Connect with us

Real Estate Brokerage

Reducing brokerage liability (how not to lose a quick million)

You don’t know what you don’t know, brokers. Truly, there are always more ways to safeguard your company and your information.

Published

on

google patent

Brokers who don’t actively manage their company’s information security practices could be on the hook for a lot of money – in the case of one West Coast brokerage, $1.5 million – and, like many of their peers, find their reputation ruined. The media likes to dramatize the story whenever a brokerage has a security breach. One recent TV story, while trashing a broker’s reputation, seems to have been going for a literary prize:

“The paper trail stretched for blocks, billowing in the cold breeze on Columbus Avenue. It was not litter but bits and pieces of people’s lives.”

Now that’s drama! But it’s drama that your brokerage can avoid – here’s how:

Train your agents on how to manage the physical security of client information in their mobile and home office environments – and also train them on many of the other best practices that follow in this article to reduce brokerage liability:

Manage the physical security of sensitive information

Keep sensitive information physically secure – that goes for paper, hard drives and flash drives, computers and mobile devices. Keep it all in a locked cabinet – ideally in a locked room – when unattended, and be especially careful with it when you are mobile. Use a cross-cut shredder to dispose of items you no longer need.

Most publicized security breaches in our industry happen because of a physical security breach rather than a computer security issue.

Use secure software to manage sensitive information

Use professional-grade document and transaction management tools – not Dropbox! Make sure good information security practices are a part of your contracts for websites and software; this is a requirement in some states.

Create and protect strong passwords

Use passwords with letters, numbers, and punctuation – at least eight characters long – and use unique passwords for different applications. Ideally, change your passwords every 120-180 days. Also, never write passwords down (unless you lock up the paper very securely), change your passwords now and again, and don’t share your passwords. 

If you use a password management program or “remember password” features, be aware they aren’t ideal: if someone gets physical access to your device and/or learns your one master password, they’ll have access to all of your passwords. To protect your accounts, don’t forget to log out when you’re done using a computer, website, or other resource.

Configure computers for security and keep them updated

If you use a PC, test your settings and security patches using Windows Update, the Microsoft Baseline tool and Secunia PSI. If you have a Mac, there are no equivalents beyond the App Store updater – but Apple does have some configuration guides. Don’t slack off on installing security patches!

Configure mobile devices for security and keep them updated

At the very least, require a difficult to guess password to use the device, use the encryption features, and set Bluetooth to “hidden mode” or disabled when not in use. Be very careful to limit installation of third party “apps” to those created by reputable companies.

Install antivirus software

No antivirus software can protect you from all viruses, but it’s a good idea to install it as a reasonable precaution. On the PC, leading vendors are Microsoft, AVG, Avast!, ESET, McAfee, and Norton. On the Mac: Avast! or ESET. On Android: AVG, Trend Micro, and Kaspersky. On Symbian or Windows Mobile devices: Kaspersky. Sadly, there isn’t a reputable antivirus solution available for Apple iOS mobile devices yet.

Use encryption

Encryption makes information that anyone can read into something that is unreadable unless one has the right “key.” This way, the information doesn’t fall into the wrong hands. Encrypted information may be stored on a hard drive or flash drives, attached to an email, or sent over the internet. Every type of computer, email program, file transfer program, and wireless router has its own method for implementing encryption – see this article about encryption for real estate professionals and/or “Google” for more information on your specific situation.

Establish policies and procedures

Policies define what behavior regarding the protection of sensitive information is expected and what behavior is not allowed. They eliminate the “ignorance” excuse — “I didn’t know that I had to shred files before getting rid of them!” — and negligence is well defined. Many draft policies are available online. Policy management must include at least employee and contractor education, monitoring, enforcement and regular re-evaluation and revision.

Set up a secure office network

The office should have a firewall, configured to only allow essential incoming and outgoing network traffic and to protect internal computers from those of visiting agents – and all of those from portable computers brought in by clients. Ideally the firewall should also allow for secure remote network access for key staff, have an intrusion prevention system, and also provide web filtering to help prevent visits to malicious websites. If wireless networking is provided, the access point should have a strong administrator password and use WPA2 encryption.

Create a Written Information Security Program (WISP)

Create a document formalizing how you are minimizing the risks:

  • Identify who at your company is responsible for information security
  • Identify reasonably foreseeable risks. Are you only collecting and keeping information you need? How will you prevent terminated employees from accessing sensitive information? Are you contracting for information security with technology vendors?
  • Develop policies for the location and both physical and electronic security of records
  • How are you monitoring compliance with the best practices you’ve outlined?

The following PDF is a fine example WISP provided by the state of Massachusetts.

Have a security audit performed

The only way to know if all reasonable steps are being taken is to have a professional security audit performed. Ideally third parties you work with (web site creators and hosts, document and transaction management system providers, statistics providers, broker back office system providers, etc.) have their own audits performed regularly at their own expense, and if they don’t, this is something to consider adding to your contracts. It’s understood that many small brokerages can’t afford to have someone like me provide an audit – but hopefully some of the steps outlined in this article will help them minimize the risks on their own.

Prepare for an incident

No matter what steps you take, it’s possible that an information security incident will occur. Be prepared with the appropriate law enforcement, financial institution, and local computer forensics expert phone numbers. Consider the messaging your company will use if an incident will occur. A sample is included in this PDF document at the end of the “Plan Ahead” section. Keep all this information somewhere printed out – you may not be able to access it on your computer when you need it!

There is no such thing as eliminating all risk. Still, putting these policies and procedures in place at your company may prevent embarrassment, compromise, and financial loss. You do not want to be the broker with the TV cameras outside and a reporter waxing poetic about what you’ve let happen to your clients.

Matt Cohen has been with Clareity Consulting for over 17 years, consulting for many of the real estate industry’s top Associations, MLSs, franchises, large brokerages and technology companies. Many clients look to Matt for help with system selection and negotiation. Technology providers look to Matt for assistance with product planning, software design, quality assurance, usability, and information security assessments. Matt has spoken at many industry events, has been published as an author in Stefan Swanepoel’s “Trends” report and many other publications, and has been honored by Inman News, being listed as one of the 100 Most Influential Real Estate Leaders.

Real Estate Brokerage

The impact of the pandemic on your homebuyer clients

(BROKERAGE) While the pandemic has impacted many changes, you can reassure your clients that the homebuyer housing market is doing surprisingly well.

Published

on

For sale house reflects homebuyer growth.

This year, a great many things have been impacted by the pandemic: Company closures, setbacks, etc. The one thing that may actually be surviving well is the housing market. A news release put out by Down Payment Resource stated that 81% of homeownership programs have funds available for the eligible homebuyer. This organization assesses the market around the country and reports on the conditions it finds.

While they have noticed a small drop in those available programs, most of those dips turned out to be temporary and focused at the city and county levels. However, at the state level, these programs have remained open and have not needed to pause business during the pandemic. This has been contributed to a great deal of uncertainty about the world’s condition. This uncertainty does not seem to have affected the homebuyer market, though. Housing finance agencies have reported that they are doing as much or more business than they were at this time last year. The report recorded that, starting this past August, less than 2% of the DPAs had temporarily paused their programs due to the pandemic.

When analyzing the forbearance trends this year, DPA is reporting that the small increase at the beginning was just caution from consumers. Since then, they have slowed down and reports from the summer are showing an increase for the 8th week straight. The only dissenting comments are coming from CoreLogic, who states that delinquency rates are starting to rise.

The HPI reports an increase in the share of down payment and closing cost assistance programs. Upon analysis, all the numbers appear in the majority. The down payment or closing cost assistants’ programs come in at 78%. The only decrease they have recorded is in the first-time mortgages and the programs for Mortgage Credit Certificates (MCCs).

Overall, things are looking up for the market, at least by the numbers. However, you’ll still probably be facing some concerns from your clients around the volatile nature of the pandemic. This changing world is a scary place, but optimism remains.

Continue Reading

Real Estate Brokerage

Don’t settle for mediocrity: How to be a better leader

(BROKERAGE NEWS) There tends to be two camps of leaders, those who lead from strength and those from weakness. But who says you can’t do both?

Published

on

Leader in a meeting

A lot of leadership literature has become “strength’s focused” – using inventories like StrengthsFinder (developed by Gallup). The logic in many ways, is sound. Capitalizing on your strengths as a leader and those of your team is significantly more effective than attempts to cover perceived flaws or weaknesses.

The business world has been cited for being too focused on weaknesses (and now parents are too). This a natural inclination for people. For leaders however, we should be bringing our strengths (and the strengths of our teams) to work and making “it” happen.

However, an over focus on strengths isn’t without its own challenges. Tony Schwartz writes for Harvard Business Review, a “well-rounded leader” has a greater opportunity to be more effective. As we seek to leverage our “strengths” let us not forget the complexity of our skill set and how those negatives we see about ourselves can become assets – resources – that we use to manage ourselves and our teams.

Metaphors are common in leadership articles, so I won’t break tradition.

Much like in physical exercise, poor form often causes the overuse of a muscle versus a group of muscles. Poor leadership form, while doing the lifting, leads to an overuse or over-reliance on what is good and comfortable for us.

A pragmatic leader may find themselves unable to make dynamic change move forward. Today’s leaders have to deal with a more complex environment in terms of technology, skills, and demographics. One style of leading will simply not be enough.

The big lesson here is to workout things you don’t think are your best strengths. What are ways you can take those weaknesses and utilize them? How do your rebranded weaknesses make you a good leader for a project or a team? Create opportunities to use your “positive opposites” – those weaknesses that you have rebranded.

PRO TIP: Find a mentor, find a coach, or keep reading about leadership.

You may never be able to develop those skills as strong as your primary, but you will have more leadership muscle to work with. You’ll be delivering a better leader to serve, build, and develop yourself or the organization.

Schwartz discusses the role of choices. We make a lot of choices as leaders – resources, people, what risks, what resources, what costs. When we make those choices working with clients or employees we are always using our mental tool kits.

It doesn’t hurt us to have more tools, most of the time, to allow us to handle situations.

SIDEBAR: It is important to recognize that we only have a limited amount of time. You’re still going to benefit more from developing your strengths – but don’t forget to work out those rebranded weaknesses (the triceps of leadership!). I love an 80/20 perspective – spend 80% of your learning time focused on building up those strengths, spend the other 20% on flexing those rebranded weakness.

A well-balanced leader is not a one-trick pony – they are leaders who can take an organization through many life cycles. If you seek to be some kind of leader, take some time to appreciate your own mix of strengths and weaknesses, and the unique qualities that you bring to a complex world of complex organizations.

Leadership is a whole person endeavor, and don’t skip those weaknesses (just like leg day!).

Continue Reading

Real Estate Brokerage

Brokerages rarely write an internal communication strategy, here’s why they should

(BUSINESS) Almost no real estate brokerages have an internal communication strategy, but they absolutely should.

Published

on

internal communication strategy

It’s still early enough in the year that you can start fresh, personally and professionally. Help your organization by taking into account what’s happened in recent history and where you want to go. From there, you will determine what steps are necessary to achieve your goals.

Writing an internal communication (IC) strategy can be the first step in mapping your goals and is virtually unused in the real estate industry. According to All Things IC, an “internal communication strategy is like a map, an outline of your organization’s journey. It’s the big picture of what you want to achieve.” This can be done by a brokerage, or an independent agent alike.

Great! So, where do you start? First, know what an IC strategy needs to address. This includes the where, how, what, and why.

Write down the current state of the company, then state where you’re heading, or where you’d like to be. Create a list of objectives to support this.

Then break into your “how.” Explain how you are going to get to where you want to be, as well as how long it will take and why.

You’ll then venture over to a “what” by outlining what is involved along the way to your goal. Then, throw in a little “why” by explaining why this approach is the best for the job.

Go back to “how” and tell how you’ll know when you’ve reached your destination. This part will require tangibles, measurements to support a change in reaching your goal.

Finally, give one more “what” and address what will happen if you don’t change the way you’re currently operating. If things are working for your organization, that’s great! But, there is always room for improvement.

For an internal communication strategy, it is important to include the following: a title, an issue/purpose, structure, executive summary, audience segmentation/stakeholder mapping, a timeline, channels, measurement, communication objective, approval process and responsibilities, key messages, and an appendix.

Now, what was missing from the initial inclusions was a “who.” So, who should be the one to write this document?

Well, it needs to be someone with a strong understanding and implementation for internal communications. This can be done internally by someone on staff who is an expert; or, it can be outsourced to an expert. Regardless of who writes it, make sure it is clear and concise for the audience at hand.

What is most important to remember is that writing an internal communication strategy is just half the battle. Your work is not done once this document is agreed upon by the leadership team. And finally, you must be willing to enforce what’s written on these pages and be ready to make the changes you’ve outlined.

Continue Reading
Advertisement

Our Partners

Get The Daily Intel
in your inbox

Subscribe and get news and EXCLUSIVE content to your email inbox!

Still Trending

Get The American Genius
in your inbox

subscribe and get news and exclusive content to your email inbox