Photo of Ron Rockovich Rockovich: “The general public . . . doesn’t necessarily know the difference between a third-party portal and one sponsored through a bank.”

NEW YORK CITY—You and your company are under attack—your records, your bank accounts, your very identification. And you are under attack at your most exposed flank: your computer and electronic devices. All sorts of hackers are out to scale your firewall with malware to steal your money and your information. What’s even worse, the threat is growing daily as those hackers figure out ways to breach the latest in software defenses, remaining one step ahead of you and your commercial real estate company’s funds.

According to the experts at PNC Real Estate, there is one nearly surefire defense against this insidious invasion: your own awareness, something PNC states it takes very seriously. More on that shortly.

Much to Lose

Clearly there is a lot of risk to go around. “There are two end-users at potential risk here,” says Ronald D. Rockovich, national sales executive for PNC’s Treasury Management Real Estate group. “There are the clients with whom we work directly and, in turn, their clients, the ultimate end-user.”

For both, the potential losses are many—and as important as it is, they extend far beyond the loss of capital. For sure that’s there, but it’s also “reputational,” adds Daniel Mullinger, an EVP for PNC Real Estate. He points out that, once the security wall is breached, so is the trust factor between client and provider.

Photo of Daniel Mullinger Mullinger: “Always know who’s on the other end of the line.”

Transactions of this sort are based in the assumption of security. “Through social engineering, someone might gain access or cause the company to send a wire transfer because the user thinks it’s a legitimate transaction, so loss of funds is certainly one of the risks,” explains Rockovich. “But so is your personal information, what is referred to in the industry as PII—personally identifiable information.” Essentially, your identity goes away along with the entrusted capital.

Upside/Downside

For real estate companies, two of the most common sources of cyber threat are from financial technology (FinTech) firms and in particular payment portals, neither of which are always what they appear to be.

The upside with both entities, portals and FinTech, is also the downside, namely the ease of accessibility. “The general public—which includes the real estate corporations that might be using these services in their business—don’t necessarily pick up on the difference between a third-party portal and one that might be hosted or sponsored through a bank,” says Rockovich. “The fact is that the third-parties aren’t regulated, so even though they have the technical ability to process transactions, they may not have the standards or levels of security that a regulated financial institution provides.”

For instance, a tenant attempting to pay rent may believe she or he is on the branded website of the ownership REIT, a recognizable and established name, when in fact the payment process has been contracted out to a third party, possibly without the safety measures in place on the host site.

That third-party might be totally on the up-and-up, but more vulnerable to hacking because of the lack of regulation, or the lack of capital needed to put the proper safeguards in place.

Ditto the financial tech firms, unregulated and with capital structures that are, let’s say, different than what you might expect. “A lot of the time they co-mingle funds,” says Rockovich, “which means they’re doing processing for multiple companies and pooling all of those funds.” In the event of fraud, all pooled accounts are equally at risk.

Embrace Vigilance

So the big question looms: What are the responsibilities of both the end-user and the banking institution with which they work? First, says Rockovich, for the end-user, “make sure you’re doing your homework and you know with whom you’re working.”

And be vigilant, adds Mullinger, to the point of suspicion. Rockovich agrees: “Always be suspicious of someone who’s requesting information of you, whether it be through an email or phone call. Along with that, don’t be afraid to ask questions. If you think something isn’t right, make sure you’re asking questions.”

He adds that a simple online test of assuring who is engaging you is to mouse over their URL. Doing so will produce “another address, and that’s the actual address of the firm you’re dealing with.” If it’s not familiar, alarms should sound.

And of course, despite the high-tech nature of the conversation, there are low-tech precautions you can take, such as updating your password regularly and keeping your list of passwords in a secure place—preferably not on your device.

That’s sound advice for any end-user. All parties need to be cautious. “Banks are in the thick of it,” says Rockovich, “and it’s in our best interest to make sure people are educated, more suspicious and more vigilant.”

“It’s sad, but you can never let your guard down,” adds Mullinger. “Probably the most important advice we can give is to maintain a good relationship with your banking institution, get to know your relationship team, and make sure that they know you. That way, if your company has an incident, all parties can move as fast as possible to resolve a situation. Always know who’s on the other end of the line.”

PNC General Disclosure

About Daniel J. Mullinger

Daniel J. (Dan) Mullinger is an Executive Vice President of PNC Real Estate, a division of The PNC Financial Services Group. As the Western Region Executive of Real Estate Banking, he helps deliver lending and banking products for commercial real estate companies located in the Midwest, Southwest and West Coast markets.

Mullinger has 22 years of commercial banking and real estate experience through prior roles with two large regional banks. He joined National City in 2005 and led the real estate banking integration after the bank was acquired by PNC. He has served in his current capacity since 2009.

Mullinger graduated from the University of Cincinnati in 1991 with bachelor of science degrees in accounting and finance. He earned his master’s degree in business administration from The John Carroll University’s Boler School of Business.

He is a board member for the Northeastern Ohio Arthritis Foundation Chapter & Notre Dame Schools in Chardon, Ohio. Industry affiliations include the Mortgage Bankers Association Senior Lender Roundtable, National Association of Industrial and Office Properties, the International Council of Shopping Centers and Urban Land Institute.

About Ron Rockovich

Ron Rockovich currently serves as the National Sales Manager for PNC’s Treasury Management Real Estate group. His responsibilities include managing a team of sales officers, analysts and account managers within the PNC footprint as well as throughout the United States and Canada. He oversees the sales plan, strategic direction and growth and development of the team.

Rockovich has more than 24 years of experience in the retail and corporate banking sectors focusing on sales and client care and has covered the real estate sector in various capacities for the majority of that time.

He graduated from John Carroll University with a bachelor of science degree in finance.

Rockovich is a current board member of the Edgewood Club and previous member of the planning commission for the Borough of Edgewood. He is also a current member of the Association for Financial Professionals.