With outsourcing gaining traction in the real estate sector for its cost-saving benefits, agencies may be unintentionally exposing themselves to significant cyber security risks.
Cyber security firm, Shimazaki Sentinel, has reported that outsourcing providers are increasingly subcontracting to freelancers, putting real estate agencies at risk of cyber security vulnerabilities, unclear liability and potential data breaches.
While the firm’s managing partner and director, Thomas Jreige, acknowledged that outsourcing can be helpful for cutting operational costs, he stressed agencies that unknowingly rely on freelancers for key tasks can open themselves up to “serious risks”.
“Real estate firms often handle sensitive information and freelancers – who may lack rigorous oversight – can become weak links in data security,” Jreige said.
The firm stated that freelancers may not be aware of an agency’s established security protocols as a full-time employee would, highlighting that this lack of clarity can result in the exposure of client’s personal and financial data, and potentially harm an agency’s reputation.
Moreover, the firm also noted that freelancers often work on personal devices that may not adhere to the security standards required for the protection of sensitive data, with these vulnerabilities opening the door to costly data breaches, which can result in the loss of insurance coverage if agencies fail to enforce proper security measures.
In the case of a data breach, the firm said that it can also be difficult to determine where liability lies, with responsibility potentially falling on the freelancers, overseas providers or even the Australian agency itself, which can then expose real estate businesses to costly legal disputes and potential fines.
To reduce these risks, Shimazaki Sentinel recommended that real estate agencies adopt the following practices:
1. Strengthening contract with providers
Real estate businesses should closely collaborate with outsourcing providers in order to ensure that contracts for workers clearly define the responsibilities and expectations around data handling and security protocols.
Contracts should always:
- Define liability in the event of data breaches.
- Mandate the use of secure IT infrastructure and routine security audits.
- Include non-disclosure agreements (NDAs) and comprehensive data handling protocols.
2. Enhancing cyber security measures
The firm highlighted that outsourced operations should always enforce robust security protocols, including:
- Requiring contracted workers to only use secure and tested equipment with a working virtual private network (VPN).
- Providing regular security training for all outsourced workers, including freelancers.
- Conducting periodic audits to ensure compliance with cyber security protocols to maintain insurance coverage.
3. Thoroughly screening providers and freelancers
Agencies must demand transparency from outsourcing providers, including the use of periodic cyber security audit reports, background checks, and details around who is handling sensitive information.
4. Opting for local providers with international connections
Choosing Australian-registered providers who directly manage offshore teams ensures accountability under Australian law, and enables easier enforcement of contracts, NDAs, and compliance with Australian data protection regulations.
You are not authorised to post comments.
Comments will undergo moderation before they get published.