Major Cyber Threats to Real Estate Businesses.

While many industries have struggled to navigate the changes brought on by the pandemic, the real estate industry has continued to thrive. Although real estate has found ways to combat many of the unforeseen threats of COVID-19, cyber risks continue to be a heightened concern. Remote business operations have presented new digital vulnerabilities that, if left unprotected, can have disastrous and costly consequences on Canadian real estate businesses.

According to the CIRA 2020 Cybersecurity Report, approximately 30 per cent of Canadian businesses have seen a spike in the volume of cyberattacks and more than 50 per cent of businesses have implemented new cybersecurity protections in response to COVID-19. While this is certainly a step in the right direction, there is still work to be done as half of businesses still have not taken the appropriate security measures.

So, what are the five major cyber threats to real estate businesses and how can you protect against them? Let’s find out.

MORTGAGE CLOSING WIRE SCAMS

Wire scams are a very common cyber threat associated with payment transactions when buying a home. Hackers obtain personal information from upcoming homeowners by sending realistic-looking emails regarding mortgage closures. These emails commonly outline steps of how to wire the money over to the agent, but instead, the mortgage down payment is successfully taken by the hacker.

BUSINESS EMAIL COMPROMISE (BEC)

BEC is a type of cybercrime that tricks real estate employees into wiring funds to a fraudulent business partner. The hackers will mirror emails from CEOs, escrow agents or attorneys and wire funds to the con artist. This tactic has cost businesses billions of dollars and remains one of the most serious threats to real estate today.

TITLE FRAUD

Title fraud occurs when a fraudster executes an identity scam on someone else’s title. This starts with hackers stealing data from an unprotected real estate business or directly from the homeowners to obtain personal information. Email interception, phone scams and phishing attacks are the most common sources of identity fraud as victims unknowingly hand over personal information, unaware of the crime taking place. After the hackers have acquired the necessary information, fake identities are created using the hackers’ own picture and forged documents. The hackers will then undergo tasks like remortgaging the home or even selling the home while pretending to be the homeowners. Snowbirds are most targeted for these situations as potential buyers – and scammers – can view the home while the homeowners are away for months at a time.

UNPROTECTED INFRASTRUCTURE

Real estate businesses without secure IT infrastructure are more likely to be susceptible to cybercrimes such as malware, data breaches and ransomware. Due to minimal rules and regulations regarding a business’ in-house IT security, most real estate businesses have not invested in the proper training or programing to prevent them from cyber vulnerabilities. This is commonly seen with businesses that use cloud storage to organize data and other confidential information without embedding proper data protection software against potential hackers.

RANSOMWARE

The real estate industry, like many others, has been crippled by the effects of ransomware – a form of malware that can encrypt all data within a digital operating system. This makes all digital operations and systems unavailable until a ransom is paid by the business. This can be detrimental, especially to small real estate businesses, as most housing delegations and documentation processes are largely dependent on digital systems. These systems store information, undergo transaction details, communicate with business partners and clients and more. It only takes one employee to make the wrong click and lock out an entire business from essential workplace systems, forcing businesses to potentially pay a ransom with a hefty price tag.

WHY IS THIS IMPORTANT?

The pandemic has spiked an even larger demand for digital technology, and it is important for real estate businesses to not only adapt but do so safely and securely. The first step should always be to protect your clients, their personal information and the digital systems that help your businesses thrive. Implementing new cybersecurity technology and enforcing cybercrime training among staff are just some of the ways we can adapt to this new digital normal and prevent hackers from damaging real estate businesses across the country.

Published by FCT

November 20, 2020

The breakneck pace of technological change has fundamentally affected the way industries operate and innovate, and banking is no exception. Accessing financial services online has been the norm for years now, with an overwhelming majority of the population using digital channels for most banking transactions. The infrastructure that makes all of this possible, routinely processes massive amounts of sensitive data and needs to constantly evolve to ensure it all remains secure.

To gain a better understanding of how banks protect themselves and their customers, I spoke with Ali Farouk Shaikh, a Unified Communications Solutions Architect at Cisco Systems Inc. who works with major international financial institutions. Ali is a specialist in Software Defined Networking (SDN), with a focus on routing, encryption, and security for large financial services, retail, and manufacturing enterprises.

Where we were

How was customer and banking data handled by banks in the past?

In the classic model, all software applications and data for a bank would reside on a central data centre. Branches communicated with this centre through physical infrastructure entirely separate from (and unconnected to) what you’d use at home to access the internet.

Because of this, security parameters were well-defined. Data and locations were well-defined. It was cumbersome for external threats to access a bank’s network; conversely, it was difficult for users within the network to access the internet.

What prompted a change from that model?

What really started to drive transformative change was a combination of mobile devices and the cloud. The first iPhone pretty much broke the old model. Users could now access data from anywhere, and there was a demand for additional services to be delivered in a mobile-friendly way.

Simultaneously, modern applications were increasingly based in the cloud, leveraging external services such as Google, Microsoft and Amazon. This changing model meant that bank data was now moving in ways that it hadn’t before, and needed new modes of security and building modern infrastructure. In the industry, this is called the digitization of services—essentially moving from classic networks to networks for digitization.

So, the way customers wanted to access banking changed how banks operated?

Pretty much. The end-user experience has changed. Customers can’t be expected to come to the branch for banking anymore—both customers and bank employees use remote devices to access and provide service (whether this is smartphones or mobile devices on the customer side, or employees with iPads and a VPN on the bank’s side).

As a result, the applications (e.g. mobile banking apps) that provide this changed end-user experience had to move away from the traditional model. Banks were slow to introduce their own apps, but this was always the direction they had to head in. However, they also had to account for privacy and security concerns while meeting strict regulations—more importantly, they had to adapt and meet the requirements of a new digital world.

Now, these applications don’t reside with banks, they reside on the cloud and have to interact with various services that external companies like Google, Amazon, Salesforce, etc. provide. They rely on them for analytics, telemetry, auditing data, marketing data, etc. Because of this, the centers of data were no longer data centres. What I mean is, data now lived everywhere, from mobile devices to cloud services like Amazon Web Services (AWS). This new model required stronger safeguards, security, and encryption, because data now had to be transmitted over the internet.

Where we are

In light of this new model, how do banks ensure their data and their customers’ data is protected?

As I mentioned before, banks and financial institutions already had privacy, security, and regulatory compliance in mind when modernizing their operations. Now, there are three principles that are fundamental to maintaining a secure banking environment that satisfies both pre-existing and new regulations imposed by the government: confidentiality, integrity, and application security.

Could you elaborate on those principles? What does satisfying the “confidentiality” principle entail?

In this context, “confidentiality” just means making sure no one except you and your bank can see your data. Naturally, when using your banking application, you want to be assured that no one can access your data while it’s in transit. Banks go to great lengths to make certain that their systems use the highest encryption standards to protect their data and their clients’ data. This means that when using a properly developed banking app, no one will be able to see anything you’re doing on the app even should they somehow manage to covertly intercept your data. Confidentiality is achieved using the latest encryption—Transport Layer Security (TLS) with Advanced Encryption Standard 256 (AES256).

Side note:if you’re wondering how secure AES256 encryption is—it would reportedly take 77,000,000,000,000,000,000,000,000 years and the dedication of the entirety of earth’s population to crack one encryption key. Not to mention, all of those people would need 10 computers each, capable of processing 1 billion key combinations per second. So, it’s safe to assume it’s pretty secure!

What about the “integrity” principle?

Integrity means ensuring data isn’t tampered with in any shape or form. The desire for this is pretty self-explanatory: you’d naturally want your data to be safeguarded from being tampered with. This is achieved in a number of ways. There are mechanisms to enforce data-integrity checks at the machine-level, to make sure data isn’t corrupted or altered in any way while in transit or when stored. There’s a lot of technology and processes that are used to achieve this, including packet duplication, parity, checksums, asynchronous data replication, etc. etc. In essence, even in cases of outages and system failure, data has to remain secure, untampered with, and stored on multiple systems to avoid total loss.

The “security” principle seems straightforward enough, but what exactly goes into achieving that?

So, “security” is the aspect that actually protects users from malicious threats from both “state” and “non-state” actors. From a security standpoint, “state” actors are individuals or groups sponsored by foreign governments that carry out malicious attacks. Banks are critical pieces of a country’s infrastructure and are thus natural targets. “Non-state” actors operate in a similar manner, but without the support or direction of a foreign government.

Banks and financial institutions safeguard against these threats by using firewalls to ensure only authorized applications can access data. This is where Intrusion Prevention Systems/Intrusion Detection Systems (IPS/IDS) are applied, both to only grant access to authorized users and to protect against malware. There are also measures taken to prevent Denial of Service (DoS) attacks so that a customer’s access to their banking services isn’t interrupted. A combination of these techniques is used in what’s called “stateful inspection”—that is to say, before data can move between a client and a server, the data is inspected in multiple ways to ensure that it’s clean and legitimate.

All of this is done by banks to provide their clients with the highest level of security while giving them a new, modern banking experience. Governments are, of course, very actively engaged in setting and implementing standards for security, which include things like PCI-DSS (the standard for the payment card industry), SOC2, ISO27001, ISO9001, ITIL, etc. all of which banks need to meet in order to operate.

Security is taken very seriously, to say the least.

Where we’re headed

What do you think the future holds for the banking industry? Does that future come with its own set of challenges?

Well, there are a couple of things: there’s an increasing evolution of machine-learning, the data it provides, as well the services that can be built on it. Not to mention the 5G revolution that will further accelerate the digitization of the world. I think we’ll begin to see new banking experiences including packages tailored for individuals based on their data, as well as new modes of banking like virtual tellers. Of course, this is all predicated on next-gen technology that has started to enter the marketplace.

The protection of individual data is of paramount importance. Things will have to be secure, untampered with and protected from malicious entities.

Innovation is always a challenge, but the industry will adapt. It always does!

Published by FCT

Selling your home can be an extremely stressful experience. Between thinking about moving logistics and financials, it’s easy to miss the small details in between the process.

With that in mind, we’ve built this checklist for selling your home to help you keep track of the things that will get a potential buyer interested. Turns out, it’s not as simple as just fluffing pillows or doing a light dusting. “Put your buyer’s hat on and walk through your home like it is the first time,” Marilou Young, an Accredited Staging Professional and an Associate Broker with Virtual Properties Realty in the metropolitan Atlanta area, told Forbes.

Below is the ultimate checklist for selling your home.

GET FAMILIAR WITH THE PAPERWORK

For home sellers interested in the history of the house, make sure you’ve got all the information handy; this can include paperwork on renovations, property tax receipts, deeds and transferable warranties.

GETTING THE PRICE RIGHT

According to HGTV, it can be helpful to do some market research on what homes in your area are selling for- then shave 15 to 20 percent off that. This way, you attract multiple buyers who can end up outbidding each other and bringing up the price. While that can seem like a risky move, it could work in the competitive markets of big Canadian cities.

DEPERSONALIZE AND DECLUTTER

You want potential buyers to see themselves in the space, which is hard to do if you have family photos on the wall or personal items around. This would be a good time to start putting items in storage or try to keep your personal items out of sight. At the same time, you’re also ensuring that you’re keeping your house tidy—a must if you want to make your home sellable. Check around the house for dirt, stains or small cracks you might be able to fix. And if you have pets, make sure their litter boxes and play areas are also clean and odour-free.

FIND A QUALIFIED REALTOR

Realtors can be helpful to take some of the processes off your plate, including marketing your home and arranging open houses. If you do go this route, none of this list will matter if you decide to work with a realtor that doesn’t know the market inside out. You can search their name on the Real Estate Institute of Canada to ensure that they’re qualified, and meet with them to see if you mesh and understand how they price your unit. At Proptalk, we also have this handy guide for more details.

DON’T SKIP THE HOME INSPECTION

While presenting an unconditional offer may win you the home of your dreams, it can also end up costing you more than you expected. If you’re mortgaged to the max, you can’t afford surprises like repairs or replacements that you haven’t already budgeted for. Consider a Home Protection Plan that includes an 18-month warranty and up to $20,000 in warranty coverage for major household features such as foundation, roof, heating and cooling.

As you’re undoubtedly aware, the holiday season can be a very expensive time. Not only are there gifts to buy, but there can be a host of hidden extra expenses – gift wrapping, postage, and more take-out meals than normal for a start.

It’s therefore no surprise that many Canadians find themselves struggling to afford these extra costs; many wind up paying for the holiday season with their credit card. According to a study by lowestrates.ca, 63% of Canadians expect to do this, with just over half of those carrying the balance into the new year.

And since credit cards have some of the highest interest rates around, they can easily lead consumers into a spiral of debt.  Today almost a third  of Canadians have outstanding credit card debt.

how a chip reverse mortgage can help

If you’re worried that you’ll overspend on your credit card this holiday season, the CHIP Reverse Mortgage could be for you. The CHIP Reverse Mortgage is a financial solution for Canadians over the age of 55 that allows you to access up to 55% of your home’s value in tax free cash.

The money can be used for whatever you want. This could include consolidating debt – including credit cards – renovating your home, or increasing cashflow at certain times of year, such as the holiday season.

Lower Interest Rates:

The CHIP Reverse Mortgage has a number of benefits over regular credit cards, with the first being lower interest rates. While credit cards can have interest rates between 12 and 23%, the CHIP Reverse Mortgage has rates of 4-7%.  If you are using a credit card and don’t pay it off in full, the holidays could cost you less if you used the funds from a reverse mortgage instead.

No Monthly Repayments:

Another advantage the CHIP Reverse Mortgage has over credit cards is that it doesn’t require monthly repayments. When you take out a Reverse Mortgage, you don’t have to pay anything until you leave your home.* Without the need for monthly debt repayments,  your monthly cashflow will increase, helping you avoid starting the new year with holiday debts to pay.

Cover the Cost of the Holidays for Years to Come!

The CHIP Reverse Mortgage doesn’t have to support your cashflow only this holiday season, but funds can be drawn on time and again when needed.

For example, say you initially took out the CHIP Reverse Mortgage for $25,000, then later down the road you wanted to enjoy some more of the cash in your home. Provided there’s enough equity left, you can take a subsequent advance of a minimum of $5,000 – all without repaying the initial amount first.  As with the initial lump sum, this money can be spent on whatever you want, whether that’s covering the costs of future holiday seasons, completing long wished-for home renovations, or supporting adult children with the down payment for their own home.

The holidays can be a stressful time, especially if you feel you have to use your credit card to cover the costs – costs which are often carried into the new year. With the CHIP Reverse Mortgage, however, you can pay for the holidays this year and for years to come, relaxed in the knowledge that you’re enjoying lower interest rates and don’t have to pay back what you borrow until you leave your home.

For further details and to see how the CHIP Reverse Mortgage can help you, please contact your DLC Mortgage Professional.

*You must continue to pay your property taxes and insurance and maintain your home in good condition.

Written By: Agostino Tuzi
Post Sponsored by HomeEquity Bank