Ok, I know what you are probably thinking
It’s my job to sell cyber-security services so I am bound to paint a depressing picture of the dangers out there right now. But I don’t need to do that. The facts and the cases, sadly, speak for themselves.
It is estimated that the PropTech market will grow from a current valuation of £14.4bn to £68.3bn by 2032. These are staggering sums, and the property sector holds financial transaction data as well as personal and financial information. This makes it a target for malicious threats coming from inside and outside the business, often in the form of a disgruntled employee.
More than a third of UK businesses (35%) fell victim to fraudulent activity, cyber attacks or data leaks over the last 12 months - up 37% on 2022 - according to the report for financial technology platform Adyen by the Centre for Economic Business and Research (CEBR).
The most common security threat to property transactions is cybercrime. The Solicitors Regulation Authority states that email modification fraud accounts for more than 70% of all frauds reported to them.
And the technology used by organised crime to defraud large and mid-sized firms is starting to be sold to people with little training as hackers and the danger will soon start affecting smaller businesses.
The use of AI will also inevitably make cybercrime more commonplace and dangerous over the next few years.
A big wake up call came in December when CTS, which supplies IT services to law firms, was hacked leaving some 100 firms unable to access their case files and disrupting property sales. It is believed to have been hit by a ransomware gang which exploited a specific flaw in a networking appliance that can allow hackers to gain access to a network without needing a password.
So the risks facing the sector couldn’t be more obvious.
But how to address them?
There are five main areas I believe the property sector needs to be most alert to in this area.
Phishing
This is the number one cyber-security issue facing all businesses in the sector. The clue’s in the name and is a form of fraud which sees a criminal dangle bait in the hope a victim will bite.
The huge amount of communications and transactions which occur on a daily basis in the property market mean staff are stretched and can easily and naively click on a harmful link and expose their businesses to risks.
It’s vital your team knows about phishing – the risks predominantly come from time pressures so make sure your team has breathing space to allow them to think, not rush.
Phone scams known as vishing (voice phishing) are on the rise in the property sector, too. This sees scammers use ‘Social Engineering’ techniques to get hold of your information by phone or use fake text messages containing links designed to persuade victims to share personal information.
Deepfakes
The increasing sophistication of deepfakes and AI poses a new risk. Voice recognition and language models which can replicate written styles make it very difficult to spot the real from the fake. The best way to avoid deepfakes is to be extremely cautious about what information you share online, including photos and data, since this is used to train machines to impersonate. Without that crib of information to work from, you’ll be harder to fake.
Social engineering
These are attacks which manipulate people into sharing information they should not share, sending money to criminals or downloading malware. It has really stepped up in sophistication since the pandemic and what is fast emerging is not just the trickster trying to obtain sensitive information by deception, but physical threats against staff in order to gain access to systems and make payments to unauthorised third parties. Attackers take advantage of human flaws, so invest in your people to keep your business safe.
Lack of budget
An ounce of prevention is better than a pound of cure and that’s never been truer than in cyber security. Budgets are getting squeezed across businesses but slashing money from measures which prevent you from being a victim of a crime, and risking costly fines and negative publicity, is a mistake. I see it across all sectors including in property. The fact is this: the average ransom payment for a breach, along with the remediation costs and lost revenue, is going to be greater.
Lack of Training
As companies battle to keep costs and headcount low, investment in training is currently taking a hit. This means a diminished ability to prevent breaches and a huge lack of ability to respond to a breach when - not if - it occurs.
I’d advise businesses to treat cyber security training like any other kind of essential workplace training or professional development. And don’t be afraid to boast to customers about the investment you make in this area. They may well thank you if you help them avoid falling victim to cyber crime themselves during the completion of a property transaction. The well-known Friday-afternoon fraud has claimed too many victims over the years.
Join the conversation
Be the first to comment (please use the comment box below)
Please login to comment