Is Your Data Leaking?

By MNR News posted 04-17-2024 11:57 AM

Cybercrime is getting worse. And most businesses don’t know they’ve been hit until it’s too late. Fortunately, there are practical ways to safeguard sensitive data.
On the morning of October 31, 2023, millions of Americans fell prey to a malicious Halloween trick when their critical personal information was hacked from the networks of Mr. Cooper, one of the nation’s largest loan servicers. Unauthorized access began as early as October 30 and continued through November 1 before Mr. Cooper—formerly Nationstar Mortgage—managed to contain the breach.

Armed with the names, addresses, phone numbers, birth dates, bank account numbers, and Social Security numbers of more than 14 million people, the cyber thieves were poised to perpetrate identity fraud on an epic scale. As of early 2024, no parties had been apprehended for the crime. And the chances of doing so are vanishingly slim. The World Economic Forum estimates the likelihood of identifying and prosecuting a cybercriminal in the United States is a little over 0.05%.

Although the breach at Mr. Cooper was larger than many cybercrimes, it was the tip of the iceberg compared to the sheer numbers of hacks and attacks that occur every year. The Theft Resource Center reported that the data of over 2,100 organizations was compromised in 2023. According to an analysis from IBM, the average organizational cost of a data breach has risen to $4.45 million*. Ultimately, average citizens pay a steep price. The Federal Trade Commission stated that it received over 1 million reports of identity theft in 2022.
In today’s digitized business environment, Realtors®, brokerages, associations, MLSs, and mortgage companies store vast troves of sensitive client data on Internet-connected computers and servers. With ever-expanding cybercrimes, protecting data must be a primary mission. Unfortunately, many businesses fail to take preventative measures. So, by the time a breach is discovered, more than half a year passes on average. Most of these breaches—74%can be traced to human error.  
The good news is that with some careful preparation, planning, and implementation, you can secure your data, safeguard your customers, and do your part to lower incidents of data breach and identity theft. 
To get started, answer these questions: 

What kind of Information Are You Collecting?
Most brokerages collect reams of information from a wide range of sources: including clients, employees, and independent contractors to banks, other brokerages, and contractors. And this data comes from many different channels: emails, electronic payment systems, websites, in-person interviews, and even snail mail. 

Sensitive information can include, but is not limited to: 

  • Address 

  • Checking account information 

  • Credit card numbers 

  • Credit history 

  • Driver’s license numbers 

  • Email addresses 

  • Medical information 

  • Health insurance information 

  • Mortgage applications 

  • Names 

  • Passport numbers 

  • Phone numbers 

  • Social Security numbers 

  • Tax IDs 

Where are you storing it?
Once you assess what you’ve got, think about how you’re storing it. Computers and servers; laptops and mobile devices; and cloud storage. Don’t overlook “legacy” tech like discs and even old-school metal filing cabinets.  

Who Has Access to that information?

Are any licensees keeping files at home? Take an inventory of everyone who accesses your information, from licensees and employees to independent contractors and clients. 

What information do you really need?
To answer that, determine if there’s a legitimate business need for keeping personal information. 

If these isn’t, safely dispose of it. 

If there is, calculate how long you need to use it, and store it safely while you do. After that, safely dispose of it. 

Storing Data Safely

Electronic Information 

  • Reset your router’s login code 

  • Rename the network and create a new password 

  • Strengthen your network’s encryption 

  • Use Secure Sockets Layer (SSL) when transmitting or receiving credit card info 

  • Don’t display your wireless network’s name 

  • Update your router’s firmware 

  • Limit the number of devices where personal information is stored, and restrict access 

  • Don’t allow downloading of unauthorized software 

  • Create a guest network 

  • Never share sensitive information by email 

  • Regularly check for updates on vulnerabilities 

Safely disposing of sensitive information

Deleting Electronic Data 

So, just delete it and done. Right? 

Unfortunately, it’s not quite that simple. Conventionally deleted information can often be recovered from the recesses of hard drives and other storage devices. Data destruction software—known less ominously as a wipe utility program—is designed to fully purge electronic data from storage devices. When used correctly, these programs scour all traces of information. Not even sophisticated data recovery software can reassemble it. Many companies offer wipe utilities, so it’s best to consult with an IT professional to determine the right program for your needs. 

Legacy Data: Shred. Burn. Repeat.
When it comes to shredding sensitive papers, the finer the better. Think confetti or tiny snowflakes as opposed to linguine. If your office filing cabinets aren’t that crowded, you can likely get by with an inexpensive home-office shredder. For high security, make sure it is a micro-cut shredder that pulverizes paper to tiny bits (great fire starter for barbeques). Not only do these models handle multiple sheets at a timethey can chew up CDs, DVDs, and other relics of the early computer age. You can even toss in that embarrassing Wham! disc you bought back in 1984. 

If your paper files are more akin to the National Archives, consider carting them to a professional shredding service. The UPS Store, Office Depot, and many other companies provide fast and efficient shredding and data destruction across the state. 

Make a data security plan
Putting together a comprehensive data security plan for a brokerage or association is a complex undertaking. But you don’t have to go it alone. There are innumerable resources to get started. In fact, the Massachusetts Association of Realtors® created a program that has become a national model. You can review it in the National Association of Realtors® (NAR) Data Security and Privacy Toolkit, which is available on the NAR website. 

With so many brokerages and associations feeling understaffed and overstretched, the prospect of investing time, energy, and resources in a data security plan can seem daunting. But with the threat of cybercrime growing larger every year, it’s only a matter of time before an unprotected network is compromised. Ultimately, the benefit of securing your clients’ sensitive personal data far outweighs the cost of building a secure network.  

*Comparatively, ransomware attacks are a relative bargain, on average it costs from $1 to $2.25 million to restore compromised data systems. Source: 2023 Data Breach Investigations Report from Verizon. 

 To read this article in the March/April digital issue of The Minnesota Realtor® Magazine, click here.