By using this website, you agree to our use of cookies to enhance your experience.
By Gill Waller

Marketing and Development Manager , The Letting Partnership


Protecting your clients and your business

With the reported increase in agency staff turnover we thought it would be a good idea to look at how you can continue to protect your clients and your business reputation by carrying out some basic steps.

This is not about GDPR – we would expect by now that most agents are fully aware of their responsibilities as far as Data Protection is concerned - this is about having some basic working procedures set in place to protect your business.

Therefore, in no particular order, here are 5 things you should have baked into your business.


Top 5  

1. Individual user logins

As an owner, you need to set the right tone from the start.

It may seem over-the-top but, as tempting as it is to allow staff to use one of their colleagues’ usernames and passwords, it sets a very bad precedent. If it’s OK to use someone else’s credentials to edit a mobile number, maybe it’s OK to do the same for bank account details? 

By letting staff share login details you immediately lose sight of who’s doing what on your systems and open the potential for landlord and tenant details to be copied or in the worst case used to carry out identity theft.


If you need 100 user accounts, sign up for 100 user accounts.

2. Passwords

Software providers recommend changing your password every 60-90 days. We know it’s impossible to set and remember strong, unique passwords for every different system in your life, which is why we recommend using a password manager.

A password manager stores all of your passwords, and you only need to remember one to gain access. It also helps you generate new, random secure passwords – so no more ‘lettings123’

If anyone writes down their password on a post-it and sticks it to their monitor, let them know, in no uncertain terms, that this is unacceptable!


Regular password updating

Tie the task down to a date in the calendar (maybe the first day of every quarter) so people get into the habit of doing it cyclically.

3. Keeping offline documents secure

Despite all this paperless technology, you will probably need to keep certain client information in hard copy. If you have photocopies of passports, utility bills, bank statements, or anything else that could theoretically be pieced together to steal someone’s identity, you must make sure these documents are stored somewhere safe and secure and never left out on a desk. When you no longer have a legitimate reason to hold on to documents then return originals and securely shred copies.

4. Offboarding policy

When a member of staff leaves, whether it’s a planned exit or one that comes out of the blue, it’s essential to update your systems as quickly as possible. Keeping a record of who has access to what it makes this an easy process when the time comes.

In the case of a staff member working out their notice, it’s probably worth limiting their access to certain confidential information, as long as it doesn’t affect the ability to do their job while they’re still with you.

As well as logins to bank accounts, the software system and credit referencing portals, this process may also need to stretch across various other things connected to the individual. The higher the staff turnover levels in your company, the more important this process becomes. 

5. Training

Research shows* that at least 82% of cyber security attacks have been caused by human error, particularly through phishing scams. For example, cybercriminals pretending to be from a business’s IT department will get an employee to hand over all sorts of security information under the pretext of fixing an error on their pc.

Another phishing method is to send an email from what looks like a reputable or recognised company to trick the recipient into installing malware by clicking on a malicious link or opening an unknown attachment. Examples include emails with quotes attached or with a link to an unknown website.

Ultimately the most valuable defence against phishing and other cyber-attacks that prey on human error is training. Make sure your staff are aware of the dangers and who to contact if they have any doubts about a caller or an email.

And finally

Human error is unavoidable, but there’s no excuse for bad processes or a lack of contingency plans. No individual should have more control than they need over certain areas of your business records. Always have at least a basic backup plan in case someone is unavailable or decides to leave.

 * source: 2022 Verizon Data Breach Investigations Report

If you would like to know more about The Letting Partnership, please get in touch at info@thelettingpartnership.co.uk or call 01903 477 900.

* Gill Waller is the Marketing and Development Manager for The Letting Partnership.



Please login to comment

MovePal MovePal MovePal