Window to the Law: Creating a Cybersecurity Program

Window to the Law: Creating a Cybersecurity Program

May 2, 2018
Light Theme Light Dark Theme Dark

Advertisement

Brokerages can learn about the steps to follow when implementing a cybersecurity plan to help to protect the firm’s assets from outside threats. 

Download the slide presentation (PDF: 189 KB)

Transcript: Window to the Law: Creating a Cybersecurity Program 

Ransomware. Cybercriminals. Hackers.

These words strike fear in the hearts of all computer users, yet many small businesses have not implemented adequate cybersecurity methods to protect the business's data from a cyber attack. In this edition of Window to the Law, we will discuss the best practices for implementing a cybersecurity program. I am Finley Maxson, NAR Senior Counsel.

The Wannacry ransomware attack and the Equifax data breach, which exposed the personal data of over a hundred million individuals, were big news in 2017. The real estate industry has faced its own challenges with wire fraud schemes that rely upon hacking into a party's email and has caused millions of dollars of losses. As technology continues to infiltrate our lives, from connected vehicles to blockchain technology in transactions to the growth of cloud computing, technology will bring new risks for businesses. Businesses need to not only keep up with new technology but also with the risks that come with every new development.

A first step for implementing a security program is to create a data security program. NAR's Data Security & Privacy Toolkit as well as an earlier Window to the Law video set forth the principles needed to create a data security program.

Next, the firm will need to evaluate its security protocols. The Federal Trade Commission, or FTC, is the federal agency who brings enforcement actions against businesses for failing to protect consumer data. In order to help a business keep its data secure, the FTC has created Start with Security, which distills the lessons learned from FTC enforcement actions into 10 important practices for data protection. We will briefly review each of these steps.

The first step is Start with Security- this is a key principle, where security considerations guide and inform your data collection practices. The business should only collect relevant personal information and keep this information only for as long as it is needed, with a process in place to destroy unnecessary data.

Next, Control access to data sensibly. When you have sensitive data on your network such as salary or health care information, limit access to only those who need to use the information. Keep control over whom can access all types of information.

Require secure passwords and authentication- most hackers breach networks through bad or weak passwords. Make sure users create strong passwords (long phrases are now recommended) and keep all passwords in a secure location.

Store sensitive personal information securely and protect it during transmission. If you are transferring data, make sure to use proven security methods such as encryption.

Segment your network and monitor who's trying to get in and out. The brokerage should limit access of individuals to only the parts of network that they need to access. For example, salespeople can't access the firm's financial data nor accounts of other salespeople. Segmenting access may help limit the damage from a breach.

Next, Secure remote access- make sure everyone accessing the network remotely has a strong and secure connection, as all it takes is one vulnerable point for a data breach to occur.

Apply sound security practices when developing new products- this step is a list of protocols that a business should employ when developing its own software products, such as apps.

Make sure your service providers implement reasonable security measures- A very important step for small businesses like real estate brokerages who often rely upon vendors to store their data. Make sure your vendors are properly securing the data by testing their compliance and put language in contracts requiring vendors to maintain a certain level of security. You don't want to wait until a breach to find out your vendor hasn't employed good security!

Put procedures in place to keep your security current and address vulnerabilities that may arise- Keep software up-to-date, as security updates are important for protecting your network.

Secure paper, physical media, and devices- The same steps you use to secure your electronic data applies equally to other forms of storage. All information needs to be stored in a secure way, and unneeded information should be discarded when its business purpose has come to an end. Having a good document retention system will help you keep track of all data, including data which is not in an electronic format.

Here is a list of cybersecurity resources.

Thank you for watching this edition of WINDOW TO THE LAW.

Additional Resources

Data Privacy & Security

REALTORS® strongly support efforts to protect consumers' sensitive personal information.

Wire Fraud Notices

These notices may serve as an effective risk management tool to protect real estate professionals from liability related to wire fraud.
Window to the Law is a monthly video series that provides valuable risk management tips and information to help real estate professionals navigate legal issues facing the real estate industry.
From the advocacy efforts to technology advances and updates on commercial industry trends, the topics in this series all relate to what’s happening in commercial real estate now and what trends are on the horizon.
These webinars and videos are an extension of the New AE Orientation, intended to provide ongoing learning on association management resources and programs to newly appointed AEs.
The hunt is about so much more than the house. Home buying hiccups lead to tough decisions. Guided by the expertise of a REALTOR®, First-Time Buyer puts the real in real estate.
YouTube Play Button Icon

NAR Videos on YouTube

NAR offers additional topics online covering legislation, events, industry news and guides for both NAR members and the public. Visit NAR on YouTube

National Association of REALTORS®

18.5K subscribers

Open YouTube

REALTOR® Party

1.57K subscribers

Open YouTube

REALTOR® Magazine

3.66K subscribers

Open YouTube

NAR Meetings

1.56K subscribers

Open YouTube

Realtors Property Resource® (RPR)

4.58K subscribers

Open YouTube

HouseLogic

1.17K subscribers

Open YouTube

First-Time Buyer

278 subscribers

Open YouTube

That’s Who We R (playlist)

Open YouTube