It’s no surprise most REALTORS®use online tools to service clients, but beyond the challenges of mastering software and apps, there’s the relentless priority of keeping your data secure. As schemes to steal your data become more sophisticated, the challenge of staying safe online can seem like a full-time job on its own.
Four out of 10 cyber attacks start with phishing, according to IBM’s X-Force Threat Intelligence Index 2022. Phishing is an attempt to target and exploit your data using telephone calls, email, texts and/or other means of getting you to give up sensitive data. Your email address(es), physical address or even your Social Insurance Number (SIN) can all be used in attempts to assume your identity and get access to your banking accounts or other prime targets.
Phishing tools such as those used in emails are becoming increasingly sophisticated. Some phishing attempts can even come as incoming telephone calls masquerading as leads.
The good news? CREA’s Chief Technology Officer, Kriteen Lahiry, and his team have you covered with their top tips to staying safe online.
“Always be suspicious,” says Lahiry. “The new reality is that we all need basic skills training for using online tools to stay safe.”
More from CREA Café:
- Is it a scam? What REALTORS® need to know about fraud
- Own a computer? What you need to know about “ransomware”
- 4 tips for using shared or public computers
- How to protect yourself and your personal information from “phishing” scams
Keep your passwords safe
Passwords are your first line of defence to keep your data locked and out of sight from prying eyes and hands. Do you write your passwords on sticky notes you affix to the edge of your monitor, so you won’t forget them? If so, stop now, explains Lahiry.
- Use strong passwords that are at least eight characters long and include lower case letters, upper case letters, numbers and special characters.
- Don’t duplicate your passwords and, when possible, try not to use your browser’s keychain as an easy way to remember them, as it can be another avenue for potential exploit.
- Use a password management software to store and update your passwords. Don’t save them in a spreadsheet, a text file or on a sticky note.
Tip: Lahiry likes KeePass, a free open-source password manager, although there are other paying options such as Dashlane. Whichever software you choose, make sure to keep it updated.
Keep your mobile devices guarded
“It’s harder for REALTORS® to be suspicious because their business is human interaction, especially online, which increases their risk of potential security problems,” says Lahiry.
As a REALTOR®, you rely on your phone, not just for making calls but also to check emails, texts and perform almost all the other tasks you need to do when dealing with clients and associates. So, don’t forget about mobile device safety.
- Make sure your device is encrypted.
- Use a password/passcode to lock your device.
- Setup auto lock on all your devices.
- Enable auto and daily backup of your data—like to a cloud storage service.
- Disable any app/setting you don’t need.
- Keep your devices software up to date, especially the operating system.
- Install/enable an antivirus/anti-malware on your device and keep it up to date.
Keep online accounts off limits to strangers
Whether it’s email, social media, your content management system (CMS), your customer relationship management (CRM), cloud storage services or any other online account, you need to be vigilant, says Lahiry. That means assuming someone, somewhere, is going to want your data.
“With email, I don’t download images by default, even though most email clients do have that capability, as it could contain information that could lead to a system exploit. Most email clients do have the capability to turn off automatic image downloads,” says Lahiry, who reminds REALTORS® to check their email platform’s preferences. “We must always be wary that different tactics and a combination of them will be used to get [our data].”
- Use a unique password for each account.
- Enable Multifactor Authentication (MFA) on your accounts, if supported.
- Set up a recovery email and security questions to restore access to accounts.
- Do not use security questions that are easy to answer, like information about you that can be found on your social media accounts or something someone you know could guess.
Be cautious with information for online business tools
Online tools such as e-signatures have flourished since the pandemic. As a REALTOR® you may also use more sophisticated tools like those you use for building and maintaining websites and enhancing digital content in emails.
“From a security point of view, remember there are gaps in every software, even as companies always try and plug the holes, so doing tasks such as running a malware scan, ensuring your software is up to date with the latest security fixes and allowing your operating system to update automatically are steps you can take for safety,” Lahiry says.
- Do not enter sensitive information, such as banking information, usernames, and passwords, on websites you don’t trust.
- When receiving emails, unless you know and trust the source, do not click on links.
- Do not open attachments you receive from untrusted sources.
- Do not open attachments you’re not expecting, even if it’s sent to you by someone you know.
- Do not share sensitive or confidential information via email, such as credit card information, SIN, and passwords.
- Do not sign any document unless you’re expecting that document to be sent to you by a trusted source.
Protect against identity theft
- Regularly review your credit report to check if your personal information may be compromised.
- Protect your SIN. If an organization asks for it, ask if it’s legally required to do so and if another form of identification would work instead.
- Be extremely cautious providing sensitive personal information, though we understand that REALTORS® need to market their services, so you’ll need to share your name and contact information.
Staying safe online requires vigilance and an understanding you may always be under attack. Keep your software up to date, stay abreast of always changing security advisories and stay safe out there.