Commercial Real Estate
4 cybersecurity best practices for commercial real estate
Each employee plays a critical role in real estate fraud prevention efforts. Use the tips below to protect your company from the ever-evolving threat of cybercrime.
Most modern commercial real estate businesses use technology to help collect rent, pay vendors and manage their portfolios. While automation provides benefits, it also brings the risk of cybercrime. Protecting your business starts with educating and training your workforce—they’ll likely be the first to experience a phishing attempt or other attack.
It’s important to instill a culture of good real estate cybersecurity hygiene from the top down. Here are a few key ways you can help strengthen the cyber readiness of your staff and business:
1. Ensure employees can recognize phishing
Criminals can trick even the most experienced employees with phishing tactics, typically via email. These attempts can be quite convincing and may even come from a trusted account that’s been compromised. Train your employees to:
- Be on the lookout for red flags. Poor grammar and spelling, urgent language, hyperlinks or attachments, fake logos, and missing or vague contact information.
- Spot look-alike email domains. These are email addresses that are spoofed by a cybercriminal to resemble trusted accounts—like using “rn” to look like an “m”.
- Always call back to a verified phone number when they receive payment instructions through email. Business email compromise (BEC) is a multibillion dollar problem. In this scheme, cybercriminals might use a hacked email of one of your building service vendors to request money. The message will look authentic in every way, so the only solution is to have comprehensive callback procedures—including never using a phone number provided in an email.
- Be cautious of clicking on links or opening attachments sent in emails. It may be wise to conduct quarterly phishing tests by sending a fake email to employees and assessing whether they report the attempt or fall for the deception. These may be messages about job offers, packages waiting for pickup or invitations to meetings.
2. Be aware of ransomware risks
A ransomware attack occurs when hackers use malware to invade your network and compromise your data, demanding a ransom payment in exchange for information they stole. Many companies think it could never happen to them either because of their industry—like real estate—or business size. But cybercriminals do not discriminate, regularly targeting small companies in hopes they have weak protections or low awareness. It’s up to business leaders to ensure the rest of the workforce is aware of how ransomware unfolds and knows the property fraud prevention steps to take.
- Consider conducting tabletop exercises and attack simulations that drill employees on incident response.
- Keep IT employees up to date on the latest types of ransomware, as schemes change and cybercriminals target new vulnerabilities.
- Have an incident response plan for escalation in case of an attack.
3. Improve access control
Hackers can gain access to your accounts by attacking weak points and exploiting lax cybersecurity. It’s important your business do everything to protect vulnerabilities and restrict access. This includes a mix of utilizing email-provider security features and implementing internal policy safeguards. Require that employees:
- Never use business and personal email interchangeably.
- Enable multifactor authentication when working remotely.
- Use an email encryption tool when transmitting sensitive information.
- Adhere to mobile phone cybersecurity best practices—such as regular operating system updates and data backups.
- Review personal and professional apps and the data collected and shared; disable phones and apps from tracking location when not in use.
- Install anti-virus and anti-malware software on personal devices used to access work materials.
4. Don’t overshare on social media
Personal information on employees’ social media accounts can be used for social engineering attacks. For example, fraudsters can guess certain authentication questions for online accounts by gleaning personal details from social updates. Caution employees to:
- Limit the amount of information published on social media, such as the names of children, pets or schools attended.
- Report any suspicious activity or spam, which can come in the form of a post, message, email or friend request.
- Describe job responsibilities generally, never referring to specific projects.
How JPMorgan Chase can help
In today’s world, cybersecurity is everyone’s business. Now that you know how to implement good cyber hygiene, you can help ensure that you and your commercial real estate employees are able to spot and react swiftly to a fraud attack.
JPMorgan Chase is constantly investing in cybersecurity to protect both our firm and our clients. Talk to your banking relationship team today to learn about what products and services can help your business improve its cyber readiness.
© 2022 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/cb-disclaimer for disclosures and disclaimers related to this content.