
Use multifactor authentication where you can, and mandate the use of strong passwords for your staff. It’s also a good idea to set rules against allowing the same person to create and authorise payments. Make sure your firm has a sound cybersecurity policy, and consider getting cybersecurity insurance as well. -
Keep your tech up-to-date
That means regularly patching your software with the latest security updates, and using reputable firewalls, encryption, and anti-virus tools. -
Keep data backups
Regularly back up your files and keep a copy in a secure offsite location. Keep hard copies of critical data as well. -
Educate your staff and your customers
Regularly update your team about current online threats and cybersecurity best practices. Also, make sure your clients know what to expect before they carry out a transaction. Advise your clients to call you immediately if they receive an unusual request to transfer funds over email.
Conclusion
While prevention can minimise the chance of a cyber breach occurring, it won’t eliminate the possibility altogether. That’s why it might be a good idea to bring on board an external security provider who can bring in specialists to keep your business secure. Having the right safeguards in place can mean the difference between keeping your doors open or shutting up shop for good.
Comments:0
Add comment