Agents must have a robust plan in place in case they are subjected to a ransomware cyber attack, says the Guild of Property Professionals.
Although it does not mention the ongoing Simplify IT conveyancing crash, now in its third week, a new statement from the Guild says that “recent events” within the property sector have brought to the light the significance of having a robust plan in place should you fall victim to a cyber-attack.
It says that with the increase of remote working, IT systems have become more vulnerable and cyber related crimes have been on the rise.
The Guild quotes figures from the National Fraud Intelligence Bureau showing that between January and October 2021 some 24,000 cases of cybercrime have been reported, which amount to reported losses in excess of £11m.
Cases range from incidents of hacking, computer viruses, malware and spyware: there is no confirmation yet as to the reason behind the Simplify crisis, although speculation and now a police investigation point to a possible ransomware attack.
Paul Offley, compliance officer at the Guild, says: “Cybercrime is more prevalent than ever before, and given the fact that agents have a considerable amount of sensitive data they hold, it is vital that all possible precautions are taken to avoid a potential incident.
“If large corporations are vulnerable to being infiltrated, how much more susceptible are small businesses such as an independent agent, who may possibly have less robust cyber defences.
“As a result of higher levels of cyber-criminal activity, there has been an increase in the cyber insurance premiums, along with insurers asking for more information and introducing more stringent risk management procedures.”
Offley adds that cyber liability is not typically included under professional indemnity insurance and should not be relied upon as an alternative to a standalone cyber liability policy covering first and third-party loss.
With the growing treat of cyber-attack, a greater reliance on technology, and the type of sensitive information agents hold, agents should consider adding cyber liability to their insurance programme if they don’t already have it.
“The majority of businesses will only consider cyber liability after they have experienced an incident, which is obviously too late. Given the high number of cyber related crimes we have seen in the UK over the past year, it is advisable to rather be proactive and have a comprehensive cyber liability policy in place before an incident occurs. It is a small price to pay for the reassurance of having support when you need it in a worst-case scenario” says Offley.
He adds that while no-one is immune to cyber-attack, it is best to be prepared and reduce risk where possible. Basic controls to help reduce a potential breach include:
- Regular password updates on all devices.
- Password complexity – use different passwords for different accounts.
- Never share passwords.
- Two Factor Authentication where appropriate.
- Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing.
- Software updates.
- Ensure files are encrypted.
- Monitoring of mobile and home working procedures
- Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine.
- Get cyber liability insurance.