Insureon Blog

Top Cyber Liability Risks for Real Estate Agents

10. January 2014 08:41

Real estate agent using digital tablet

In 2010, the National Association of Realtors (NAR) conducted a survey to investigate the data security practices of its members. The organization found that more than 80 percent of respondents didn’t know whether their state upheld data security or privacy laws. And “fewer than half” maintained data security protocol to protect their clients’ “personally identifiable information” (PII) – the kind of information that is affected by data security legislation.

These numbers are scary. Especially because Verizon’s recent Data Breach Investigations Report found that nearly 80 percent of data breach victims were “targets of opportunity” with “exploitable weaknesses,” such as unsophisticated or nonexistent security measures.

The term “cyber liability risk” refers to the possibility that your business’s electronic information may find its way into the hands of an unauthorized individual.

Real estate agents are particularly susceptible to data breaches – and not just because, like many small-business owners, they tend to underestimate their cyber liability risk. Below are some of the top cyber liability risks for real estate agents:

Risk 1: Cyber Crime

Real estate agents handle a variety of personally identifiable information on a daily basis, which puts them at risk for cyber crimes like hacking, phishing, and malware. The legal definition of PII varies from state to state, but it usually includes a person’s name and one or more of the following:

The fact is, real estate agents can’t do their jobs unless they collect personal information from their clients. It cannot be stressed enough that the type of data the real estate agents use is exactly the kind of information cyber criminals seek.

Real estate agents need to be particularly careful when storing – and disposing of – these records.

The Fair and Accurate Credit Transactions Act (FACTA) of 2003 details the proper (and legally required!) procedure for disposing of data-containing records, which includes shredding, incineration, and/or the use of software that can wipe information from a hard drive and prevent its restoration.

Risk 2: Data Loss from Stolen Devices

Historically speaking, the real estate industry has not been a target of cyber crime – at least not like the healthcare, retail, and financial services industries. But when it comes to small businesses, data breaches are becoming more commonplace across the board.

For their part, real estate agents in the digital age must rely on mobile devices and web apps to communicate with clients and maintain their schedules, contact database, listing contracts, financial documents, and other records.

Electronic devices like phones, tablets, and laptops can be physically stolen. And if PII isn’t encrypted, anonymized, and otherwise secured, information on those devices can also be stolen.

According to Cyber and Data Security Risks and the Real Estate Industry, a report published by the American International Group (AIG), “80 percent of data breaches reported in 2012 happened to organizations that did not rely on the Internet as a core piece of their business.” Meaning: data loss happened offline, because physical devices were stolen.

The AIG report goes on to explain that the 2010 study found that:

Translation? It’s time to back up your data. Now.

Risk 3: Data Breaches

Because it’s often so simple and cost-effective, many small businesses in the real estate industry outsource their information storage and maintenance to third parties. When real estate firms do this, it’s easy to assume that the burden of data protection is no longer in their hands.

Unfortunately that’s rarely the case. In fact, using a third-party IT service can expose your real estate firm to additional cyber liability risks. According to the AIG report, 63 percent of incidents in 2013 were linked to “security deficiencies” in third-party IT…

Read on to learn how real estate agents can reduce their cyber liability risk and protect themselves from the costs of data breach.

Real Estate Agents: Manage Cyber Risk with Cyber Liability Insurance and Data Protection Protocols

There are two major ways real estate agents can manage cyber risk: Cyber Liability Insurance and data protection protocol.

Cyber Liability Insurance (sometimes called Cyber Risk Insurance) is a small business insurance policy that helps real estate agents pay for the high cost recovering from a data breach. Since it’s impossible to retrieve lost data, this policy works by helping your real estate firm pay for damage control measures: notifying clients, launching a PR campaign to restore your image, etc.

But Cyber Liability Insurance can’t prevent data breaches. To reduce your exposure, the NAR recommends that you and your employees implement this “five steps toward achieving data security” approach:

Not only is it good business for real estate agents to protect client data, it’s often the law. The NAR reported on the Data Security and Breach Notification Act of 2013 in June, noting that in most states, the new law would “require covered entities to take ‘reasonable measures’ to protect and secure data in electronic form containing “‘personal information.’”

And if, for example, a real estate business did not take these measures, then that business would be responsible for notifying clients of the data breach.

know your business risks

Tags:

Data Breach | Real Estate Professionals

Permalink | Comments (0)