According to a Gallup poll, 27 percent of Americans said that their credit card information had been stolen at least one time during the past year, and 11 percent said that their computer or mobile device had been hacked or accessed without authorization.
A breaking news tidbit is that Uber, the taxi app company, finally admitted that its client database was hacked last May. They didn’t know they’d been hacked until the middle of September. They didn’t admit they’d been hacked until the end of February. Why their admission was ten months in the making, I don’t know. Perhaps the executive team at Uber will eventually answer that question, or perhaps not — I’m betting on “not.”
We can add Uber to the most recent HBH (has been hacked) roster, which includes: Adobe Systems, Anthem, Apple iCloud, AT&T, Bartell Hotels, Community Health Systems / Tennova, Dairy Queen, eBay, Epsilon, Evernote, Global Payment Systems, Goodwill Industries International, Google, Home Depot, Jimmy John’s, JP Morgan, Kmart, Michaels Stores, Neiman Marcus, P.F. Chang’s, Sony, Staples, Target, Twitter, U.S. Postal Service, Uber, UPS, White Lodging – Marriott & Hilton & Sheraton & Westin, Yahoo, Zappos, etc., etc., etc. — the list goes on.
These companies are not Aunt Pixie’s Pie Emporium. They should protect their clients’ information. They do not; some because they are incompetent, some because they are uncaring, some because they are cheap, and some because they are incompetent, uncaring and cheap all at once.
“Yeah, fine,” you say. “But what does this have to do with the real estate business?”
Plenty, especially since Tuesday, Dec. 2, and Thursday, Dec. 18, 2014.
On Dec. 2, U.S. District Court Judge Paul A. Magnuson ruled that banks can sue Target for the 2013 credit card hack. “Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur. Indeed, Plaintiffs’ (the banks’) allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”
And then on Dec. 18, U.S. District Court Judge Paul A. Magnuson ruled that consumers can sue Target for the 2013 credit card hack: “Plaintiffs’ (the consumers’) allegations plausibly allege that they suffered injuries that are ‘fairly traceable’ to Target’s conduct.”
And now, all you agents, brokers and owners reading this, here is a brief exercise: Substitute your own name for “Target” in the above paragraph, and read it over a couple of times. Then, substitute your company’s name for “Target” in the above paragraph, and read it over a couple of times. Go ahead. Do it. I’ll wait.
In the process of representing a client as he or she buys and sells real estate, you acquire quite a lot of personal information: name, address, social security number, employment information, annual income, list of assets, checking account information, savings account information, stocks and bonds owned, real estate owned, businesses owned, automobiles owned and more.
That is the exact information the evildoers are after. Should the bad guys get that information and use it, and if the security breach is traceable to you, the client can haul you and your expensive lawyers into court. Also, if the mortgage lender feels its good name has been damaged by your lack of security, the lender might haul you and your expensive lawyers into court even quicker than your aggrieved client.
You’re walking around with a bull’s eye on your back. The hackers, the phishers, the spammers and the black hats are coming after you with all their weapons because, my friend, you have the information that they want. You are an easy mark. You are low-hanging fruit. You will be plucked unless you protect yourself and your clients and their personal information.
Rather than give you a list of “The Top Ten Tips to Protect Yourself from Hackers,” I will give you two articles to read and one piece of advice.
Article 1: How to hinder the hackers
Article 2: Create stronger passwords
Advice: I spent 20 years working for a petroleum engineering firm writing code and analyzing data. We handled large amounts of sensitive and confidential information from oil companies, banks and private investors. During those 20 years we did not have one breach of security because not one of the firm’s computers was connected to the Internet. The computers could only be accessed by the engineers and analysts sitting at the keyboards in the office.
Additionally, I spent 10 years working for an employee benefits company. We handled large amounts of sensitive and confidential information from our clients. During those 10 years we did not have one breach of security because all of our client data was stored in a computer that was not connected to the Internet or even to our internal office network. The computer could only be accessed by an agent or staff member sitting at the keyboard in the office.
Any managers or brokers or owners of real estate firms reading this should follow that lead. Take one computer in your office, disconnect it from the Internet, disconnect it from your office’s internal network, and place it in view of the person running the office. Use that Internet-free machine to store whatever client information you and your agents need to use during the buying or selling process. Once the transaction is complete, remove that personal information from the hard drive. If you feel compelled to retain that information, then put it on a portable storage device, and keep it under lock and key in the broker’s office.
The felons will come at you via the Internet; no Internet equals no access.
David Redic has worked as a programmer, data analyst, website builder, IT Director, tech writer, copy editor and educational film maker. He’s currently the webmaster at Berkshire Hathaway HomeServices – Kovack Realtors, and he also blogs about wine.