PropTech Today - Spring clean to avoid 'malicious hacks'

SPRING cleaning is an annual ritual for many households, but firms in the property sector would do well to spend some time sprucing up their security too.

A little effort spent now could avoid grave problems further down the line.

The stakes are high - and it’s vital to head off the prospect of data breaches and the pilfering of other sensitive data by hackers and cyber-criminals.

How bad is it right now? 

Well, in the fourth quarter of 2023 alone, it is estimated that there were 30.27 billion records breached in 5,360 publicly-disclosed incidents.

And those numbers are likely to be grossly underestimated due to the reluctance of firms to admit to being hacked and a focus on larger organisations.

Property firms are at the eye of this growing storm.

Additional risk

Research carried out by the auditor Grant Thornton showed that nearly half of all property firms in Germany have been attacked by cyber-criminals in the past year.

For property firms, the risks associated with a data breach are greater than most due to the additional risk of financial information being captured and further exploited by criminal gangs with banking fraud.

The risks are everywhere.  Putting alarms, bars, CCTV, and secure doors can prevent entry into your building. 

But with cyber security, it can come from anywhere and a fraudster always focuses on the least resistance. 

The motives of a threat actor or hacker haven’t changed. They have always been the same. They’ll target you for kudos. Many will hack you just because they can and want to become famous and often get caught through bragging. Others rely on financial gain. They want your money and will often use it to fund illegal or terrorist activities or even party and have fun. Finally, others just want to disrupt. They want to hurt you and your business because they are simply malicious.

What frightens me most is business leaders' lack of appetite to invest in strengthening and even implementing their cybersecurity defences.

Why?

The most common reasons I see given for additional security not being used is a feeling

“it will never happen to us” or that “we are too small”. Others claim  ‘we don’t store any valuable data while adding “ and what we do have is all backed up. And finally many will claim they can’t afford the protection. 

Resolve threats

But as the technology landscape and tools used for mounting breaches become more sophisticated companies need to invest in better counter measures like training and awareness for their staff. Accreditations such as Cyber Essentials which is an effective, Government backed scheme will help you to protect your organisation, whatever its size, against a whole range of the threats.

So too is deploying low-cost high value 24x7 protection across your end user device and network estate to constantly scan, monitor, detect and resolve threats.

Finally, being aware of the growing use of AI by criminals is vital, too. This further threatens to deepen and broaden what is already a growing area of risk.

Here are 7 advisories that property firms can look at to minimise their exposure:

PASSWORD MANAGEMENT - make sure you and your staff use strong and unique passwords for email accounts and online logins. Incorporating numbers and special characters makes a password greatly resistant to attempts to crack it. Password managers are also an option, though web-based managers might be avoided as they could be targeted by bad actors.

MULTI-FACTOR AUTHENTICATION - also known as two-factor authentication, this where you have to confirm your login with a code that’s often displayed on a phone app or sent by text message. It adds another layer of security and will greatly enhance your defences against hackers attempting to access systems.

REMOVE UNAUTHORISED APPLICATIONS - whitelisting programs that are authorised to run on your network is a great way of minimising the risk of hackers using software vulnerabilities to access your system and ensuring that ransomware programs are unable to run.

EDUCATE EMPLOYEES - the most common way that hackers access networks is by an employee clicking a link in a phishing email, so making sure your people are on the lookout for these covers the first base in cybersecurity.

DELETE OLD USERS - swiftly removing the credentials of people who have left an organisation or who no longer need access to certain services reduces the risk of these coming back into play and being used by hackers in the event of a data breach.

FULL DISK ENCRYPTION - ensure your organisation’s PC disks are fully encrypted will mean that data cannot be read in the event of unauthorised access or if there has been a data breach.

SEPARATE WIFI NETWORKS - work and guest networks should be separated, due to the risk of a visitor hacking into a victim’s computer and gaining access to other systems. A private work network reduces this risk.