Why and how hackers target real estate firms - by Jonathan Stone

We typically think of hackers as being far away and using technical skill to gain access. The truth is, cybercriminals rely on tricks in the physical world and mistakes made by their victims just as often as their coding skills.

For instance, whatever your role in the commercial real estate industry, odds are your job takes you out into the field with devices that contain client data. This presents opportunities for hackers including: 

• Phony wifi networks that appear real (with names like “hotel wifi”) and gather information transmitted across the network—using LTE on the road is safer.

• The chance to physically steal a device from a car or property and access its data—best to utilize a full disk encryption solution, in addition to keeping devices locked and never unattended.

It may seem like you or your firm is an unlikely to be of interest to a hacker, but your data is more valuable than you may think. In addition to account numbers and financial information, consider all the data you have about your clients. For example, developers, agents and designers are all privy to planned relocations of companies and how that may relate to growth or downsizing. This type of information could be quite valuable to competitors or even used for insider trading.

Commercial real estate firms make good targets for hackers not just because of the potential richness of the data they may find, but also because defenses in this industry are typically low. While breaches of major retailers and tech companies make the headlines, the vast majority of cyber attacks are aimed at small and medium-sized companies because they are more likely to have weak cybersecurity.

In the commercial real estate industry, cyber insurance is much more common than a robust cybersecurity strategy with multiple layers of defense. This leaves firms in the industry open to classic cyber attacks such as spear phishing in which a hacker spoofs an email of a partner or co-worker, potentially to hijack a deposit being sent via wire transfer.

The best way to prevent an attack like this is a combination of employee training and technology safeguards. Effective cybersecurity starts with acceptance that you are a target and awareness of the types of cyber attacks that affect firms like yours.

Jonathan Stone is COO and CTO at Kelser Corp., Glastonbury, Conn.