Advice for estate agents on avoiding data breach
With the amount of sensitive data estate agents hold, a data breach could be catastrophic. Richard Forrest from Hayes Connor tells us how you can avoid this…
As an estate agent, it’s likely that your job requires you to handle sensitive data and large sums of money often. Whether you’re dealing with rent payments, house deposits, or confidential client IDs and bank details, there’s a lot to think about.
Although I’m sure your company has secure methods of holding this data, backed up by encryptions, these infrastructures can only protect it to a certain extent. Otherwise, it’s down to the humans dealing with this data to handle it appropriately.
In fact, human error is one of the biggest causes of workplace data breaches, be it on the client or agency side. This is why learning to handle information properly is essential, especially when you’re working as an estate agent. So, to find out how to protect your client and company data from hackers and breaches, read on…
How might an estate agent experience a data breach
Before we delve into the main ways an estate agent can protect their data, we’re first going to look into the many ways these may occur. A breach can come about in one of two ways:
- Internal mistakes due to human error
- Malicious activity from hackers
Some specific reasons why each case may occur include:
Human error causing data breaches
Mistaken data breaches occur when someone within the company, or a client, makes a mistake with handling data. Because of this, the data then becomes open to use. This could occur due to:
- Loss of a device containing important information
- A lack of training, causing people to handle data incorrectly
- Somebody accidentally accessing a colleague’s documents or emails
Malicious data breaches
Alternatively, hackers and criminals may choose to target your estate agency specifically, with the purpose of stealing important data. This could be made possible through:
- An internal employee looking to harvest data for criminal purposes
- Out of date devices and security systems
- Lack of anti-malware software on devices
- Weak passwords
- Working on an unsecure network
- Phishing emails, text message, calls, or mail
Top tips to avoid a data breach as an estate agent
As you can see, a data breach can occur for a number of reasons, whether it’s with malicious intent or not. Either way, the company who experiences a breach is liable, as these sorts of incidents are avoidable, with the right systems in place.
The biggest mistake any company can make is not putting in these preventative measures before a data breach occurs. Although it may seem like a lot of time and money to spend on this, the long-term benefits of avoiding a breach will be worth it. So, some ways an estate agent can avoid a breach include:
Estate agents will liaise with clients mostly via email, so protecting this communication is the first step to avoiding a breach.
As data breach solicitors, we handle a lot of secure client information, including confidential case data, client bank details, and more. A lot of this information is provided via email, so we truly understand the importance of keeping our emails secure and safe.
In order to do so, we are vigilant with checking and double-checking everything to ensure it’s sent to the correct person. We also have a policy at the end of our email footer, which makes it obvious the email has been sent from us. So, if a client receives an email without this footer, they can compare it to previous liaisons with us, using it as guide.
Because estate agents often handle data of a similar confidentiality to solicitors, including client identities and bank details, you should do the same.
Inform clients on how to protect themselves
Similarly, I would urge clients to be vigilant, and advise estate agents to pre-warn customers about being careful.
For example, say a client is looking to buy a house, and you have to transfer the deposit money. We’ve come across cases where the hackers may have been monitoring emails throughout this process, and then step in at the point of transaction. They might say something like their bank account details have changed, and that’s when the transaction occurs.”
Clearly, this example shows that clients have to be aware of the dangers posed to them. So, if you want to be extra careful, informing clients on how to spot any suspicious activity, and to call you if they’re unsure, is paramount. Specifically, any changes in language and email address, and any grammatical errors, are tell-tale signs of someone sending phishing emails.
Train staff on handling data
In a similar way, you also need to ensure all staff are trained properly on handling sensitive information to avoid any mishaps. Specifically, they should be trained on:
- Sending emails responsibly
- Recognising malicious phishing emails
- Handling company data appropriately
- Dealing with, and disposing of, paper documents properly
- Avoiding oversharing, especially via social media
- Utilising any device security software appropriately
- Remaining on the secure company network, even whilst working from home
- GDPR principles and how to abide by them
This sort of training should then make it abundantly clear where there are any gaps in your processes to protect data. You can then implement these processes where they’re missing.
Deal with paper documents properly
Although most companies, these days, are running paperless, many estate agents still have paper files that need handling correctly. Storing them appropriately and securely is something that must be prioritised.
Likewise, disposing of the information as and when required is also paramount. After all, GDPR principles these days mean that any client data can only be held for fixed periods of time. After this, the documents must be destroyed, for example shredded or burnt.
Therefore, these processes must be discussed with your team, and carried out appropriately.
Working on secure devices is also extremely important within any estate agents to minimise the risk of malicious infiltration. This can be achieved through:
- Working on a secure company network, like a VPN
- Providing company laptops to work from
- If this can’t be done, making sure all personal laptops have security software installed
- Making sure all staff utilise secure passwords for all logins
- Ensuring all logins require multi-authentication to get access
- Installing anti-malware software on all company devices
Hire cyber security experts
Finally, hiring an expert to spot any suspicious activity within your systems is a really important step to secure data. They will be able to identify any strange activity, and patch up any gaps in your system to combat it. Whether you hire someone in-house, or get an agency to come in every few months, this could be the difference between experiencing a breach and not.
Ready to protect your data?
As we’ve seen, putting in place these preventative measures before a breach occurs is your best course of action. By investing this time and money now, you can avoid exposing customer data, which could avoid drastic knock-on effects to your agency. Ultimately, by staying one step ahead of any hackers, you can avoid falling victim to a breach.