In November 2021, the property industry made headlines for all the wrong reasons when Premier Property Lawyers (one of the UK’s largest property conveyancing firms) revealed that it had suffered a serious cyber breach. At the time of this cybercrime incident, the company in question was locked out of its IT system for several days.
According to the business itself, thousands of property transactions were held up as a result of the breach. However, since the attack, Premier Property Lawyers successfully regained control of its system. However, the property sector has been quick to strike back, taking positive action and huge strides towards alleviating this ongoing threat from cybercriminals.
Indeed, with cybercrime becoming more common and troubling for the property sector in general, it is easy to reflect on why the industry might be a target for cybercriminals in the first place.
“Apart from deposits, rentals and other money collected by agents, there is also a significant amount of sensitive data that should be protected,” says Paul Offley, Compliance Officer at The Guild of Property Professionals “such as client’s addresses, account details, alarm records and passwords to access homes, not to mention passport details and the like. Access to this kind of information is what has made the industry a target among cybercriminals.”
By identifying the weak spots and learning more about its vulnerabilities, property businesses can fill in the cracks and successfully safeguard itself and its customers from future targeted cyber attacks.
This article examines the specifics of why the property industry is being increasingly targeted, starting with understanding the major threats and the steps to take for better protection.
There are actually many different types of cybercrime that can be used against businesses in the property sector. Some of the most challenging to deal with include:
- Ransomware – this is a type of malware that has been growing in popularity in recent years. It is a malicious piece of software that takes control of a company’s IT system and locks them out of their data. It then demands payment of a ‘ransom’ in order for the business to get its information back. If companies don’t have adequate backups or a solution in place, it can leave them with few options but to pay up or to lose their data entirely. Estate agents Foxtons suffered a similar type of attack, but was able to recover.
- Phishing – many people are aware of the dangers of phishing emails but may only associate them with their private lives, rather than in a business setting. However, phishing attacks are becoming very common against companies across the property sector.
- Business email compromise – this is a specific form of phishing that is especially dangerous for companies in the property sector. Here a cybercriminal gains access to the email account of a business, and then uses that legitimate account to send fraudulent emails to clients or other businesses. This way they can request that payments are made into a specific bank account, and the person making the payment has no reason to suspect anything untoward has occurred. This can result in huge sums such as whole deposits, being sent directly to a cybercriminal.
The points mentioned above are just a few examples of the types of attacks used against businesses in the property sector. It is also important, of course, to understand exactly why property businesses are now being targeted. This can be done by deconstructing the main issues that are making companies in the property market targets.
More property workers are remote than ever before. And while being remote doesn’t necessarily have to be deemed a security risk, it is also important to recognise that workers need to change up how they prepare themselves in order to stay secure.
“With remote working the new norm, it’s easy to slip into bad habits. However, with cyber security risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high, if not higher standard, of security awareness,” says Juliette Hudson, SOC Team Lead at Redscan. “If you’re a home worker, security protocols should include locking your workstation whilst away from your desk, preventing other household members from sharing your work devices, exercising vigilance before clicking and opening unknown links and attachments, and shutting down your machine at the end of each working day”.
Another key issue affecting the property sector is shadow IT. Shadow IT refers to any applications or software that are used by staff without the knowledge of the IT team. Once again, this can be related to remote staff. In an office environment it is easier for the IT team to keep track of exactly what everyone is using.
When working remotely, staff may be tempted to use unapproved software that makes their working life easier. However, if this software has not been vetted and approved, it can contain vulnerabilities that could allow cybercriminals to easily access the company data.
One problem that is affecting all sectors, not just property, is the cybersecurity skills gap. Nevertheless, this is a huge issue for property companies. The skills gap refers to the issue that there simply aren’t enough skilled cybersecurity professionals to meet the demands of the industry.
This has been a problem for many years and it functionally means that it can be prohibitively expensive for smaller property businesses to get the cybersecurity expertise that they need to keep the company secure.
It is important to also understand why property businesses continue to be seen as sitting targets for cybercriminals. Much of this actually comes down to the fact that the sector deals with very large monetary transactions, and also that property businesses hold onto specific (and substantial) personal details of individuals.
As this trend continues to grow year-on-year, the property sector remains a valuable target from the perspective of a criminal. And, despite thinking that smaller enterprises may seem more vulnerable, businesses of all sizes are under threat.
There are many successful ways to safeguard data and be better ‘armed’ to combat these cyber threats. Estate agencies across the board can enhance their protection from the inside and, rather than being compromised, share valuable advice regularly with staff and customers. Implementing a few key procedures can make a difference, including:
- advising customers to speak to estate agents on the subject of cybersecurity
- recommending customers ask what measures have been put in place to safeguard personal data
- instructing clients to take care sending solicitors deposits
- ensuring customers call solicitors first to establish their legitimacy, and
- reconfirming bank details with solicitors when organising any contract exchanges and monetary transactions
Property businesses are ultimately being targeted by cybercrime because they are valuable targets with a great deal of data that may also be limited in terms of the scope of their cybersecurity measures.
Looking ahead, with a greater understanding about why the property sector is under threat, it is possible to guard the industry from damaging attacks. Certainly, it is up to companies across the industry to understand the scale of this ongoing challenge and invest more and in their cybersecurity practice, adopt an ongoing defence strategy and introduce protective procedures.