Avoiding Cybersecurity Risks When Working Remotely

May 27, 2020

By Doreen Spagnuolo, Corporate Counsel and Patrick Fife, Associate Corporate Counsel, Long Island Board of REALTORS®

With brokers and agents working remotely, cybercriminals have seized on the prospect that businesses will let their cybersecurity guard down.  In fact, the FBI warns that cybercriminals are leveraging the COVID-19 pandemic to steal personal information and financial data, and gain access to computer systems.  These criminals/hackers are targeting the real estate industry by intercepting email accounts with the objective to commit wire fraud.

Whether you are involved in virtual showings, remote closings, remote listing presentation, or procuring electronic signatures, you must take appropriate precautions to protect the personal information collected throughout the course of your business, such as social security numbers, bank account information, credit card information, driver’s license numbers, etc.

To limit your risk of having a data breach while working from home, you should follow these BEST PRACTICES:  

  1. Update your software – Make sure that any software being run on your home computer and any other devices is updated, especially your antivirus software, firewalls, and operating system.

  2. Continue to maintain good password and email habits – Use long and complicated passwords or password management software, and use two-factor authentication whenever available.  Do not click on suspicious links or attachments, and employ encrypted messaging to share sensitive information.  Beware of coronavirus-themed phishing emails.

  3. Use a virtual private network (VPN) – A VPN can help protect the data you send and receive while you work from home.  A VPN helps to create a trusted connection between employees and their organizations and ensure ongoing access to corporate tools.  Corporate VPNs provide additional protections against phishing and malware attacks, the same way corporate firewalls do in the office.

  4. Don’t mix personal and business – Continue to use your work devices and email to do work and personal devices and email for personal matters.  Not doing so increases the risk of introducing a software program with a security flaw or exposing your business to a phishing email.

  5. Don’t improvise – While it is helpful to use collaboration tools like instant-messaging platforms and video-meeting rooms, if a tool is not working right, do not download an unknown substitute.  You could inadvertently introduce a software program with a security flaw – and that means someone unauthorized may be able to access company data, or any personal data you have on the device.

  6. Alert your customers and clients at the outset – Have a conversation right up front that wire fraud is real and emails sent by these criminals are convincing and sophisticated.  Advise your customers and clients that before wiring any funds they should call the wire recipient using a phone number they know is accurate to verify the legitimacy of the request.

  7.  Mitigate teleconference hijacking threats – Keep virtual meetings private and not public by requiring a meeting password and sharing it only with specific people.  Manage screensharing options and ensure you are using the most up-to-date version of the remote meeting application.

You should check with your insurance carrier the type of insurance protection, if any, they offer in the event of a cybersecurity attack or data breach.   If you need this type of insurance protection, or would like more coverage, you can visit NYSAR’s and NAR’s websites for a description of the cybersecurity insurance plans available to REALTORS®.