7 Cybercrime Prevention & Insurance Tips

E-Mail Fraud, Extortion, Social Engineering
While service professionals are generally becoming more aware of the increasing incidents of computer-related crime, such incidents continue to substantially increase in number. The dynamics of the social and entrepreneurial personalities and practices of the agent, combined with highly-sophisticated cyber-criminal operations, continue to create vulnerabilities for real estate professionals. Regular use of social media, personal communication devices, internet advertising and unprotected email and domain names (i.e., myrealestateoffice@google.com) makes agents an easy target for the intruder.

Cybercrime comes in varied forms and terminology is loosely used to describe its’ different forms: phishing, hacking and spamming are among the common terms related to fraud, extortion and social engineering. Common occurrences include:

• Extortion: Your data and/or computer operation is frozen until you pay a monetary demand to the extortionist. Typically a relatively small ransom is requested ($5,000 for example) with the bad guy hoping it will just be paid without law enforcement getting involved. Even if paid, there is no guarantee your data will be released or that they will not come back for more money now knowing you are a willing target. Contacting the FBI or other law enforcement authorities is recommended.
• Email Fraud and Social Engineering: for firms that act as custodians of other people’s money (escrow, trust, IOLTA), cyber-criminals will create complex methods to infiltrate your computer and eventually manipulate the user into wiring money to them. There are numerous precautions that can be taken to minimize this risk, including personal verification of all communications, email addresses, routing numbers and transactions.
• Data Theft: the theft of client or employee data through hacking or phishing can result in civil fines and costs related to credit card monitoring and notifications to the affected parties, forensics, data restoration, crisis response, lawsuits and more. A data breach can easily cost tens or hundreds of thousands of dollars.

There are numerous preventative strategies to help minimize the risk of cybercrime. Recognizing that the “bad guys” are sophisticated international experts, preventative methods should be taken seriously and vigorously implemented.

7 Prevention Tips

1. Implement a mobile device policy – what can and can’t be done with company devices and data
2. Require strong passwords to lock devices
3. Use Encryption on all devices
4. Implement remote wipe software for lost or stolen devices
5. Backup remote devices
6. Disallow the downloading of unauthorized software
7. Keep security up to date

Brokers and business owners who implement security methods like anti-virus software and other protective measures for the firm’s computer and email programs should mandate that agents and employees only conduct business with those approved programs – no individual google or yahoo accounts, separate websites, etc.
Some experts state that it is “when”, not “if”, a business will be compromised. Insurance products exist that will offer protection if data is lost or a wire fraud, extortion or other cybercrime event happens. Policies can be tailored to the needs of a particular business. For example, not all businesses act as custodians of funds so they may not need protection for that, but almost all businesses need some type of insurance for data breach, theft or extortion. A Business Office Liability or Errors & Omissions policy may offer some incidental coverage, though a stand-alone policy is recommended for broader protection, with premiums being generally affordable. These policies will offer coverage for notification, credit card monitoring, credit card industry fines, forensics, data restoration and more. Many also include risk management information and hotlines to help reduce the risk of a cybercrime.

Author: John Torvi