Data Fraud Warning: lockdown makes agents’ systems more vulnerable

A trade body is warning that increased home working triggered by Coronavirus makes the agency industry more vulnerable than ever to data fraud and cyber-related crime.  

The Guild of Property professionals says home working means IT systems are inevitably more susceptible to attack. 

It cites data from Interpol showing that during the pandemic, ransomware incidents have increased more than a third, with phishing/scam/fraud claims increasing 59 per cent.

In turn this has led to a rise in cyber insurance premium rates, as well as insurers requesting more data and demanding much tighter risk management procedures. 

“Where possible property professionals need to ensure that they have procedures in place to protect their systems against cyber-crime, especially considering the amount of sensitive data that both estate and lettings agents would hold, such as addresses, account details, alarm records and passwords to access homes, not to mention passport details and the like” says The Guild’s compliance officer Paul Offley. 

He adds that cyber liability is not typically included under professional indemnity insurance and warns that PI should not be relied upon as an alternative to a stand-alone cyber liability policy covering first and third party loss.

With the increased occurrence of cyber-crime, property professional’s reliance on technology, along with the type of information they hold, The Guild claims it is imperative that agents consider adding cyber liability to their insurance programme if they have not already done so.  

“Most businesses only take-out cyber liability after they have had an incident, which considering 88 per cent of UK companies have suffered breaches in the last 12 months, seems likely. It is far better to be proactive and get coverage before an incident occurs” says Offley.

A statement from The Guild includes these guidelines for agents offered by one supplier, Mint Insurance Broker:

- regular password updates on all devices;

- password complexity – strict password rules should be implemented with different passwords for different accounts;

- do not share your password;

- two factor authentication where appropriate;

- staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing;

- ensure files are encrypted;

- software updates;

- monitoring of mobile and home working procedures;

- never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine;

- cyber liability insurance.