Company encourages strengthening cybersecurity in real estate

As digitalisation continues to transform industries, the real estate sector has to deal with significant changes in how it manages and protects information, especially with the transition from paper-based processes to digital systems having introduced new cybersecurity challenges.

Real estate companies must now prioritise the security of their data and systems to safeguard against potential cyberthreats, says computer security service provider Galix MD Simeon Tassev.

“A lot of systems that contain and maintain relevant data, such as homeowner information, are now digital, which means they are accessible one way or another digitally.”

Hopefully, this is done securely, although he stresses this is where the challenge lies, as the convenience of digitalisation is offset by the need to store and process information securely, which involves managing a complex supply chain.

In conversation with Engineering News, Tassev says the two primary cyber risks for the real estate industry are data security and the security of building technologies.

Many technologies used in real estate, such as home security systems and smart building technologies, were initially developed without security in mind. This oversight makes them vulnerable to exploitation, he laments.

Cyberthreats in the sector include identity theft, financial fraud and unauthorised access to sensitive information.

Real estate transactions that involve extensive personal and financial data are especially vulnerable, as these companies are often considered attractive targets for cybercriminals.

Understanding these risks are critical, Tassev says, emphasising that if the information is made easily accessible, “somebody will find a way of exploiting that”.

However, many real estate companies are not adequately prepared to handle these threats, he stresses.

“Real estate companies are often small operations, and for them to be security-savvy and mature enough to understand the potential threats and secure information are challenging,” he says, adding that many companies focus on selling or building properties and may not prioritise cybersecurity.

Additionally, the perception among many companies is that they are “an unlikely target”, which can further exacerbate vulnerabilities, as this mindset can lead to inadequate security measures and increased risk of data breaches.

He, therefore, cautions that “people become targets not because somebody is specifically targeting them, but because they are an easy target”.

Mitigating Cyber Risks

To mitigate cyber risks, real estate companies must implement a comprehensive cybersecurity strategy.

Tassev suggests several steps, the first of which is to encrypt sensitive data and secure storage systems to prevent unauthorised access. This includes encryption of communication channels and using strong authentication methods.

Secondly, educating employees about cybersecurity best practices is crucial. Tassev emphasises that “no matter how good your technical controls are, there’s always a risk of human error”. Regular training and awareness programmes can also help employees recognise and avoid potential threats.

Thirdly, real estate companies should work with cybersecurity experts to assess their specific risks and develop tailored security measures. Tassev advises engaging professionals who can “translate what cybersecurity means for your organisation and help implement relevant controls”.

Additionally, compliance with privacy legislation and industry standards is essential.

In South Africa, for example, the Protection of Personal Information Act (Popia) mandates stringent data protection measures. Real estate companies must ensure they meet these requirements to avoid legal and financial repercussions.

As smart building technologies become more prevalent, securing Internet-of-Things (IoT) devices is critical, Tassev says, noting that this includes ensuring that devices are not easily exploitable, and implementing controls for network security, endpoint protection and access management.

Cybersecurity firms also play a vital role in supporting real estate companies, as they provide the expertise, tools and technologies to enhance security measures.

Effective solutions include phishing simulation and ransomware protection, testing employees’ security awareness through simulated attacks to identify vulnerabilities, and improving responses to real threats.

Implementing multi-factor authentication adds an extra layer of security, making it more difficult for unauthorised users to gain access, while regularly backing up data and having robust recovery plans can mitigate the impact of ransomware attacks, Tassev suggests.

Future of Cybersecurity in Real Estate

Over the next five to ten years, the real estate industry is expected to mature in its approach to cybersecurity, and Tassev predicts that concepts currently used in IT security, such as zero trust architecture, will be applied more broadly.

“Zero trust means you have to give explicit access to something,” he explains, adding that this approach ensures that systems are secure by default and accessible only to authorised users.

As real estate companies continue to digitalise, he avers that they must balance business operations with cybersecurity.

“Implementing effective security measures is not about making systems overly complex, but about finding the right balance to protect information without hindering business processes,” he concludes.