Cybercrime warning to estate agents holding sensitive data

A leading industry trade body is warning that remote-working agents and smaller independent agencies are particularly vulnerable to the growing threat of cybercrime.

Paul Offley, compliance officer at The Guild of Property Professionals, says cyber criminals have found ways to exploit businesses by seeking out remote working security gaps. 

“While working remotely has been an integral part of keeping people safe during the pandemic, it has also opened up opportunities for cybercriminals looking to infiltrate networks through more vulnerable IT systems” says Offley.

Earlier this week Rightmove revealed that six of its member agencies had systems hacked to alter listings on the portal. On top of that, there’s been a slew of reports from other industries to show data breaches are on the rise.

BAE Systems, Britain’s largest defence contractor, warns of a huge jump in botnet, ransomware and phishing attacks. Police forces in England, Wales and Northern Ireland recorded over 6,000 cases of Covid-related fraud and cybercrime during the pandemic. And data from Interpol revealed that ransomware incidents have increased by over a third, with phishing and fraud claims increasing by 59 per cent.

The Guild’s Paul Offley continues: “If large corporate entities and government bodies are susceptible to being hacked, how much more vulnerable are independent agents or remote workers who typically have weaker technological defences. 

“With insurers inundated with cybercrime claims, there has been a substantial increase in cyber insurance premiums, along with insurers requiring more data and ensuring that stricter risk management procedures are adhere to.”

He says that aside from deposits, rents and other money collected by agents on the lettings side, there is also a significant amount of sensitive data held by all agents that should be protected.

This includes client addresses, account details, alarm records and passwords to access homes, passport details and other ID information. 

“Access to this kind of information is what has made the industry a target among cybercriminals” he warns.

“Another consideration should be cyber liability insurance, which would provide some peace of mind if an incident does occur. In fact, with eight out of 10 businesses in the UK having experienced a cyber security breach in the past year, cyber liability should be more than a consideration, it is essential.”

Offley gives this advice to agents:

- Regular password updates on all devices;

- Password complexity – use different passwords for different accounts;

- Never share passwords;

- Two Factor Authentication where appropriate;

- Staff training to be aware of phishing emails and the damage they represent. One in every 3,722 emails in the UK is a phishing attempt. Around half of cyber-attacks in the UK involve phishing;

- Software updates;

- Ensure files are encrypted;

- Monitoring of mobile and home working procedures;

- Never, under any circumstances, should a payment be made to a new bank account without verbal confirmation that the account details are genuine;

- Cyber Liability Insurance.