NEW YORK CITY—Cybersecurity and security in general are critical areas of focus for real estate companies. You may be confident that your IT department has implemented the right tools, such as a strong antivirus, antimalware and firewalling policy. However, if you have not trained your staff thoroughly and repeatedly, your company is only slightly secure. As is increasingly proven, there is no hole in security quite as gigantic as the one created by the users themselves.
As technology advances, real estate firms of all types face a variety of security issues. Real estate private equity and investment firms generally have been prompted by the regulatory environment to step up investment in technology security, and to integrate security management into the culture. In the age of the Internet of Things, property managers now have to secure commercial real estate infrastructure.
At the owner and asset management level, ensuring that a building operator or manager has the qualifications to run a technologically-enabled building is critical to ensuring the viability of the investment. And with the ability to access new data sets through “big” data, every company is dealing with the complexity of harnessing, analyzing, integrating and protecting increasing amounts of information.
Even when there is solid training in place, ransomwear protection and a mobile device management platform, there is nothing that can prevent an end user from being socially hacked. A social hack can be intentional or it can be opportunistic. An intentional hack, of course, can be far more devastating. Here are three tips that can help you—and your employees—safeguard your company.
Be vigilant about passwords. If users are accustomed to scribbling their passwords on paper and leaving them in view on their desks, they are opening a door to a social hack. A visible password is offering anyone who happens by an opportunity to get curious. Malice is not even required to generate a truly awful situation in which client or other sensitive data is accessed with an illicit password and exposed.
Users must be trained to handle common threats like phone calls from “the Windows department” asking for passwords, not to mention credit card numbers. They should also be aware of IT protocols for password sharing. If IT is outsourced, it is particularly important that there is a standard set up: will IT ever ask for a password over the phone? Will they always reset a password? Knowing what the standard is can help a user respond properly to a social hack attempt.
Educate your staff. There is a gaping hole in terms of passwords which IT is somewhat powerless to plug. Most users have been told, at this stage, of the dangers of using one password on multiple sites. Of course, they continue the practice because it is difficult otherwise to remember all of their passwords. IT cannot prohibit a user from updating his Facebook password to match his work password. However, IT can offer education, pointing to situations where the use of passwords on multiple sites has compromised data, and can also offer password management tools that can make it easier for end users. Those firms that have implemented two-factor authentication or biometrics are doing all that they can to ensure users are as smart as they can possibly be about protecting the firm's information.
Beware of the cloud. Sharing files has inherent security risks that people don't always think about. Putting information out there on the public cloud, like Dropbox, is very dangerous, even if it is very convenient. You should consider carefully whether use of the cloud is really necessary before uploading documents.
They say that the best defense is a good offense. As many other companies and famous names have seen, no one can deter a determined thief completely. But by taking a few preventive steps and having your IT department instill them with staff, you can make the effort a great deal harder.
Kathleen Hurley is IT director for Madison International Realty, a real estate private equity firm based in New York City. The views expressed here are the author's own.
As technology advances, real estate firms of all types face a variety of security issues. Real estate private equity and investment firms generally have been prompted by the regulatory environment to step up investment in technology security, and to integrate security management into the culture. In the age of the Internet of Things, property managers now have to secure commercial real estate infrastructure.
At the owner and asset management level, ensuring that a building operator or manager has the qualifications to run a technologically-enabled building is critical to ensuring the viability of the investment. And with the ability to access new data sets through “big” data, every company is dealing with the complexity of harnessing, analyzing, integrating and protecting increasing amounts of information.
Even when there is solid training in place, ransomwear protection and a mobile device management platform, there is nothing that can prevent an end user from being socially hacked. A social hack can be intentional or it can be opportunistic. An intentional hack, of course, can be far more devastating. Here are three tips that can help you—and your employees—safeguard your company.
Be vigilant about passwords. If users are accustomed to scribbling their passwords on paper and leaving them in view on their desks, they are opening a door to a social hack. A visible password is offering anyone who happens by an opportunity to get curious. Malice is not even required to generate a truly awful situation in which client or other sensitive data is accessed with an illicit password and exposed.
Users must be trained to handle common threats like phone calls from “the Windows department” asking for passwords, not to mention credit card numbers. They should also be aware of IT protocols for password sharing. If IT is outsourced, it is particularly important that there is a standard set up: will IT ever ask for a password over the phone? Will they always reset a password? Knowing what the standard is can help a user respond properly to a social hack attempt.
Educate your staff. There is a gaping hole in terms of passwords which IT is somewhat powerless to plug. Most users have been told, at this stage, of the dangers of using one password on multiple sites. Of course, they continue the practice because it is difficult otherwise to remember all of their passwords. IT cannot prohibit a user from updating his Facebook password to match his work password. However, IT can offer education, pointing to situations where the use of passwords on multiple sites has compromised data, and can also offer password management tools that can make it easier for end users. Those firms that have implemented two-factor authentication or biometrics are doing all that they can to ensure users are as smart as they can possibly be about protecting the firm's information.
Beware of the cloud. Sharing files has inherent security risks that people don't always think about. Putting information out there on the public cloud, like Dropbox, is very dangerous, even if it is very convenient. You should consider carefully whether use of the cloud is really necessary before uploading documents.
They say that the best defense is a good offense. As many other companies and famous names have seen, no one can deter a determined thief completely. But by taking a few preventive steps and having your IT department instill them with staff, you can make the effort a great deal harder.
Kathleen Hurley is IT director for Madison International Realty, a real estate private equity firm based in
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.