As brokers, you’re well aware of the need for risk management strategies to protect your business, agents and clients from legal liability. No doubt you have errors and omissions insurance, and have taken steps to guarantee compliance with antitrust laws; yet, in this era, with more and more business conducted electronically, do you think you’ve done enough to mitigate potential digital threats? Due to the amount of personal information and large sums of money exchanged in the course of real estate transactions, the real estate industry is a particularly attractive target for cyberattacks.
Without proper data security protocols in place, your business is vulnerable to a variety of potential risks. Your clients are at risk for identity theft should their personal information fall into the wrong hands, and your and your clients’ money is at risk if a criminal gains access to information that allows them to perpetrate wire fraud or impersonation scams. Increasingly, your data and finances are at risk from potential ransomware attacks in which hackers gain control of your machine until a sum of money is paid. You also run the risk of legal liability if a data breach of any kind occurs at your brokerage.
Fortunately, there are steps you can take to safeguard your data against these risks. First, consider the essential need to protect your clients’ privacy. Understand your state’s requirements before creating a privacy plan, as state laws govern not only what constitutes Personally Identifiable Information (PII), but also specify how the information is collected, used, stored and destroyed. While the details of privacy laws may vary, it’s always good practice to communicate your office’s privacy plans with clients. They entrust you with their sensitive data and deserve to know what you’re doing to protect their information. Should a data breach occur, it’s critical to have a plan in place for notifying your clients immediately. Transparency in all aspects of caring for client data not only reduces potential liability, but also contributes to the sense of trust between agent and client.
The National Association of REALTORS® (NAR) recommends following the Federal Trade Commission’s (FTC) key principles for data security: take stock, scale down, lock it, pitch it, and plan ahead. Essentially, these principles provide a framework for managing your data in accordance with best practices.
In addition to these five principles, there are some basic security practices that any business owner should keep in mind. Require strong password security throughout your business systems, employ firewalls and antivirus software, and always use platforms with strong encryption capabilities to transmit sensitive information. Finally, your best defense against the risk of cyberattacks is education. Be sure your agents are aware of the dangers of poorly secured data and understand your company’s privacy and data security policies.
For further reading on the subject, NAR has put together a collection of educational tools and resources, including the NAR Data Security and Privacy Toolkit, all available at NAR.realtor. In addition, the FTC’s website, FTC.gov, has a wealth of articles and guidelines aimed at helping business owners understand how to protect their data. Educate yourself and your agents, develop privacy policies and commit to strong data security strategies, and you’ll be well prepared against digital risks.
Marc Gould is vice president, Business Specialties, for NAR and executive director of REBAC. A wholly-owned subsidiary of NAR, The Real Estate Buyer’s Agent Council (REBAC) is the world’s largest association of real estate professionals focusing specifically on representing the real estate buyer. With more than 30,000 active members, REBAC awards the Accredited Buyer’s Representative (ABR®) designation to REALTORS® who work directly with buyer-clients.
For more information, please visit REBAC.net.
For the latest real estate news and trends, bookmark RISMedia.com.