Property valuation is becoming more digitised by the second, and it’s no surprise the more digitised the sector becomes, the higher the risks of cyber crime-related activity. So, what can firms do to protect their staff, their business and their reputation from cyber security threats?
Here’s 10 steps all property valuers should be taking:
1. Assess your current cyber security risk
The first step in strengthening your cyber security measures is identifying what you are doing well and what is inviting a cyber breach. Review all of your internal processes and protocols to identify where your firm is vulnerable. Consider consulting your IT team or hiring a cyber expert to conduct an audit. Keep in mind the greatest cyber security threats range from email phishing scams, ransomware and data leaks through to internal threats including stealing and fraud.
2. Make sure your security software is up to date
Frequently, we hear about new technological innovations shaping the property industry. What we don’t hear about are the advances in malware and ransomware. Ensure your security software is updated regularly to give you the best chance at avoiding ever-evolving cyber attacks.
3. Implement spam filters
Use a spam filter to prevent dangerous and unwanted emails from appearing in your inbox. Not only will there be less emails to read, there will also be less opportunity for employees to be tricked by a scam.
4. Manage passwords securely
Passwords are often a focal point for hackers and phishing scams, so poor management of your firm’s log-ins leaves you at risk. Set strong passwords, with a random combination of uppercase letters, lowercase letters, numbers and symbols. Change your passwords frequently — at least once every few months. Lastly, make sure they are stored safely. Don’t send your log-in details in email or store them online. There are a number of free or paid apps available that can securely store your passwords.
5. Limit administrative capabilities
Administrative access allows users complete access to your firm’s systems and networks. By limiting the number of employees who have access to this power, you reduce the risk of hackers gaining complete control if a breach occurs. Be aware of internal threats, too: limiting administrative capabilities also helps reduce the risk of disgruntled or corrupt employees stealing data.
6. Go phishing
Run frequent exercises with staff, where employees must identify which emails are phishing scams. This makes people more vigilant on a daily basis, reducing the likelihood a staff member will unknowingly fall victim to a “phishy” email. Make sure that staff are regularly checking their email “rules” to check that an auto-forward has not been set up following a phishing attempt.
7. Educate your employees and clients
While the blame for one in three cyber breaches lies with employees, it is an employer’s responsibility to train staff in cyber security — it’s their reputation on the line, after all. Hold monthly cyber sessions with all staff to educate them on types of cyber security threats, how to avoid them and what company policies are. Make sure to educate clients as well, by including a note in your email signature about what information your firm will never ask for over email.
8. Understand what sensitive data is
When thinking about sensitive data, information such as bank details, passport number and date of birth spring to mind. However, what can be classified as sensitive data extends far beyond the simple stereotypes. Make sure your employees know what information is sensitive, both for your firm and your clients.
9. Protect important information
Use firewalls, antivirus and DDoS software to protect your data from cyber threats. Encrypt sensitive data and back up important legal documents. Be careful of what software you install on your computer and understand what information your programs and apps collect.
10. Have a plan of action
It’s best to approach cyber security using the not if, but when mindset. As part of your firm’s cyber security preparation, formulate a data breach plan outlining what actions are required and what responsibilities each member of your team has.
The property industry is a lucrative target for cyber criminals, and all valuers and property planning professionals need to be proactive and vigilant in response to this threat.
Be smart. Be ready. Be cyber-savvy.
By Rafe Berding, CEO, The Search People