February 15th, 2019
Top 6 real estate cybersecurity tips
One cyber-crime was reported every seven minutes in FY2022, according to the Australian Cyber Security Centre (ACSC). That’s a huge 13 percent increase on the previous year, continuing a well-established upward trend. It may not, however, come as a surprise given the slew of high-profile data breaches that have recently impacted Australian businesses including banks, healthcare providers, telcos, and government agencies.
The property industry is also potentially at risk of falling victim to a large-scale and high-profile cyber-attack, and this is a concern for many agents wondering how to safeguard their business, given the large volume of personal data collected and stored in the process of establishing leases and sales.
To better understand the concerns about data and security, PropertyMe recently surveyed Australian renters. The findings revealed that an overwhelming majority of renters (75 percent) were more concerned about data leaks now compared to 12 months ago, with 90 percent of those citing high-profile data breaches as the reason for this concern.
Despite the large volume of personal information required in the rental application process, 88 percent of the renters surveyed did not know what happens to their personal information after they provide it to real estate property managers.
The respondents surveyed had previously shared a wide variety of personal information with real estate agencies including phone numbers (71.5 percent), rental history (64 percent), identification such as passport, license, or birth certificate (63.7 percent), date of birth (61.6 percent), bank details/statements (48%), names of household members (41.5 percent), pet details (28.5 percent) and household bills (36.7 percent).
We know that many agents are acting to better protect themselves and their clients from cyber-attacks. So, to help, here are our top tips for property managers, owners, and tenants to safeguard themselves against a cyber-attack.
To protect against these risks, businesses and consumers alike can take simple steps to shore up their cyber defences.
Firstly, create strong and unique passwords. Don’t use the same passwords for multiple accounts to limit the impact if one provider is compromised and be sure to establish a rhythm in which to change these routinely. Next up, enable two-factor authentication wherever possible to add another layer of security to your accounts.
This might sound like a no brainer but be cautious when sharing any sensitive information online. This means your personal identification or financial details, and any sensitive business information including financial details and client or tenant information you may hold. If you receive any unexpected requests, pick up the phone to verify their legitimacy and double check email addresses, phone numbers, and website URLs. Be particularly vigilant when you’re in a busy period as this is often when things are overlooked.
Finally, another cornerstone of basic cyber safety is to regularly monitor your financial accounts for any suspicious activity. If you see something you don’t recognise, report it to your bank and freeze any accounts if necessary.
Taking a closer look at what proactive steps renters can take to protect their own data, survey respondents reported using secure online tenant platforms such as MePay and the PropertyMe Tenant Access (26 percent), personally checking with agents/landlords about how they plan to use data (13 percent) and paying cash or cheque rather than using online payment methods (10 percent). However, 49 percent had not taken any action.
We are in a highly-competitive market for renters so it’s not a stretch to imagine that would-be tenants would find it difficult to decline any requests for information. This means the onus is on the real estate businesses to mitigate against the risk of malicious parties stealing this data.
Practical measures include implementing strict access controls and data encryption protocols to minimise the risk of human error resulting in a cyber breach. Businesses can also conduct regular security audits to identify and address any vulnerabilities in their cyber defences. The audits may be done internally or via a trusted external provider. It’s also worth considering implementing in-depth employee training and ongoing upskilling in line with the rapidly evolving cyber risk landscape.
Finally, property managers and agents should review the third-party platforms they use and their security credentials to ensure that all are up to scratch and don’t pose unnecessary risk.
Third-party services can be both a cause of cyber risk as well as tenant frustration. Third-party rental payment platforms specifically have copped criticism in the media for costing tenants excessive fees and their misleading advertising.
That’s why in January, PropertyMe launched MePay, an Australia-first payment platform to enable tenants to pay their rent safely and securely. Unlike some third-party payment apps it’s free to use with no hidden fees and no dishonour fees. Whether accessed online or via the mobile app, it provides a stress-free experience enabling tenants to set up a regular transfer for their rental payment.
Payments are processed using encrypted payment software with a direct link to a major bank, ensuring that they are safe and secure. Unlike with traditional payment methods, account details are never shared with the agent. For the tenant, it offers secure login and two-factor authentication.
Why is this important? Well, 61 percent of renters surveyed would prefer to use a fee-free secure platform to pay their rent rather than bank transfer, cash or cheque. In fact, some 46 percent of renters who have used an alternative platform offered by an agent say they have been stung by default fees.
There’s no guarantee that you will be targeted by a major cyber-attack, however as time goes on the risk grows. Preparation is vital to ensuring that your business’ own data and that of your clients and tenants remains safe.
This content relates to the MePay payment product and has been prepared by MePay Holdings Pty Ltd (ABN 55 638 819 575 / AFSL no 528836) (MePay Holdings). Any financial services provided in relation to MePay (including the issue of MePay) are provided by MePay Holdings. To the extent any information provided to you in this content constitutes financial product advice, such advice is general advice only and has been prepared without taking into consideration your objectives, financial situation or needs. You should consider your needs prior to acting on any advice or making any financial decisions and seek independent financial advice regarding your own personal circumstances. Cooling-off rights do not apply to MePay. A product disclosure statement (PDS) has been issued by MePay Holdings for MePay and is available at https://propertyme.com.au/mepay/pds. The PDS explains the features, risks and benefits of the service and you should consider it in deciding whether to use the product.