Tandy On Real Estate

Tag

Cybersecurity

Cybersecurity: NAR Email Best Practices

As promised, I will be outlining the National Association of REALTORS® Best Practices from their NAR Data Security and Privacy Toolkit.  The National Association of REALTORS Legal Affairs Department outline the following Best Practices on Email.

Unsecure email accounts are open doors to cyber criminals.  Follow these guidelines to help keep that door securely shut and locked tight.

·        Whenever possible, avoid sending sensitive information via email.

·        If you must send sensitive information via email, make sure to use encrypted email.

·        Never trust contact information in unverified emails.

·        If an email looks even slightly suspicious, do not click on any links in it, and do not reply to it.

·        Clean out your email account regularly.  You can always store important emails on your hard drive.

·        Do not use free wi-fi to transact business.

·        Avoid using free email accounts for business.

·        Use strong passwords.

·        Change your password regularly.

These are quick and easy reminders of good email practices. I cannot emphasize enough the importance of secure email. We are in a very transaction heavy business full of NPPI (non-public personal information), and the information that we share should abide by privacy laws including Gramm-Leach-Bliley Act, should not include NPPI, and must be transmitted via secure, encrypted email. Here is a guide from the Federal Trade Commission on how to comply with the Privacy of Consumer Financial Information Rule. And, as a bonus, here is a webcast offered by the American Land Title Association on Best Practices: Protecting Non-public, Personal Information.

To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
https://www.nar.realtor/sites/default/files/handouts-and-brochures/2015/protecting-from-cyberfraud-handout-2015-11-24.pdf
http://www.realtor.org/law-and-ethics/nars-data-security-and-privacy-toolkit
https://www.ftc.gov/system/files/documents/plain-language/bus67-how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act.pdf

Cybersecurity: Creating strong passwords

Last week I covered two cybersecurity topics Protecting your business and Protecting your cell phone. Today, I wanted to give you a quick tip on how to create strong passwords to help protect your accounts. Strong passwords help to prevent unauthorized users from using your computer, systems and applications. Check out the list of the worst passwords according to Forbes. Hopefully your passwords do not make the list. If they do, the tips below will help you to create a stronger password.

While not fool proof, creating a stronger passwords can help to reduce the chances of becoming a victim of a hacker according to a hacker himself in Advice from a Real Hacker.

  1. Choose a random set of characters that are the maximum that your system will accept. The longer the password, the harder it is to hack.
  2. Use at least 8 characters.
  3. Do not use a dictionary word. Dictionary words are easy to crack.
  4. Do not use your username or name in your password.
  5. Does not use a complete word.
  6. Use at least one of every character type in your password, i.e. uppercase, lowercase, a number and a special character.
  7. Never just use numbers. Don’t use a password made completely of numbers with not uppercase or lower case letter. The 10-digit number key pad do not provide many options for your password, and can be easily broken into.
  8. Use different passwords for different accounts. Using the same password across all of your account is just plain risky. Try varying your passwords, and using a system that works for you.
  9. Create a passphrase for your password where the character limits allow the space.

Remember your strong passwords are only as good as where you store them, so make sure to keep your passwords secure. And, do not leave them by your computer. If you have a hard time remembering all of your passwords, you can always use a trusted password manager. Check out Consumer Reports for more info on password managers, and see PC Magazine for the Best Password Managers of 2017.

Another way to protect yourself is to set-up two-factor authentication.

I hope you find this helpful. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
http://www.inman.com/2015/03/19/awa-access-without-authorization-hacking-and-what-it-means-to-real-estate/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-protect-yourself-from-being-hacked-0157218/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
https://support.microsoft.com/en-us/instantanswers/9bd5223b-efbe-aa95-b15a-2fb37bef637d/create-a-strong-password
https://en.wikipedia.org/wiki/Passphrase
https://www.forbes.com/sites/ygrauer/2017/01/23/2016s-worst-passwords-are-just-as-bad-as-2015s-so-please-tell-me-yours-is-not-on-the-list/#2f0da6f33879
http://www.pcmag.com/article2/0,2817,2456400,00.asp
http://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/
http://www.pcmag.com/article2/0,2817,2407168,00.asp

Cybersecurity: Protecting your cell phone

Where would we be without our smart phones today? You can basically conduct your business via your cell phone. It is amazingly convenient, easy to access and backup, and a powerful efficiency tool. But, it is also not without its security issues.

Today cell phone usage blurs the lines between our personal and business lives. From our contacts, online banking, social media accounts, fitness apps, games to our emails and business applications, our phones house access to our life’s operating system. And, with this they store a mass of sensitive information. The National Association of REALTORS says that, “more sensitive data about you and your work (passwords, credit card numbers, contacts, messages, e-mail) is accessible from your mobile device than any other piece of technology you have. Inman News says that REALTORS are walking around with a bulls eye on their back for hackers.

Here are 6 tips to protect your smart phone from The National Association of REALTORS:

  1. Enable your device’s screen lock and change the PIN regularly.
  2. Experts advise against saving passwords at individual sites, such as Amazon or Chase, because they can become saved deep in your phone’s memory. Instead, use an app designed specifically for saving passwords. Click here to learn about password managers.
  3. Update all your apps regularly. Updates provide needed security patches.
  4. Know and regularly review your phone’s security and permission settings. Have you given Facebook permission to access your e-mail contacts?
  5. Use public Wi-Fi with caution. When you’re on a café’s public Wi-Fi, for example, the café has access to everything you transmit, from text messages to data.
  6. Only download apps from a known app store to avoid apps filled with dangerous pieces of malware that could steal your sensitive data.

And, as a business owner RISMedia advises that you should also have the ability to remote track and wipe smart phones to protect your business.

I hope this is helpful to safeguard your smart phones. To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

SOURCES:
https://www.nar.realtor/articles/legal-you-re-the-ideal-target-for-cybercrime
http://www.inman.com/2015/03/19/awa-access-without-authorization-hacking-and-what-it-means-to-real-estate/
http://rismedia.com/2014/08/07/3-cybersecurity-tips-that-can-pay-off-for-your-business/#close
https://en.wikipedia.org/wiki/Password_manager

Cybersecurity: Protecting your business

REALTORS beware – you are the perfect target for cybercrime
According to The National Association of REALTORS (NAR), “big-name breaches make good headlines, but smaller businesses make easy targets for online criminals. This is partly because many small-business owners believe they are “below the radar” for cybercrime and thus fail to implement safety measures to protect themselves from attack.” There are more than 12 cybercrimes per second. Per NAR, “by 2019, cybercrime will cost businesses an estimated $2 trillion annually.” This post is to help you and your clients to avoid being the next victim.

The dangers of the World Wide Web and specifically, wire fraud
This sounds like a scary headline from 2000 when businesses first started going online. But, now in 2017, the dangers are oh so real. At the REALTORS® Legislative Meetings & Trade Expo in Washington, D.C.  in May NAR General Counsel Katie Johnson identified wire fraud as a “sophisticated scam causing consumers to lose millions of dollars each year.” This according to “The Threat of Wire Fraud is Real” by Erica Christoffer and Graham Wood of REALTOR Magazine. When she asked the audience of real estate professionals if they knew of someone who had been a victim of wire fraud, 1/3 of the audience raised their hand. She then detailed the following:

“Hackers are gaining access to e-mail accounts through captured passwords, and they’ll search inboxes for messages related to real estate transactions, Johnson said. Once they find a victim who’s in the process of buying a home, they’ll send a spoof e-mail that looks like it’s from their agent, title representative, or attorney, and it will say there are “new” wiring instructions, which includes a fraudulent account. The home buyer will then unwittingly wire funds directly into the hacker’s account. Once they send it, the money is gone. Millions of dollars are lost on this.”

MortgageFraudBlog.com gives point in case to Johnson’s scam where fraudulent emails were used to conduct wire fraud and bank fraud from escrow deposits in June 2016 involving three companies and hurting 6 victims with the scam.

How to protect your business
Here are some tips to make sure you take the proper precautions online.

  1. Maintain a data security policy. See samples of policies here.
  2. Maintain a document retention and destruction policy. Identify how long to keep documents and how to destroy the information safely. Be sure to work with your legal counsel to create this.
  3. Notify affected parties of a security breach. Remember immediacy and transparency are key in your communications. In the event of a data breach reference the Federal Trade Commission’s Data Breach Response: A Guide for Business.
  4. Use tech to safeguard personally identifiable information. Implement certain technology-based protections, such as maintaining appropriate firewalls and password controls.
  5. Use strong passwords. Here is how to create a strong password.
  6. Establish procedures for wire transfers and communicate with your clients what to expect in the transaction and what communications they will receive from you. Here are some tips from Clareity Consulting on “Reducing the Risk of Real Estate Wire Fraud”.
  7. And, finally, FOLLOW YOUR POLICIES and educate your associates.

The dangers of free wi-fi
According to KnowBe4, “you should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.” If you connect to free wi-fi that is unprotected, the provider could have access to what you transmit over their network. For example, at the Republican National Convention, attendees were hacked by a fake wi-fi network. Here’s what happened per Stu Sjouwerman,

“The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland. Avast’s team set up several networks, using names such as “Trump free Wifi” or “Google Starbucks,” which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices. Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.”

This is scary business, literally. Lesson learned – Remember to always use a secure network with a username and password, and use a VPN when conducting business. Say to yourself now, “No more free wi-fi – it is NOT worth the risk.”

I hope this is helpful as you work to strengthen your cybersecurity practices. I urge you to download Protecting Your Business and Your Clients from Cyberfraud from The National Association of REALTORS to make sure you have your cybersecurity bases covered. This includes Best Business Practices, Best Email Practices, Best Transaction Practices and Best Damage Control Practices. I will cover these Best Practices in future blog posts, so stay tuned.

To receive updates from Tandy on Real Estate direct to your inbox, please subscribe here.

RESOURCES:
https://www.nar.realtor/articles/legal-you-re-the-ideal-target-for-cybercrime
http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html
https://www.nar.realtor/law-and-ethics/protecting-your-business-and-your-clients-from-cyberfraud
https://blog.knowbe4.com/scam-of-the-week-rnc-attendees-get-hacked-through-fake-wi-fi-networks
https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
http://realtormag.realtor.org/for-brokers/network/article/2016/05/threat-wire-fraud-real
https://clareity.com/wp-content/uploads/2016/08/Reducing-the-Risk-of-Real-Estate-Wire-Fraud.pdf
https://www.rt.com/news/cybercrime-victims-number-grow-427/
https://null-byte.wonderhowto.com/how-to/advice-from-real-hacker-create-stronger-passwords-0156907/
http://www.mortgagefraudblog.com/exclusive-criminal-complaint-concerning-fraudulent-emails-diverting-escrow-deposits/

 

Cybersecurity: Protecting your children online

As a technologist, I am fascinated by bringing our businesses online to create efficiencies and with this, our obligation to provide cybersecurity. In my first blog post on cyber security, I talked about cyber breaches. In my second blog post today on cybersecurity, I would like to talk about our jobs as parents to protect our children in a changing social world. In future posts, I will be covering how you can protect both yourself and your business. Stay tuned to Tandy on Real Estate for these.

According to Shakespeare, “the world is our oyster”, or so it seems now that pretty much anything and everything is available online – whether it is a fact, or as we hear so much of now, an “alternative fact”. What we should remember is, in our world of immediate access, we still need to protect ourselves, and most importantly, our children.

The first thing to remember when approaching cybersecurity is that anything placed online CANNOT be permanently deleted. It will always be online. The “International Information Systems Security Certification Consortium” (ISC2) states that, “anything posted or sent through the Internet is impossible to fully remove.” It is our duty as parents to communicate this to our children, and to help them to build healthy online habits that will protect them as they grow up in their social world.

Here are few tips for child safety from ISC2 and the social networks themselves:

1.       Get to know the social networks. Research these social networks, and remember to include your children in the research process.

a.       Facebook – Facebook’s Parent’s Portal on Safety@Facebook

b.       Instagram – Instagram’s Tips for Parents

c.       Twitter – Twitter Tips for Families

d.       Vine – Tech Guide for Parents on Vine

e.       SnapChat – Snapchat Safety Center

2.       Realize there are age requirements to most social networks and respect these rules- they are in place for a reason.

3.       Make parental approval of social groups or networks part of your house rules.

4.       Talk about what is an acceptable and respectable post.

5.       “Friend” or “follow” your kids so you can check in on their social media activity. You don’t have to participate, just take a look as often as possible.

6.       Data provided to a social network is stored and, most of the time, it is shared by default. Ensure your child’s profile is set to Private. Go into settings and help them adjust the default controls.

These are just a few tips for parents. The biggest part is to start the conversation with your children about social networks, their privacy and how they can participate in the online conversation safely.

Here are a few tips on getting the conversation started 

To receive more Tandy on Real Estate updates direct to your inbox, please subscribe.

SOURCE:
https://safeandsecureonline.org/parents-guardians/
https://safeandsecureonline.org/wp-content/uploads/2016/04/Social-Media.pdf
https://www.facebook.com/safety/parents
https://www.facebook.com/safety
https://www.facebook.com/safety/parents/tips
https://help.instagram.com/154475974694511/
https://about.twitter.com/safety/families
http://www.techguide4parents.com/what-is-the-vine/
https://www.snapchat.com/safety/
https://iamcybersafe.org/

 

 

© 2017 Tandy On Real Estate — Powered by WordPress

Theme by Anders NorenUp ↑