Skip navigation
cyber security illo Getty Images

How Can CRE Professionals Ensure Data Security Amid Lockdowns?

Cyber attacks look set to pick up amid so many professionals working from home.

Data security was already a growing issue for commercial real estate professionals before the COVID-19 pandemic hit. Now, with two-thirds of the U.S. workforce working from home, including most of the commercial real estate industry, it has taken up a new importance.

Fraud, particularly wire fraud and fraud related to payment processing, is a growing issues for the industry. Jonathan Fairtlough, managing director for cybersecurity at Kroll, a corporate investigations and risk consulting firm, says: “I think you will see an increase in the number of breach investigations where the attack vectors are identified as coming from a home system.”

Strong technical controls combined with end-user education can make a world of difference in mitigating its impact, says David Shaw, chief security officer at AppFolio, a property management software. For example, AppFolio uses multi-factor authentication to prevent account takeover attacks and also provides a way to securely share wire instructions.

Lockdowns, which have forced an unprecedented number of professionals to work from home, open up a whole new attack vector, according to Michael Cutlip, CEO of Authoriti, a New York City-based provider of solutions to prevent identity theft and misuse of consumer data. “Most companies today have a remote workforce, but just the number of remote workers has changed because of COVID-19, so a lot of adjustments need to be performed to account for that new increase of usage.”

Data theft is increasingly common across all industries. As the world moves toward a more networked, cloud-based reality, more and more data is stored online. However, some organizations focus so heavily on customer acquisition and revenue generation, they fail to properly protect their customers' data. Data security standards and best practices are constantly evolving, and companies that hold sensitive data should always prioritize protecting the confidentiality of that data, according to Shaw.

“Since COVID-19, there has been a significant uptick in phishing emails and spam to take advantage of people because they are worried. And if they do that, they may potentially download malware. We also see an uptick in threat actors. They are trying to attack the home router,” says Julie Ho, partner at consulting firm Deloitte. “So, it’s not new, but with more and more people working from home, it’s just that if those routers and information are not secured, it just opens up the opportunity for people to leverage that and get into the company’s network and then get into the company’s most sensitive data, where they can get money.”

Malware and phishing campaigns have increased dramatically during the lockdown, according to Shaw. As a result, commercial real estate professionals should be careful about links and attachments they open in emails, and should enable multi-factor authentication whenever they can, he advises.

An increase in all kinds of phishing is likely, especially as people are searching for answers concerning the coronavirus, notes Sarah Hutchins, partner at law firm Parker Poe. For this reason, Hutchins recommends ensuring every system and program is up-to-date, monitoring primary networks and reviewing cyber insurance. In the event of an emergency, Hutchins says know who at your company is responsible for both proactive data security efforts and for overseeing the response when something goes wrong.

“For the company, probably one of the more important things to think about is end-point monitoring and to make sure that people are given systems, or given access to tools that enable them to work remotely but still stay within the protection of corporate systems. So, for example, the use of virtual desktops, the use of virtualization systems such as Citrix, can be a very effective way to allow people access to systems, but still provide them lines of protection,” says Fairtlough. “In addition, endpoint monitoring can become a very effective tool to look for attempts to connect with or log through systems.”

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.