It’s a data-driven world and we’re all living in it. As more companies now rely on digital data to run their businesses more efficiently – the risk for misuse and theft of these important pieces of information is higher than ever. And, with many of us in property management working remotely during the pandemic, we need to make sure our IT systems are protected from a data breach.
A big part of security is the proactive prevention of data loss, theft, and security breach, and it is always better to prevent these from happening instead of mitigating attacks. Preventing a data breach is crucial in property management as sensitive information of customers are regularly collected and used in property management software systems.
Data Breach explained
A data breach is an incident in which information is accessed by an unauthorised person. This unauthorised access can cause data to be stolen, deleted or copied and used maliciously, although simply viewing information not meant for certain individuals is also considered a data breach. An agency’s front desk staff gaining access to the rent roll when this is not part of her role’s responsibilities is an example of a data breach.
How breaches happen
Access to confidential information is typically granted through correct matches of credentials (password and username) and is usually the first step to preventing unauthorized entry to computer systems. However, these credentials can be hacked and/or stolen making a data breach possible.
According to the Australian Cyber Security Centre (ACSC), stolen credentials happen when:
- a user is tricked into entering their credentials into a page that mimics the legitimate site (phishing)
- a brute-force (automated trial-and-error) attack on username and password combinations is performed against a service, if it doesn’t prevent such activity
- a service is compromised, and credentials are stolen and used to access the system or tested against other sites such as social media and email
- a user’s system is compromised by malware designed to steal credentials
Aside from stolen credentials, data breaches can also be a cause of simple human error. Attaching the wrong document, sending an email to the wrong person, providing unauthorised staff a higher security access, etc. can all cause a data breach.
Usual target of data breaches in property management
Data breaches attack any type of digital data stored in your systems. Real estate agencies – whether providing property management services, sales or both – are typically high-risk for breaches as they handle and store confidential information of customers in their portfolio, apart from their own company’s information. For a real estate agency, the following are considered targets for a data breach:
- Customer name
- Date of birth
- Social Security number
- Email addresses
- Mailing or physical addresses
- Phone number
- Banking account number
- Agency’s financial information
Data Breach Prevention Checklist
Preventing data breaches from happening could save your company from thousands of dollars that’s usually associated with recovery and mitigation of a data breach. Prevention also helps reassure your customers that you are handling their information securely.
- Ensure data you collect and store complies to regulations
Data security laws govern consumer privacy and it is important that whatever data you collect from your customers adhere to these regulations. In Australia, the Privacy Act 1988 is the key privacy law that regulates how private organisations, such as real estate businesses, can collect, safely store and disclose personal information.
- Establish a Data Security Policy in your agency
Developing a data security policy is the best way to avoid data breaches in your business. The policy should discuss in detail best practices and procedures that employees should adhere to in safely accessing data. Best practices often include:
- Creating difficult to decipher passwords and changing them often
- Keeping data transfers to a minimum, including use of external hard drives and disks
- Shredding paper files before disposing of them
- Develop email and website access policies to prevent employees from going to untrusted websites
- Using cloud servers as they are encypted and monitored – making them difficult to hack into.
- Create a policy for using devices – whether the agency is providing one for the staff or the staff using their personal device at work.
- Automate data security processes
As previously mentioned, human error accounts for a large number of data breaches. But as these can be easily committed – so too can they be easily avoided. With automation, you can install safeguards such as password update reminders, firewall protection and automated filters in websites and emails to prevent employees from clicking malicious content. You can also implement access notifications in your property management software to alert you when confidential information is being accessed. In Property Tree, for example, a Sensitive Change alert gives a warning to potentially fraudulent activity in the software and has a number of alert options you can choose from.
- Conduct staff training
As discussed above, employees are vulnerable to data breach attacks as they have the potential to click malicious links or download malicious viruses in doing their day to day work. Simply developing a data security plan might be the best way to prevent data breaches, but regular training on cybersecurity is just as important. Training helps your staff develop habits that always put data privacy first in doing their work.
- Encrypt files
Property managers always deal with customer information regularly and send sensitive documents like leases. This makes encryption crucial as it protects sensitive data if documents get sent to the wrong person or stolen. Encrypted data can only be decoded with the associated key – making it difficult to access by unauthorized individuals.
- Use multi-factor authentication
Multi-factor authentication provides additional security especially in remotely accessing business systems. Multi-factor authentication involves users to provide two or more evidence to prove their identity, thereby granting authorized access. This could be providing a security question on top of the password or a One Time Pin (OTP) that gets sent to the authorized individual’s mobile device. Multi-factor authentication is especially important when performing privileged action or accessing a sensitive data repository.
- System accessibility
Only give employees access to files that are necessary for them to complete their jobs. This helps limit the information that can be misused in case a data breach were to happen. In Property Tree, for example, an administrator can grant or limit access to different types of information stored in the system.
- Update software regularly
IT experts recommend keeping all application software and operating systems you use updated regularly. Install patches whenever available as they are necessary to correct bugs in the software. Your systems are more vulnerable when programs aren’t patched and updated regularly.
- Perform system audits
Perform vulnerability assessments once a month or even weekly. Regularly check the security controls and contents of every system in the network (internal and external) to identify threats and be prepared for attacks.
- Backup data
While data breaches often steal information, some simply just delete your data. This makes backups important as it will help you restore the data instead of starting from scratch. Cloud-based property management software has an advantage as it is often the easiest way to back up your files and data off-site, instead of manually performing them.
Protecting your most valuable resource
According to economists, data is now the world’s most valuable resource, making it even more important to protect it. With a solid data security policy and a strategy to implement them in your agency, data breaches can be avoided.
With Property Tree your data is safe from theft or loss on our Microsoft Azure platform. Not a Property Tree user? Book a free demo today to discover the MRI Software difference.