What attracted many title insurance producers to a career in the title industry was the social aspects of the day to day profession. The individual social qualities of empathy, ethics, commitment to hard work and a desire to improve the lives of others were the characteristics that made title insurance professionals successful in their practices and with their clients. Even marketing companies recommend enhancement of your individual and company “social media” presence to continue to grow your business and define your image in the marketplace. However, the advent of technology has now allowed the real estate industry to be a common target for cyber hackers. According to leading industry cyber professionals 97% of cyberattacks start with social engineering. So, who is the weakest link in your office? Perhaps it is you or your employees who have an enhanced presence on social media who are being targeted by cybercriminals who are getting access to systems by deceiving individual users.
So how does it work? From the distant comfort of a computer thousands of miles from your business, cyber hackers go the extra mile to learn about you through social media. They will try to penetrate you or your employees while you are at work and they know the levels of defense set by Corporate IT professionals. Hackers will use your personal social media accounts to learn about you, your friends and where you work. To make the attack authentic, they will use information you post on social media in ways you or your employees would not expect.
For example, as the owner of a title company. You allow employees access to social media like Facebook, Instagram and Twitter on company computers and your employee posts on Facebook the television they purchased on Amazon. The attacker may send a spoofed email from Amazon with invoice, shipping and warranty information. The email will have an infected attachment or link to a malicious website. If the employee opens the attachment, the malware will try to exploit any weaknesses on your computer. If you click on the malicious link, it may redirect you to a website that looks like Amazon and ask you to login. Once the employee types in their user name and password, the employee will receive a warning that the password and immediately redirect the employee to the real Amazon site. The employee again types the user name and password and Amazon allows the employee access to the site. The employees will believe they mistyped the password the first time – but, your employee gave a valid user name and password to the cyber hacker.
So why is this a problem? Cyber criminals want access to business deposit accounts, real estate software, business e-mail and business log in credentials; your company’s crown jewels, and you or your employees are the path to allow access inadvertently. Hackers want employees to have social media access on work computers to connect to your employee’s personal social life, so the cyber criminals can bridge that gap to the data they want. JP Morgan has estimated that 27 percent of wire transfers in 2014 were affected by either attempted or actual fraud.
When it comes to cybersecurity, the old saying is true – your company is only as strong as your weakest link. So…. what can a business owner do to protect against cyberattacks?
- Keep your business and personal life separate on social media. Do NOT accept invitations from people you don’t know, regardless of the social media platform. Facebook recently confirmed that 600,000 fake accounts are created daily. LinkedIn, the business networking equivalent of Facebook has admitted they don’t know how many fake accounts exist on their platform.
- Keep your systems and auxiliary tools (Java, Macromedia, Adobe) fully patched. With few exceptions, malware always needs unpatched vulnerabilities to get in.
- Keep your browser and all plugins updated. Flash and Java are most the exploitable add-ons.
- If you handle wire transactions, when you receive a last-minute or urgent request with wiring instructions, do your due diligence. Call the sender to verify and DO NOT respond to the original email.
- Don’t reuse your password on multiple sites. Set up a unique password for each site you visit. If your credentials are stolen from one website, they will be tried everywhere else.
- As a business professional, always use encrypted email when sending wiring instructions, and use telephone communication to confirm any changes.
- Dedicate a separate office computer, unlinked to the business operations, for employee access to Facebook, Instagram, Linked In and on-line shopping platforms throughout the business day.
Home ownership in the United States is facilitated by title insurance produces and we as title professionals are critical part of the process. As an industry and as an individual, title insurance professionals need to commit not to be the “weakest link” in the largest transaction most of us make in our lifetime. Be safe and stay secure.
Mark S. Lynch, Esq. CLTP, Director Emeritus
Editor, MLTA Commitment