From the largest real estate firms to private owner/sellers, realtors face a range of cyber security threats. Data breaches in the United States cost an average of $213 per record — the highest in the world — and that doesn’t count customer churn, reputation damage, notification and other ancillary costs (and other types of security incidents can be even more costly).
Although threats like hackers, malicious insiders and simple carelessness put all industries at risk of cyber security incidents, but there is special cause for concern in real estate.
How Hackers Threaten Real Estate Security
A recent CFPB cyber security enforcement shows the organization is getting ready for more aggressive action, and the real estate industry isn’t ready — a fact that hackers have already learned. Cyber thieves have started to hack realty accounts and pose as realtors, to steal mortgage funds directly from clients.
This can cost your client hundreds of thousands or even millions, wreck their finances along with your reputation, and embroil you in a costly lawsuit. And with the sheer volume of communication required by TILA-RESPA Integrated Disclosure, there are more opportunities than ever for hackers to impersonate you and steal your clients NPI or funds.
Why Email Encryption is a Realtor’s Best Friend
When an unencrypted email is sent across the Internet, anyone can intercept and read it along the way. To protect client NPI, email encryption scrambles the email and attachments, using a sequence of characters called the key. The encrypted email can only be decrypted and read by the recipient, preventing third parties from stealing it en route.
Email encryption allows you to send secure messages and files to clients, mortgage brokers, lawyers and anyone else involved in real estate transactions. This facilitates CFPB compliance by allowing you to communicate quickly without risking a breach.
What Other Security and Compliance Tools do Realtors Need?
Email encryption protects your messages, but not your account itself. Realtors need to abide by email security best practices, such as using strong passwords and multi-factor authentication — a system that requires an extra piece of ID in addition to the password to access the account.
When deciding on the best secure email service, consider ease of use and interoperability, along with strength. Many email encryption programs are difficult to use, and most can’t send messages to recipients who don’t have the same encryption, making them impractical for communicating with clients and others outside your organization. Choosing CFPB compliant email encryption that works with everyone greatly reduces security risks.
Some email encryption plugins also come with additional features that can facilitate security and compliance. The ability to recall an email before or after it’s been read can be a lifesaver if you accidentally send financial data to the wrong recipient.
Combined with read receipts — a tool that indicates whether the recipient has opened the email — this is an even more powerful breach remediation tool. You can quickly rescind a non-compliant message, and then prove it hasn’t been opened, eliminating the need for breach notification. Read receipts also helps prove compliance with the Three-Day Closing Disclosure Rule, and other regulations that require client notification.