A warning has gone out to estate agents that “more and more” reports are being filed about cyber attacks on agencies themselves or on companies whose work impacts on the house sales industry.
Paul Offley, compliance officer at The Guild of Property Professionals, says: “It seems that the property sector is a prime target among cyber criminals and every few weeks we hear of more cases where businesses have been hacked and someone has got into their system and is trying to defraud consumers.
“The criminals who are behind these cases seem to be intelligent individuals who can mirror emails and make it look as though the information that is sent by them to consumers appears to be legitimate and as if it is coming from the business.
“These types of cases are on the rise and is something that I believe will continue to increase as we go into 2022.”
Offley’s warning comes after over two months of uncertainty about the impact of the alleged ransomware attack on the Simplify Group of conveyancing firms, which are reportedly involved in some five per cent of residential transactions.
Mystery still surrounds the cause and full impact of the Simplify problems; the police have been called in to investigate but the company itself is still declining to give many details, save to say that “we are continuing to enable all clients to progress with their moves.”
The Guild’s Paul Offley adds that the increase of remote working has acted as a catalyst and has made many smaller businesses more susceptible to cyber attack.
“In the past large-scale corporations with strong cyber defences have fallen prey to hackers, so how much more vulnerable are smaller businesses and remote workers connecting to their networks. Often small businesses and remote workers have a less robust cyber defences making them easier targets, which in turn is pushing the number of cyber-related crimes up.
“Given the sensitive nature of the information that estate and lettings agents have in the possession, the rise in cybercrime is a particular concern for the sector, and agents should be taking all possible measures to prevent a potential incident.”
He warns against human error or lax protocols making the risks higher.
“It could be a simple matter of selecting the incorrect name when sending an email, which might contain some personal information or confidential data. It could also be because someone in the office has shared their password with someone they should not have, even if they are a colleague.
”No password should be shared with anyone within your organisation other than the person in your business responsible for data protection. In addition, passwords should be complex, so they are difficult to try and replicate.
“Agents should also ensure that they have processes in place that deal with someone leaving the business, all of their passwords and access to personal and company data has been removed.”