How To Protect Client NPI in a Real Estate Transaction

When it comes to security, industries rarely learn from the mistakes of others. Banks were the first major target of hackers — and as an industry, they learned to secure their data. Yet, not every industry did — meaning that cyber criminals simply moved onto other industries, like retail, where security was still relatively poor. After retail locked itself down, hackers moved on again — choosing to target both government and the healthcare industry.

Now that those sectors are paying attention, hackers are moving on to their next target: real estate agents. Most real estate companies store a wealth of financial data that can be used by the bad guys to steal your clients’ Non-public Personal Information (NPI) — and even their money. Don’t want to put your customers in jeopardy? Here’s how to protect them:

The Threat to Realtors

Real estate companies have been hit by an increasing number of recent attacks. Some of these are sophisticated ploys, such as email phishing scams attempting to trick buyers into wiring money to cyber criminals. However, most attacks simply take advantage of sloppy realtor security.

Stolen laptops with unsecured financial data, intercepted emails, and other crimes of opportunity can give identity thieves access to your clients’ financial and personal information, which can be used to scam your clients and harm their credit. Failing to protect client NPI can subject real estate agents to costly CFPB compliance penalties, but more importantly, it can trash your reputation and alienate your clients.

What Protecting NPI Entails

Protecting NPI, like social security numbers or bank information is an important part of maintaining CFPB compliance. To help agencies better equip themselves to protect sensitive consumer data, the American Land Title Association (ALTA) has issued a number of guidelines surrounding NPI best practices:

    • Restrict access to NPI only to those who need to access it, when they need to access it. Also ensure that all employees undergo background checks before being granted access. After an agency no longer has reason to access the data, it should be disposed of thoroughly.
    • The use of removable data devices, like thumb drives, should be either prohibited outright or strictly controlled via an organization-wide policy.
    • NPI should only be delivered via secure methods (so if you’re emailing NPI in any form, you should be using an email encryption service like Virtru).
    • Create a disaster management plan in case things go wrong. This could be as straightforward as a security breach, or even just a server or network failure that impacts business continuity.
    • Establish and follow procedures to audit your organization for CFPB compliance, and review those procedures to ensure that the audits themselves don’t leak NPI.
    • Ensure that your agency is well-informed of your state’s security breach notification laws, and is prepared to follow them in case of a data leak.

Online Encryption Tools to Protect Client NPI

Encryption scrambles data, using a string of character called a cryptographic key. Even if a hacker intercepts the data, they can’t read it without the key. Secure email from Virtru makes it easy to protect confidential communications with clients. You’ll be able to encrypt emails and attachments at the click of a button, and communicate securely with client — even if they don’t have Virtru.

Virtru Pro adds features to give you more control of your email. You can rescind messages (even after they’ve been read), set time limits on email and disable forwarding to prevent clients from sharing sensitive information.

Virtru DLP allows you to protect client NPI from accidental disclosure across your whole organization, using customizable rules. You can pop up warnings before workers send emails with social security numbers or other protected information, automatically encrypt messages, strip attachments to stop workers from sending sensitive data outside the organization, and more.

With Virtru Google Apps (now known as G Suite) Encryption, you can keep stored documents safe as well. It automatically integrates the entire Google Suite, allowing you to secure internal spreadsheets and reports, as well as external client documents. It also makes it easy to control access, decreasing the risk of exposing sensitive documents by ensuring only the people who need them can read them. To see Virtru in action, watch this comprehensive product tour:

Protect Client NPI — and your reputation. Your real estate clients put a lot of trust in you. A hacker can undermine that trust, harming your reputation and your bottom line. A single data breach can damage your clients’ financial future, and your bottom line. Download Virtru Pro today, to provide peace of mind to your business and your clients.

Subscribe to Our Newsletter

Connect With Us

Dive Deeper