In today’s digitized business environment, Realtors®, brokerages, associations, MLSs, and mortgage companies store vast troves of sensitive client data on Internet-connected computers and servers. With ever-expanding cybercrimes, protecting data must be a primary mission. Unfortunately, many businesses fail to take preventative measures. So, by the time a breach is discovered, more than half a year passes on average. Most of these breaches—74%—can be traced to human error.
The good news is that with some careful preparation, planning, and implementation, you can secure your data, safeguard your customers, and do your part to lower incidents of data breach and identity theft.
To get started, answer these questions:
What kind of Information Are You Collecting?
Most brokerages collect reams of information from a wide range of sources: including clients, employees, and independent contractors to banks, other brokerages, and contractors. And this data comes from many different channels: emails, electronic payment systems, websites, in-person interviews, and even snail mail.
Where are you storing it?
Once you assess what you’ve got, think about how you’re storing it. Computers and servers; laptops and mobile devices; and cloud storage. Don’t overlook “legacy” tech like discs and even old-school metal filing cabinets.
Who Has Access to that information?
Are any licensees keeping files at home? Take an inventory of everyone who accesses your information, from licensees and employees to independent contractors and clients.
What information do you really need?
To answer that, determine if there’s a legitimate business need for keeping personal information.
If these isn’t, safely dispose of it.
If there is, calculate how long you need to use it, and store it safely while you do. After that, safely dispose of it.
-
Reset your router’s login code
-
Rename the network and create a new password
-
Strengthen your network’s encryption
-
Use Secure Sockets Layer (SSL) when transmitting or receiving credit card info
-
Don’t display your wireless network’s name
-
Update your router’s firmware
-
Limit the number of devices where personal information is stored, and restrict access
-
Don’t allow downloading of unauthorized software
-
Create a guest network
-
Never share sensitive information by email
-
Regularly check us-cert.gov for updates on vulnerabilities
Safely disposing of sensitive information
So, just delete it and done. Right?
Unfortunately, it’s not quite that simple. Conventionally deleted information can often be recovered from the recesses of hard drives and other storage devices. Data destruction software—known less ominously as a wipe utility program—is designed to fully purge electronic data from storage devices. When used correctly, these programs scour all traces of information. Not even sophisticated data recovery software can reassemble it. Many companies offer wipe utilities, so it’s best to consult with an IT professional to determine the right program for your needs.
Legacy Data: Shred. Burn. Repeat.
When it comes to shredding sensitive papers, the finer the better. Think confetti or tiny snowflakes as opposed to linguine. If your office filing cabinets aren’t that crowded, you can likely get by with an inexpensive home-office shredder. For high security, make sure it is a micro-cut shredder that pulverizes paper to tiny bits (great fire starter for barbeques). Not only do these models handle multiple sheets at a time—they can chew up CDs, DVDs, and other relics of the early computer age. You can even toss in that embarrassing Wham! disc you bought back in 1984.
If your paper files are more akin to the National Archives, consider carting them to a professional shredding service. The UPS Store, Office Depot, and many other companies provide fast and efficient shredding and data destruction across the state.
Make a data security plan
Putting together a comprehensive data security plan for a brokerage or association is a complex undertaking. But you don’t have to go it alone. There are innumerable resources to get started. In fact, the Massachusetts Association of Realtors® created a program that has become a national model. You can review it in the National Association of Realtors® (NAR) Data Security and Privacy Toolkit, which is available on the NAR website.
With so many brokerages and associations feeling understaffed and overstretched, the prospect of investing time, energy, and resources in a data security plan can seem daunting. But with the threat of cybercrime growing larger every year, it’s only a matter of time before an unprotected network is compromised. Ultimately, the benefit of securing your clients’ sensitive personal data far outweighs the cost of building a secure network.
*Comparatively, ransomware attacks are a relative bargain, on average it costs from $1 to $2.25 million to restore compromised data systems. Source: 2023 Data Breach Investigations Report from Verizon.