News You Can Use
Today cyber criminals are an active threat to real estate transactions, making it crucial to implement a cyber defense plan which typically which begins with the implementation of security software, procedures for computer usage, and a cyber aware environment.
Security Software
Security software is an excellent method for ensuring company devices are secure. The main benefit is the software’s ability to block certain malware from being downloaded on the computer and identify malware that already exists on your devices. While you may believe that you follow safe measures while online, having a defense system in place secures the network in case malicious downloads are unknowingly downloaded or malicious links are clicked accidentally.
There are several companies that sell anti-virus software. Norton 360 or MacAfee Endpoint Security are both great options for small businesses because they will protect your devices if any malicious software is present on your device or attempting to download. When purchasing security software, a cloud-based system is beneficial because updates are automatically made to the software; therefore, your security will always be up to date with the newest known threats. It is also helpful to purchase a software that includes a spam filter, to prevent unwanted or dangerous emails from reaching the inbox.
After Migrating your Email Server
Changing your email address and switching to a secure email server can be confusing process; however, when using a strong cloud-based security software that includes spam filtering, it may not be necessary. If you do switch your email server, it would be wise to find a server that is capable of encrypting emails, filtering spam, and scanning for viruses.
There are some important steps to remember after the new email account is set up. Once your email address changes, remember to update your information online with the NJSBA, the NJ Law Diary, and any other organizations or associations you may be part of.
Additionally, it is important to either set up an automatic reply from the old email address or set up automatic forwarding from the old email account to the new account. An automatic reply message on your old account can state that you have a new email address and do not check the old inbox regularly. This lets people contacting the old account know they need to inquire about your new email address. It is important to note that sharing your new email address within the automatic reply message may not be in your best interest because cyber criminals who send phishing emails would be provided with your new email address.
Setting up automatic forwarding is the other option. With spam filters set up in the new account, any phishing attempts automatically forwarded to the new account will end up in a spam folder.
Security basics to remember:
It is important to keep in mind, a company's cyber security is only as strong as its weakest link, which is typically the people using the network. Security software is an excellent defense plane that works a s a lifeline or back-up measure for accidents, keeping viruses off your devices; however, it is best not to completely rely on the software. It is just as important that everyone utilize strong and unique passwords for each of their accounts, a cyber policy is signed and enforced, and cyber awareness training course is provided to all team members.
Passwords
The importance of a strong unique password is often overlooked. If your password can be easily guessed (i.e. your last name, your kids’ names or the name of your business, etc.) then your account can easily be compromised. Additionally, many people utilize the same password for multiple accounts. While this makes it easy to remember passwords, it also means that if one of the accounts is compromised, then every other online account that uses the same password will be compromised as well. Therefore, passwords should be strong enough so cyber criminals are not able to guess and unique for every account.
ARE YOUR PASSWORDS GUESSABLE?
Various websites accumulate personal information from public records, social media profiles and marketing data. This information is published and available for anyone to find online. Are you aware of what information is available about you through a simple Google search of your name?
Hackers may attempt to guess your password in order to gain access to your email account, and therefore, all of the information they need to send buyers fake wire instructions. If your password consists of personal details, such as a street name from a prior address, digits from an old phone number or your birthday, the name of a relative or pet, or even a favorite sport team or musician, there is a probability that information is publicly available online and easy for hackers to find.
Please feel free to call Emily at the office to brainstorm password ideas.
Policies
Policies are the first step in training employees on how to securely utilize email and access the network. A policy should set an expectation of how email and the network is to be used and develop standards for adhering to the policy. It should be easy for employees to understand, state what the company devices can and cannot be used for, and what type of information can and cannot be sent via email. If there is an email monitoring system in place, the rights of the business and the user should be documented in the policy as well. Typically the employees have no privacy when using a business's devices or email account. This should be clearly stated so employees know not to be conducting personal activity on company devices because it could be potentially dangerous to the company's security.
SANS, an organization focused on researching information security and providing education, has a sample email usage policy that can be amended to fit your company's needs. The template can be found on the SANS website in the Security Policy Project section, under the Security Resources tab in their menu.
Wire Confirmation Policy
In the real estate industry, a cyber policy optimally also includes standards and procedures for dealing with wire instructions sent via email. Requiring confirmation of wire instructions is a crucial procedural step in preventing fraud. Cyber criminals have several techniques for obtaining the transaction information necessary to send fake wire instructions that may look legitimate. A policy should state that when calling to confirming wire instructions sent via email, a known, or trusted phone number must be used. A trusted phone number can be found on the company’s website or any other reliable source other than email. While the confirmation is important, calling the correct person is just as important because a confirmation of wire instructions done using the wrong phone number can result in the loss of funds.
Awareness Training
Each team member must be aware of current email scams because one person mistakenly clicking links and downloading attachments can compromise an entire company's network. Awareness training for an employee can begin with the cyber policy. The policy should be understood and signed upon implementation, and become integrated into the new employee training process for new employees to understand and sign upon being hired. This gives them an expectation of how they can use the computer network and email accounts. Additionally, provide employees with a basic training course on the types of email phishing scams that are targeting the industry. This training course should teach key indicators of phishing emails and how to apply any procedures set in the policy.
The most effective cyber security plans have multiple layers of defense. A security software accounts for one layer. Hackers are constantly figuring out how to get their phishing emails past anti-virus software and spam filters. By creating an environment of cyber awareness with policies, procedures, and training, another layer of security is added to the cyber defense plan. Since cyber criminals are relentlessly attempting to defraud real estate transactions, multiple layers of defense ensures that when one layer fails, there are still security measures in place, defending the company's network and data.