What do agents need to know about cyber security in 2022?
Cyber security has never been more important for letting and estate agencies to protect themselves and their customers from cyber attack. Here's Mark Armstrong, Group Chief Executive Officer at Reapit, to share what agents need to know for 2022.
A guest blog by Mark Armstrong, Group Chief Executive Officer, Reapit
I’m sure most readers would agree with me that cyber security is vitally important for almost any business, particularly those businesses like estate agencies that manage large amounts of valuable customer data. The digitalisation of customer information has created an abundance of opportunity for cyber criminals to exploit, and this is a trend that has only accelerated during Covid-19. Cyber attacks are now a nationwide issue, and one that impacts estate agencies and their customers just as much if not more so given the level of personal finances involved.
A notable cyber-security incident that afflicted Simplify Group took place in late 2021, leaving some of their customers unable to exchange, complete or move home. It was by no means the first property-sector entity to deal with such a crisis, and it won’t be the last. As recently as January this year, we heard from Paul Offley, compliance officer at The Guild of Property Professionals, that “more and more” cyber attacks on agencies or on companies working within the housing industry were being filed.
With the threat of cyber attacks on agencies rapidly increasing, cyber security and maintaining cyber resilience have never been more important for agencies to protect themselves and their customers, and to maintain trust between all parties. But how widespread is the cyber-attack threat? The answer is quite severe. So, here’s what agents need to know, both about the threats, and a foundation of what can be done to mitigate them.
Cyber attacks are becoming more frequent
In 2021, two in five businesses (39%) reported having experienced cyber-security breaches or attacks, according to the government’s Cyber Security Breaches Survey 2021, and among the businesses that identify breaches or attacks, over 27% experience these issues at least once a week.
This is a significant problem for small businesses in particular, with the insurer, Hiscox, reporting that one small business in the UK is successfully hacked every 19 seconds, with businesses of that scale facing an estimated 65,000 attempted cyber attacks every single day - of which around 4,500 are successful.
Understandably, being affected by a cyber attack is hugely damaging to consumer trust, particularly when their personal details are on the line. According to one such study by Atomik Research, 33% of UK organisations said that they lost customers following a data breach, and a study from Forrester put this even higher, with their survey finding that up to 38% of UK companies claimed that they had lost business because of security issues.
When this question comes down to consumers themselves, the potential impact is quite notable. Research from PCI-PAL, a secure payments provider, found that 44% of UK consumers claim they would temporarily stop spending with a business after a security breach, and 41% of consumers claimed they would never return to a business post-breach. This only serves to demonstrate how maintaining poor data security practices can have a serious impact on a businesses’ bottom line.
It's not just the loss of customer trust and business that agencies should be afraid of. Failing to report a breach can potentially result in high penalties, with the UK-GDPR and DPA 2018 setting a heavy fine of £8.7 million or 2% of annual global turnover - whichever is greater - for infringements.
Technological challenges require technological solutions
Many businesses still don’t have adequate cyber-security measures in place to protect against hacks or data breaches, and it’s not only the big, corporate enterprises facing security threats (and many still lack adequate cyber-security policies), but small and medium businesses as well. Such dangers to our industry are only becoming more prevalent.
According to the government’s aforementioned Cyber Security Breaches Survey 2021, only three in 10 businesses (31%) have a business continuity plan that covers cyber security, and only a quarter of businesses (23%) have cyber-security policies that cover home working – this rises among to 62% among medium businesses, and 72% large businesses.
With the increasing interest for work-from-home or hybrid working options among businesses, including agencies, a significant growing risk comes from using personal devices such as mobiles or home computers to perform work functions. According to the government survey, when it comes to using personal devices for work, only 18% of businesses have policies that cover the use of such devices for work, with that figure rising to 53% for medium businesses, and 66% for large businesses.
These statistics only serve to demonstrate the scale of the cyber-security challenge still facing many agencies. Consumer trust is built on the premise that we can look after their data and privileged information. That means that estate agencies - and PropTech - have to double down on their security initiatives and infrastructure in 2022 to ensure that they are as protected as possible against the danger of a breach.
Agencies should first and foremost consider the security initiatives in place within their CRM to boost their cyber resilience. This is particularly important with more and more agencies using multiple integrations and apps from third parties that might leave them vulnerable to cyber attacks.
A secure CRM should offer a number of fundamental security infrastructure initiatives for user logins and data handling, such as supplier-authenticated security credentials, SSO with multi-factor authentication, encryption of data-at-rest and in-transit. Partnering with a CRM provider that offers a managed service provider also brings its own benefits for infrastructure and security – outsourcing the responsibility to a provider means that agencies can rest easier knowing that the supplier is centralising and securitising the management of their data through one system, which means fewer doors for a hacker to find their way in.
Having a greater breadth of endpoint security protects an agency’s critical systems, customer data and employees themselves from all manner of phishing, malware, ransomware, and other cyber attacks. With the threat of severe penalties looming over agencies if they fail to upkeep their security, partnering with a supplier that can offer the security infrastructure at scale (and scalability) for every size of agency means peace of mind that if something goes wrong, the system in place will be sufficient to mitigate any damage as much as possible. I’ve always believed that technology is a game changer that brings with it distinct advantages and growing dangers in the form of cyber attacks and data breaches. Agencies must be ready to face those dangers because threats are very real and so are the penalties.
Fortunately, the security infrastructure that now exists is equally strong and advancing by the day. Agents that want to secure their data and safeguard their business should ask their CRM supplier what can be done to protect them.