How to stay safe with cyber security in lettings [+ open banking fact sheet]

21 May 2021

Cyber crime is reportedly on the rise and letting agents need to be aware of what measures they can take to keep any personal or sensitive data that they hold as safe as possible. Extra processes and online solutions, such as open banking, can help to add an extra layer of security.

The recent increase in UK cyber crime as businesses relied more heavily on digital solutions during the pandemic emphasises that letting and estate agents should be aware of how they can bolster their security systems, to make sure they keep their tenants' and landlords' information safe. Technologies such as open banking can play a part - so here's an open banking fact sheet for your tenants, to encourage them to opt in where relevant. 

What is cyber security?

Cyber security is all about protecting networked devices connected to the internet, such as mobile phones or laptops, as well as protecting the services that those allow us to access from cyber attack.

This becomes especially important when you consider the customer information that you hold on your agency's systems.

As well as written or scanned documents, or addresses, for example, this can extend to any context where sensitive information could be shared.

The rise in virtual viewings means that agents should carefully consider any personal information of their customers that could be visible in the videos or images they place on their websites.

In the world of remote work, the importance of having the right systems and processes in place has only grown.

“While working remotely has been an integral part of keeping people safe during the pandemic, it has also opened up opportunities for cybercriminals looking to infiltrate networks through more vulnerable IT systems,” says Paul Offley, Compliance Officer at The Guild of Property Professionals.

What risks could your agency face?

Almost 40% of UK businesses experienced a cyber attack in 2020, according to the Cyber Security Breaches Survey.

That same survey shows that where one of those attacks led to a loss of data or assets, £8,460 is the average business cost, increasing to £13,400 for medium and large businesses.

The most common form of attack in the past year has been phishing, for 83% of businesses, and impersonation, for 27% of businesses.

Any breach in security leading to that information being viewed by any unauthorised person could lead to legal action and fines.

Agents and landlords manage the flow of rent and other monies - but there is also a significant amount of sensitive data held by all agents that should be protected.

From client addresses and account details, to alarm records and passwords to access homes, passport details and other ID information, this data can make agencies a target for cyber crime.

Maximise your letting agency's potential with advice from this free e-book

How can third-party providers help keep you cyber secure?

Using third-party suppliers in the RentTech ecosystem can help you avoid the need to store much of your customers' data.

Your supplier can take on the role of data controller for many of the data-heavy processes in lettings, tenant referencing in particular, and help limit the amount of sensitive data your agency has to take ownership for.

Many providers have access to technology which can add an extra layer of cyber protection too. Open banking, for example, can be used in referencing to check the financial health of your tenants, with a fast and accurate overview of their rent and bill payments.

The one-off connection required means documents aren't sent back and forth via email, where they could be intercepted, and the automated process makes it easier to check only the most relevant data.

Encouraging your tenants to use this type of technology will help limit the amount of sensitive information handled in the referencing process - and help limit cyber risk.

Download and share a free fact sheet with your tenants about open banking, and how this may be used in the referencing process.

What else can your agency do to prevent cyber crime?

While you can choose suppliers to help with these risk heavy parts of the lettings process, you'll still need to ensure that your own processes and procedures are airtight. The Property Redress Scheme suggests other ways that you can protect your agency:

  • Make sure all of your devices where data is stored are encrypted, so only you can access them.
  • Password protect files, and don't store tenant and landlord information on any device that you may take outside the office or home.
  • Check the security in place with your cloud storage providers.
  • Never release personal information over the phone, through the post or electronically until you have checked the person receiving it is authorised.
  • Set up procedures to limit the amount of sensitive information employees can access - and only allow relevant employees access to it.
  • Keep your antivirus software and plug-ins up to date.
  • Don’t open suspicious-looking emails or links.
  • Check bank account details in person or over the phone, rather than in emails, for any online money transfers.
  • Whether digital or hard copies, securely dispose of any data that you have on file that's no longer required.

As a final measure, you could also choose to take out Cyber Liability Insurance, to help reimburse you for costs incurred by this type of crime - although the premiums are currently high as many businesses recognise the growing risk that cyber crime represents.

Want the latest lettings new delivered straight to your inbox every week? Sign up to our mailing list and stay up to date.

Further reading