We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Credit and Financing

Prepare for future growth with customized loan services, succession planning and capital for business equipment or technology.

Learn more about our credit and financing solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Commercial Real Estate

4 cybersecurity best practices for commercial real estate

Each employee plays a critical role in real estate fraud prevention efforts. Use the tips below to protect your company from the ever-evolving threat of cybercrime.

Most modern commercial real estate businesses use technology to help collect rent, pay vendors and manage their portfolios. While automation provides benefits, it also brings the risk of cybercrime. Protecting your business starts with educating and training your workforce—they’ll likely be the first to experience a phishing attempt or other attack.

It’s important to instill a culture of good real estate cybersecurity hygiene from the top down. Here are a few key ways you can help strengthen the cyber readiness of your staff and business:


1. Ensure employees can recognize phishing

Criminals can trick even the most experienced employees with phishing tactics, typically via email. These attempts can be quite convincing and may even come from a trusted account that’s been compromised. Train your employees to:

  • Be on the lookout for red flags. Poor grammar and spelling, urgent language, hyperlinks or attachments, fake logos, and missing or vague contact information.
  • Spot look-alike email domains. These are email addresses that are spoofed by a cybercriminal to resemble trusted accounts—like using “rn” to look like an “m”.
  • Always call back to a verified phone number when they receive payment instructions through email. Business email compromise (BEC) is a multibillion dollar problem. In this scheme, cybercriminals might use a hacked email of one of your building service vendors to request money. The message will look authentic in every way, so the only solution is to have comprehensive callback procedures—including never using a phone number provided in an email.
  • Be cautious of clicking on links or opening attachments sent in emails. It may be wise to conduct quarterly phishing tests by sending a fake email to employees and assessing whether they report the attempt or fall for the deception. These may be messages about job offers, packages waiting for pickup or invitations to meetings.


2. Be aware of ransomware risks

A ransomware attack occurs when hackers use malware to invade your network and compromise your data, demanding a ransom payment in exchange for information they stole. Many companies think it could never happen to them either because of their industry—like real estate—or business size. But cybercriminals do not discriminate, regularly targeting small companies in hopes they have weak protections or low awareness. It’s up to business leaders to ensure the rest of the workforce is aware of how ransomware unfolds and knows the property fraud prevention steps to take.

  • Consider conducting tabletop exercises and attack simulations that drill employees on incident response.
  • Keep IT employees up to date on the latest types of ransomware, as schemes change and cybercriminals target new vulnerabilities.
  • Have an incident response plan for escalation in case of an attack.


3. Improve access control

Hackers can gain access to your accounts by attacking weak points and exploiting lax cybersecurity. It’s important your business do everything to protect vulnerabilities and restrict access. This includes a mix of utilizing email-provider security features and implementing internal policy safeguards. Require that employees:

  • Never use business and personal email interchangeably.
  • Enable multifactor authentication when working remotely.
  • Use an email encryption tool when transmitting sensitive information.
  • Adhere to mobile phone cybersecurity best practices—such as regular operating system updates and data backups.
  • Review personal and professional apps and the data collected and shared; disable phones and apps from tracking location when not in use.
  • Install anti-virus and anti-malware software on personal devices used to access work materials.


4. Don’t overshare on social media

Personal information on employees’ social media accounts can be used for social engineering attacks. For example, fraudsters can guess certain authentication questions for online accounts by gleaning personal details from social updates. Caution employees to:

  • Limit the amount of information published on social media, such as the names of children, pets or schools attended.
  • Report any suspicious activity or spam, which can come in the form of a post, message, email or friend request.
  • Describe job responsibilities generally, never referring to specific projects.

How JPMorgan Chase can help

In today’s world, cybersecurity is everyone’s business. Now that you know how to implement good cyber hygiene, you can help ensure that you and your commercial real estate employees are able to spot and react swiftly to a fraud attack.

JPMorgan Chase is constantly investing in cybersecurity to protect both our firm and our clients. Talk to your banking relationship team today to learn about what products and services can help your business improve its cyber readiness.

© 2022 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/cb-disclaimer for disclosures and disclaimers related to this content.

Real Estate Banking Commercial Real Estate Real Estate Community Development Banking Commercial Term Lending Cybersecurity and Fraud Protection

Get in Touch and Stay Informed