By Garrett Sutton, Esq.
Is anyone protected from a cyber security breach? And what 7 steps can you take to protect yourself?
Universities, retailers and even the government have all been exposed to cyber thieves. The government’s office of Personal Management lost over 5 million fingerprint records, unique data points that can’t be altered like a PIN code. The IRS lost confidential financial information on hundreds of thousands of tax payers. No one knows the cost to correct the error. One can only hope our nuclear codes are not stored somewhere on the internet.
Real estate transactions are the next activity under cyber attack.
Why? Because a lot of money can be reached. Hackers will start by breaching an email account of a busy broker. This is easy to do. Many brokers and agents do business from public places such as coffee shops. Their email address is found on marketing material and for sale flyers. The hacker can easily gain access to an email account and then follow what the broker, the escrow officer, the banker and all the others in a transaction are doing.
Suppose John and Mary are two brokers on each end of a large transaction. After learning details of the deal by following John and Mary’s email exchanges the hacker then inserts himself into the exchange through ‘spoofing’.
To spoof is to fool by a hoax or to play a deceitful trick on someone. The spoofing here is to pretend to be another person.
The hacker knows that Mary’s email address is firstname.lastname@example.org He creates a new account as email@example.com and inserts himself into the discussion. The hacker knows the details of the transaction and poses a knowledgeable question. John responds to this simple request from Mary at the new email address. Soon, the emails – all of which look legitimate and contain factually correct information – are being directed at crucial time to the spoofing hacker. A request for a change in wiring instructions does not arise any suspicions. Until it is too late and the money is gone.
What 7 Steps Can You Take to Prevent Fraud?
Cyber law experts suggest a number of steps to take to prevent fraud. These include:
- Use the best firewall and anti-virus programs you can afford.
- Frequently change the user names and passwords on your email accounts.
- Use really long passwords of at least 20 characters or more. The longer the password the harder it is to crack.
- Transmit sensitive information by other means than email.
- Before wiring any funds contact the person providing the wire instructions by telephone to verify.
- Clean out your email accounts regularly.
- Trust your gut if an email looks suspicious or if you aren’t sure about a link, don’t open it.
What if there is a loss associated with a security breach? Do you have the right insurance?
Most general liability and business insurance policies do not cover cyber claims. However, cyber liability insurance is available. You should consider asking your insurance agent about it.
I have written more about cyber liability insurance in my new book, Finance Your Own Business. No matter what business you are in it is worth considering such a policy.
The cyber criminals are only getting more aggressive. You need to be prepared for an attack.