When a bar patron “accidentally” bumped into Denver resident Taiya Andrews, she didn’t think much about it. Only later did she realize her cellphone had been stolen from her purse. Unfortunately, the theft of an expensive electronic device was just the beginning of her loss.
Using the phone to gain access to Andrews’ bank account, the thief withdrew $12,000. Andrews told KSHB-TV that it took countless hours to get the money back. “It can definitely snowball into a whole bigger thing than you ever thought,” said Andrews.
Of course, it could have been worse. What if the victim in this case had been a real estate agent with sensitive client information on her phone?
The stolen device could have been used to access hundreds of clients’ data — sensitive information that could have been used for identity theft or phishing attacks designed to intercept funds during closing. The loss of reputation and liability for the agent would have been devastating.
Because busy agents do most of their work away from their office, they need to take special care to safeguard their devices and the sensitive data they contain.
Mobile device and data theft is not just a problem in the Mile High City. Police departments from San Diego to Chicago are reporting an uptick in mobile phone theft.
Because real estate transactions require the transfer of large amounts of money, the industry is a top target.
According to recent research by cybersecurity firm Proofpoint, real estate is the second most-targeted business sector by cyber criminals, just a few percentage points behind biotech.
To make matters worse, many agents are relatively unaware of the risks they’re exposed to and the steps they need to take to keep sensitive data safe.
Natalia Karayaneva, CEO of real estate tech firm Propy, says that agents generally don’t know how to use digital tools safely. “Email, Dropbox, Google Drive. They don’t know how to use them properly to not expose their customers to fraud risk. Wire fraud. Title fraud. So I think the industry should be paying more attention to cyber security.”
Dotloop Senior Director of Engineering Dirk Koehler agrees that cyber security is something the real estate industry should be taking very seriously, particularly with the rise in online crime in general. “It’s a constant battle in this ecosystem,” he says.
All online platforms that store customer data are potentially at risk from hackers looking for usable information. Due to this and the fact that the real estate sector is an especially popular target, dotloop has taken extensive measures to protect client data.
For example, usernames and passwords are never stored on the site as plain text and, because of the encryption dotloop uses, they could not be paired even if they were accessed.
To prevent undetected abuse from within the system, information on each user session is captured, including their IP address, and can reveal if a user who has not signed in has accessed the document.
Additionally, links sent out in emails to transaction documents expire after 30 days, creating a safer experience than emailing a PDF for eSignature, which cannot be recalled once it’s sent.
Dotloop also leverages a bug bounty program to work with “friendly” hackers who can help identify any potential vulnerabilities in the system before they could be exploited externally.
All mobile phones and tablets used for business should be password-protected. Even better, use biometric authentication, such as a fingerprint or face scan, which cannot be replicated. Biometrics also make a strong password for apps.
Use a password manager to generate and store a different password for every account.
Know which data and apps are on a device and remove any apps that are not necessary for business. While the user may see a functioning app, like a flashlight or game, in the background, the program may be secretly sending information to a third party. Domingo Guerra, co-founder and president at mobile security firm Appthority, refers to these apps as “hospital gown” threats. The programs appear to be legitimate upfront and are even distributed in the major app stores, but they have a security gap in the back end. To be sure, only install apps from reputable developers and services, such as the Apple App Store and Google Play.
Be aware of who is around you when you’re on your phone. Restaurant table tops are a favorite place to snatch phones. If you carry a purse, keep your phone zipped inside when not in use, and be aware that many purses are snatched in hopes of getting a wallet and cell phone.
That free WiFi at the coffee shop is tempting because it allows you to use data without tapping into your wireless plan. But in most cases, these networks are not secure, so it’s best to avoid when accessing accounts with sensitive information, such as your business email, transaction platform or financial accounts.
Additionally, public WiFi networks are open to “man in the middle” hacks, where a thief uses a portable device to fool you into logging onto a legitimate looking network, which can be used to intercept every piece of data coming to and from your device.
Be cautious about charging your devices at public USB ports. Data thieves can use these ports to place malware on your phone and harvest sensitive data.
Plan ahead for the loss or theft of a device, so you’ll be ready to quickly shut off access to your accounts and block the retrieval of sensitive data from your phone.
If you have an iPhone, set it to delete data after 10 incorrect attempts to enter the passcode.
Have the “find my phone” function activated so you can track your missing device.
Create a plan for quickly changing the passwords to your email accounts and any other accounts in which a thief could access financial or other sensitive information.
Finally, alert your wireless provider that your phone was stolen. The Federal Trade Commission recommends that you make this call as soon as you know your device is missing. Your phone company can permanently or temporarily disable the SIM card to stop someone from using the device for calls or the internet. It helps too if you have a record of your phone’s serial number or IMEI number (a unique identifier for your phone).
The major mobile phone makers such as Apple, Samsung and LG release operating system updates that provide protection against the latest malware threats. By keeping your device updated, you’ll increase your chances of staying safe.
When an agent’s entire business is run off their phone, it’s especially important to have it backed up often and preferably automatically. That way, if the phone goes missing, the agent can quickly transfer to a new device without an interruption in business.
Archive photos, videos and other irreplaceable data externally, such as in the cloud, which will free up space that your cellphone may require for upgrades.
Data security is important for both agents and their clients. As you explain the buying or selling process to a client, use the opportunity to educate them about precautions they should be taking to keep their data safe.
A good place to start is the security of their email accounts. Research has shown that most people use weak or duplicate passwords on their personal accounts, which can be easily absconded through spoofing or social engineering, such as when a scammer poses as a trusted contact.
Many people do not realize that once a cyber criminal has their email username and password, the thief may be able to gain access to their other accounts through password reset requests.
While the dotloop platform does not require clients to enter financially sensitive information like credit card or social security numbers, dotloop takes data security and safety very seriously. Our security team maintains industry-standard safeguards against data incursions. Working through the platform, agents can be confident that their sensitive information will be safe from hackers and securely archived.
Lastly, dotloop customers own the data they put on the platform. This includes all customer data, from user information to transaction data. Dotloop doesn’t share it with other Zillow entities without an agent’s permission and won’t disclose customer information except as required by law. Check out our Data Privacy Guarantee to learn more.
Play it safe — use the industry’s secure end-to-end transaction solution, practice good password protection habits and “think before you app” to keep your most sensitive data protected.