Cybersecurity: Are you Secure?

Are you familiar with the type of cyberattacks used by hackers? Do you have cybersecurity policies and procedures?

The Cybersecurity and Infrastructure Security Agency (CISA) defines cybersecurity as the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality and integrity, and availability of information.

Cybersecurity attacks are prevalent in brokerage transactions due to the nature of the business. There are various types of cybersecurity attacks; however, some of the most common cybersecurity attacks are:

  • Business Email Compromise (BEC);
  • Cloud Storage Attacks; and
  • Smishing.

Business Email Compromise

A Business Email Compromise scam in a real estate transaction may occur when the email account of an individual (e.g. broker, attorney, principal) in the transaction is hacked. After the email is compromised, the hacker monitors the communication to extract relevant details such as the property description and associated closing costs. Once they have this information, the hacker sends a spoofed email (e.g. an email similar to the original account holder) so that future electronic communication is diverted to the hacker. Business Email Compromises are usually used to get unauthorized funds, access personal, confidential information, and/or W-2 forms, according to the Internet Crime Compliant Center.

Cloud Storage Attacks

Cloud storage providers allow brokers and brokerage firms to secure their data, collaborate with others, and access information from a variety of locations. Due to the magnitude of information that is stored in the cloud, hackers may attack the cloud storage provider by retrieving the passwords of users or the security tokens of a computer.


Brokers routinely communicate with many different people using their cell phones and tablets. Therefore, they are susceptible to smishing scams. Smishing is similar to phishing. Phishing is defined as a scam that is sent via email to individuals. Similarly, smishing involves hackers sending links or attachments via text to gain access to confidential information. Brokers should be careful when receiving text messages, links, or attachments from unknown sources.

The National Association of Realtors® has created a resource entitled, Cybersecurity Checklist: Best Practices for Real Estate Professionals, to assist brokers with developing cybersecurity policies. Brokers may want to use some of the following best practices referenced in the checklist to proactively prevent a cybersecurity attack such as:

  • using long, complicated passwords (e.g. phrases or a combination of letters, numbers or symbols);
  • regularly purge email accounts;
  • using encrypted emails;
  • using two-factor authentication when accessing emails;
  • keeping antivirus software and firewalls up-to-date; and
  • regularly backing up critical data and confidential information.

The Cybersecurity Checklist: Best Practices for Real Estate Professionals article can be accessed here if you would like additional information. Also, the Commission published some information about Cybersecurity in the 2020-2021 Update Course. This content can be retrieved here.

If you have any further questions, please contact the Education & Licensing Division at 919.875.3700.