Online Security Issues in Commercial Real Estate

A topic that may not get addressed enough in our headlong rush for the next deal is security. Especially when we consider the online portion of our business. We can all be forgiven for being neck deep in a deal and missing a few points in a long contract before execution. Pressure gives us a narrow focus and we tend to miss things, however, the potential downside when dealing with anything online is growing exponentially and is worth the time to pay a little more attention to.

Watching the ransoming of the entire city of Baltimore going on right now should be a pretty serious slap to anyone who doesn’t think really nasty things can happen to them.

If you are online you can be hit. We like to imagine that we are small potatoes compared to all these corporations and cities being hit and no one would bother targeting us. And you’d be right, except for the fact that it’s not individual hackers focusing on individual businesses it’s computer algorithms. Bits of computer code that don’t get bored or tired but are constantly crawling all over the internet scouring for any weakness. No they’re not ‘looking for you’ exactly but they are looking for your open backdoor.

Commercial real estate is an attractive target for hacking because we deal in large amounts of capital moving around on a daily basis. it’s not unusual for a brokerage office to see more than $1,000,000 in money transit its systems in a day. Earnest money deposits, commission fees, leasing deposits, etc. These can be very attractive to someone hacking and looking for cash.

Title companies as well are big money targets and in fact have already seen a huge number of attacks on them in the last few years. If you’ve wired money for a deal in the last few years you’ve already seen the additional verification steps title companies go through now.

One of the most effective and lucrative methods hackers have been using to target the commercial real estate industry are those using email. We have all become pretty good about not clicking on random links emailed from unknown senders but what about the link your friend Dan just sent…

Hackers are getting very good at ‘spoofing’ or faking the source of emails. If they can watch your email traffic for a while and see that you communicate with someone they can spoof that address in the From field to fool you into thinking Dan really did send you a link.

This recent article in BisNow details a bit more of the mechanics that can be used in a hacking attack:

It can sound a bit like you’re in another Oceans Eleven film but it’s actually happening now more frequently because of automation. The tools available and the techniques for attacks have advanced so far that you don’t need to be a serious hacker or spy to carry out complex targeting.

Do yourself and your business a favor and spend some time getting familiar with the latest hacks. It’s hard to be vigilant against an attack if you don’t know what you’re looking for.