Can you imagine your company being hacked, and your customers’ information being used by these criminals, and then you are held liable? It got us to thinking – if hackers are targeting real estate transactions, can brokers or teams be vulnerable here?
To get the answer, we chatted with Katie Johnson, General Counsel at the National Association of Realtors (NAR), and if you’re a real estate professional, you should keep reading to learn how to minimize your risk.
Something NAR’s been thinking about
NAR has a tremendous number of resources on this topic, and they’ve clearly been pondering how to safeguard the industry for quite some time.
In her own words, Johnson offers three ways that you can safeguard yourself and your customers from being hacked:
1. Create, maintain, and follow a comprehensive Data Security Program. Many states require businesses to maintain written data security policies regarding the collection, use, distribution, and destruction of consumers’ personally identifiable information. Going through the process of creating such a policy will help members understand what type of personally identifiable information they receive from clients, how it is received (e.g., email, hard copies, text, transaction management tools), and whether it is necessary.
The policy should also address how to properly dispose of such information. NAR has published a Data Security Toolkit to assist members with creating that policy. We also offer a 4 hour course for members.
2. Implement good email practices. We are increasingly hearing about data breaches resulting from a hacked email account. Therefore, it’s important for all email users to change passwords on a regular basis and to use complex passwords that would be difficult to guess.
Also, avoid sending sensitive financial information via email whenever possible. If necessary, then use encrypted email. Use up-to-date firewall and anti-virus technologies. Avoid using free Wifi to send emails or conduct business. Clean out your email account on a regular basis and avoid opening suspicious email or attachments.
3. Be paranoid. This is advice that my colleague, Jessica Edgerton gives, and it’s very true. If an email, phone call, or social media posting looks suspicious, it probably is best to avoid engaging. If a member thinks a breach has occurred, then all affected or potentially affected parties, as well as proper law enforcement, should be notified as soon as possible.
Moving forward, better informed
Further, Johnson notes that they are not aware of any legal liability imposed on NAR members to-date, but she notes that “the possibility is always there as cyberfraud in real estate transactions persists.”
“In addition to legal liability,” Johnson adds, “data breaches can have other harmful effects on a member’s business such as time and resources spent implementing new security measures, training, and having to contact clients that may be affected by the breach.”
Can you honestly say you’re already doing all of these things? If not, spend some time this month to protect yourself, your team, and most importantly, your customers.
This story was first published in March 2022.
Lani is the COO and News Director at The American Genius, has co-authored a book, co-founded BASHH, Austin Digital Jobs, Remote Digital Jobs, and is a seasoned business writer and editorialist with a penchant for the irreverent.
