Real Estate IT Services
Real estate is the largest asset class in many U.S. areas, and partners with multiple vertical services for each transaction. Those services include title, financial lending, insurance, appraisal, and inspection.
As a real estate professional or brokerage, you require robust cybersecurity services to protect yourself from the outside world, but have you considered the impact of poor cybersecurity management by vertically integrated services that you trust?
Managing supply chain cybersecurity without the proper tools bears apparent challenges. The key is to create a compliance framework that adheres to accepted cybersecurity practices upon which all sides can agree. Remember that to gain cooperation in cybersecurity compliance, you must offer it in return. The result of evaluating a supplier should be a “cyber trust score” to quantify security resilience.
Cybersecurity compliance framework components should include assessments of the following:
Email security should include link and attachment scanning, anti-malware, and security awareness training to keep agents abreast of the latest phishing tactics. All too often, the weak link is human, not digital.
Network security should include a business class, penetration-tested firewall, healthy physical controls such as restricted building access and audible alarms, and regularly scheduled security assessments.
Endpoints should have malware protection and host-based firewalls, in addition to being patched on a regular, frequent basis. Device standards should be in place, such as those having supported operating systems.
However, for many brokerages, external threats are not confined to the supply chain. Because agents are technically independent contractors and therefore separate companies, they and their assistants are allowed to use personal devices with varying degrees and cyber protection brands. This policy decentralization spells danger for both management and the agents by increasing liabilities unnecessarily. While such a model may have been attractive in past years, it’s no longer feasible from an IT standpoint and leaves too much at risk.
We recommend that brokerage CTOs work with management to revamp agent agreements to enforce device standards and security levels. The cost of a data or financial breach could be much higher than the repercussions of contractual enforcement.