In 15 years with Baird & Warner, VP of Technology Mark Steward recalls only a handful of agents whose email accounts were hacked. He is quick to point out, however, that the number of attempts is high, with wiring fraud being the most egregious and common attack. Steward, in year four of his current role, says that if an email hack happens, damage can be limited if agents act quickly and follow these steps.
1. Change Your Passwords – If an online assailant knows your password, then you need to alter it immediately. “If your email is hacked, you need to change your passwords to get the bad guys out,” Steward says. He recommends creating passwords that include upper and lowercase letters, numbers and symbols.
2. Alert Relevant Parties – New passwords block hackers from doing future damage, but they don’t account for harm they might have already caused. Steward says hackers often pose as agents and send clients false wire instructions. Such messages are often hidden from agents, so they need to warn their clients. Agents should also contact their brokerages to ensure a widespread cyber attack did not occur. Lastly, Steward says agents should proactively call on their attorneys to consult about potential liability lawsuits.
3. Invest in a Password Manager – If Realtors use their email password for other accounts, then those too might be compromised. An easy way to avoid that mess is to use a password manager. Steward uses LastPass, a secure platform that saves login information for multiple websites, accounts or applications. Realtors can make their various passwords as diverse as they like and be tasked with remembering just one. “It gets to a point where you don’t know all of your passwords, but LastPass does,” Steward says. “You just need to know one good password to protect the LastPass account.”
4. Use Two-Step Authentication – As another security measure, Steward says agents should ensure that they use two-step authentication for their email accounts. It is easy to set up and serves as an extra roadblock to digital trespassers.
5. Don’t Send Documents Via Email – If agents were sending important documents via email before a breach, they should certainly stop doing so afterward. “It’s no longer safe to send customers’ personally identifiable information via email,” Steward says. He recommends using a secure document transmission platform to add an extra layer of security in case of future attacks.