realestatebusiness logo
Home of the REB Top 100 Agents

Why the real estate industry must make cyber security a priority

By Thomas Jreige
14 April 2023 | 12 minute read
thomas jreige reb k1kvrh

Recently, there’s been a growing number of cyber security incidents involving the real estate industry and the greater property supply chain, such as mortgage brokers and settlement agents.

Given that the industry handles such large volumes of sensitive information, including financial and personal data, it’s no wonder it’s an attractive target for cyber criminals.

As a real estate agent or agency owner, you’re no doubt tired of the growing cyber security threats getting in the way of your day-to-day. It’s hard to focus on the business of selling houses if you’re constantly dealing with IT issues, privacy concerns and general cyber security matters.

But first and foremost, let’s talk about the elephant in the room. When it comes to technology, the real estate industry is notoriously behind the times and slow to admit that there’s a problem.

Sure, you might have upgraded to that fancy new laptop last year, but that doesn’t mean you’re immune to cyber threats. Hackers are getting smarter, and real estate agents need to get smarter, too.

A big concern in the industry is the lack of realistic and appropriate education about cyber security.

Let’s be real here for a moment. Most agents are focused on closing deals, not learning about the latest phishing scams or ransomware attacks. But the reality is that the sensitive financial and personal data you’re handling makes you a prime target for cyber criminals.

We’ve seen an increase in automated and cookie-cut videos to teach people about cyber security, phishing and hacking, but I believe these educational pieces are worse than useless when it comes to protecting yourself against emerging threats.


Industry bodies are trying to deliver cyber security training as part of their continuing professional development, but when something serious is measured against attendance, this training falls short as well.

An over-reliance on email for communication and document sharing is another issue that needs review, and this isn’t just in the real estate industry. 

I highly recommend using secure online platforms and cloud-based services to share documents and data as these offer better protection. Once you’ve actioned the emails and stored the necessary attachments or relevant information in these online systems, simply delete the emails.

Think about it this way, we don’t keep physical mail when it is no longer needed, so why can’t we do the same with our email once it’s been actioned?

One of the biggest issues property professionals face is the identity checking required for property management and property sales. 

There is an antiquated functionality of property management and sales software that does not have the flexibility to integrate good identity solutions without significant changes being made, which means many of these processes are still being performed on paper (or editable PDF forms). 

Digital systems are not being adopted due to their hefty price tag, or people’s lack of technical competency to use these platforms. There are no defined standards for identity checks, merely guidelines that loosely point to the Privacy Act. 

And I am in no way placing all the blame on real estate agents.

Governing bodies need to step up and provide the necessary direction in the industry. 

This doesn’t mean cookie-cutting what the government is already offering (which is unrealistic), and for all intents and purposes, expecting real estate businesses to be applying standards that are already flawed due to loosely set guidelines.

The current guidelines don’t provide adequate means to protect you or your organisation. And it shouldn’t be up to each individual agent to figure out how to secure their systems and networks.

Cyber security isn’t just a technological issue; it’s a business issue.

A breach or incident can have serious financial and reputational impacts for both the agent involved and the industry as a whole. 

It’s also not about having an IT provider (or IT team) on board that says they do cyber security and leaving them to it. 

Real estate agents need to wake up and smell the cyber coffee. No one wants to be responsible for a major data breach because they didn’t take cyber security seriously.

Cyber incidents won’t only affect your business, but the reputation and economy of the real estate industry as a whole. 

Educate yourself and your clients about keeping their data safe, use secure platforms to share data and important documents and you’ll go some way to safeguarding yourself from cyber attacks.

Ignore that things need to change in the industry and you do so at your peril.

Thomas Jreige is a cyber security expert and the CEO and senior executive at Shimazaki Management Group.

You need to be a member to post comments. Become a member for free today!

Do you have an industry update?