Why the Real Estate Industry Could Do More to Secure Data

When it comes to cyber-attacks, the real estate industry rarely makes the headlines. Yet, real estate companies deal with high value transactions on a daily basis and are frequently targeted by hackers.

Not only that, but despite storing and processing large amounts of financial data, real estate firms are not bound by any industry-specific data protection regulations, such as HIPAA, PCI and SOX, to name a few.

Of course, if they are handling data belonging to EU citizens, they will be required to comply with the GDPR.

The Statistics Do Not Make for Pleasant Reading

According to a recent report, “41% of real estate professionals in Europe believe their industry is unprepared to deal with cyber-attacks”, and 92% of respondents believe that the number of cyber-attacks will continue to grow over the next five years. “Reputational damage” was cited as the most negative consequence of a cyber-attack – according to 90% of respondents, while 57% were more concerned about regulatory fines

In terms of what real estate professionals believe to be their greatest security-related concern, 51% said it was “controlling external parties’ access to information”, while 24% were more concerned about “protecting information flows between devices”. 12% were concerned about ransomware attacks, and 10% were struggling to control “employees’ access to information”.

Why Real Estate?

Real estate companies are often comprised of various branches and subsidiaries, which are spread across multiple locations. This makes locating and monitoring sensitive data particularly hard. It is essential that they have the right tools, technologies and processes in place to ensure that they have visibility they need to protect their data.

How Can Real Estate Companies Improve Their Cyber-Security Posture?

Given that controlling access to information was cited as a leading concern, the first place to start would be for firms to establish a clear understanding of where their sensitive data resides. There are a number of commercial Data Security Platforms that provide data discovery and classification tools out-of-the-box. Once they know where their most sensitive data resides, they can setup access controls in a more organized manner.

It is always a good idea to adhere to the “principal of least privilege”, to ensure that stakeholders – whether contractors or employees – are only granted access to the data they need to carry out their role. Real-time auditing solutions will also enable businesses to monitor access privileges, as well any sensitive data they have access to. To ensure that they have visibility into the flow of data between devices, they can monitor file shares, privileged mailbox accounts and the copying of sensitive data onto removable drives and devices.

Most Data Security Platforms aggregate data from multiple sources and display a detailed summary of important data-driven events, including who had access to what data, the operations that were performed, and when.

In terms of preventing ransomware attacks, educating employees about how to identify phishing emails is always the best place to start. While most DSPs cannot prevent ransomware attacks from being initiated, they can help to prevent the attack from spreading by automatically detecting and responding to bulk file encryption through a technique referred to as “threshold alerting”.

Finally, given that 57% of real estate firms were concerned about regulatory fines, most real-time auditing solutions provide a wealth of pre-defined reports that are designed to satisfy specific compliance requirements, such as those mandated by the GDPR.

If you would like to see how the Lepide Data Security Platform helps organizations to detect and respond to threats, keep data secure, and meet compliance, schedule a demo with one of our engineers today.