The National Association of REALTORS® (NAR) Power Broker Roundtable this month discusses cyber security.
Moderator:
Robert Bailey, Broker/Owner, Bailey Properties, Santa Cruz, Calif.; Liaison for Large Residential Firms Relations, NAR
Panelists:
Rick Haase, President, Latter & Blum Inc., REALTORS®, New Orleans, La.
Joan Docktor, President, Fox & Roach REALTORS®, Devon, Pa.
Gurtej Sodhi, CIO/EVP, Crye-Leike Group of Companies, Memphis, Tenn.
Rei Mesa, President/CEO, Berkshire Hathaway HomeServices Florida Realty, Ft. Lauderdale, Fla.
Scott MacDonald, President, RE/MAX Gateway, Chantilly, Va.
Robert Bailey: The threat of cyber-crime is incredibly serious—more dangerous and more commonplace than ever before, as unwitting citizens on public and private networks are targeted daily by a host of cyber criminals. According to NAR’s Associate Counsel Jessica Edgerton, the cost of cyber-crime will top $2 trillion annually by 2019—four times the 2015 statistic. How is the real estate industry fighting back, and what advice can experienced industry professionals share with colleagues—including the small to medium-sized firms who are being increasingly targeted? Rick, you oversee more than 3,000 agents. How much effort goes into cyber-security?
Rick Haase: I can tell you cyber-crime is on everyone’s mind, because we have come close to being victimized. All it takes is one breach, one click on a fraudulent link or one unsecured e-mail re-routed, to set a fraudulent wire transfer in motion that pours money into some criminal’s offshore bank account—and once the money’s gone, of course, it’s most likely gone forever. So, for us, it starts with our agents—all 3,000 of them, who we constantly remind to use encrypted company email only when communicating with their customers—and it continues with frequent warnings to our customers that we will never send an email asking them to wire funds, so if they receive one, they need to contact us immediately.
Joan Docktor: We also use a two-step authentication protocol, part of what we call our Phishing and Fraud Campaign. When agents log into our email, a text is sent to their phone, and they must input a verifiable security code in order for the log-in to be successful. Also, we are so serious about preparing our agents that we sometimes send out phishing-type emails ourselves just to see if they recognize them. If they don’t recognize and react properly to the threat, we let them know immediately that, “Hey, you fell for this,” and we push even harder on awareness training.
Gertej Sodhi: At Crye-Leike, we had so many close calls a year or so ago that we contacted the local FBI office. They put interceptors, called “sniffers,” into place in our networks to monitor for potential threats. In essence, they have partnered with us in guarding against cyber-crime, so that we now have a four-pronged approach in place: infrastructure security, including firewalls and sniffers; user-level security systems—ID and access management systems for our agents, similar to what Joan described—sophisticated monitoring to prevent the hijacking of emails; and monthly education/awareness programs to keep our agents consistently updated and aware.
Rei Mesa: Customer education is also critical. Customers tend to trust their agents—and that’s a good thing—but they must be made aware that if they receive an email asking them to wire funds or verify their credentials, they must not respond spontaneously, because, like most firms today, we never make such requests by email. Unfortunately, cyber criminals are becoming increasingly sophisticated, so even if it means delaying a closing, we continue urging customers to verify with a phone call to the agent or title company before wiring anything.
Scott MacDonald: And consumers should be warned not to respond to the email address or phone number in what may be a fraudulent email. That could be playing right into the criminal’s hands. Consumers asked by email to send money or personal information should talk personally to their agent, and/or the title company, at a number they know to be genuine, to be sure that a request is legitimate.
RB: So if there’s good news, it’s that while computer and network intrusions proliferate, there are also technological and investigative resources available to monitor them—and FBI partnership opportunities.
RM: Quick reaction to any red flag is critical. That means alerting all concerned parties immediately and having the Secret Service and the FBI on speed dial.
RH: And reminding agents not to use their private emails for business purposes.
JD: And informing customers, by letter via secure postal or FedEx delivery, not to respond to unverified emails from us or any of our partners.
GS: There’s another issue—insurance coverage against cyber-crimes—that I think needs to be expressed. A $10,000 policy is scant protection against the many thousands of unrecoverable funds that could be lost in one fraudulent wire transfer.
SM: And be careful, too, about third-party vendors you allow to access your network. Check the credentials of anyone—even the FBI—to be certain they are who they say they are.
RB: And speaking of that, visit www.fbi.gov/investigate/cyber for many more practical recommendations.
For more information, please visit www.nar.realtor.
For the latest real estate news and trends, bookmark RISMedia.com.
