When it comes to cybersecurity and wire fraud prevention, people are the weakest link in the security chain. In 2018, 48% of data breaches came from malicious or criminal attacks, while 27% came from human error. This means 75% of data breaches could have been prevented, along with countless wire fraud attempts associated with the compromised data.
Fraudsters now use social engineering to trick people into giving up their confidential data. This is all done without actually breaching the victim’s digital defenses. When people put up personal information on public forums, cyber scammers can exploit their data to create convincing attacks through methods such as cloned emails.
To prevent wire fraud, all real estate transaction participants should become the first line of defense. While it’s true they can be the weakest link in your security chain, they can also be the strongest. With proper instruction and continual education, all involved parties can help tighten security and block attacks from cyber perpetrators.
In our last article, we touched on the four cornerstones of wire fraud prevention. In this article, we’ll give you some tips on training your people to spot, report, and defend against fraud attempts.
In Q1 of 2018, social engineering attacks rose by 500%. This shows us that the ability to discern between fake and genuine communications is crucial in blocking wire fraud attempts.
There is a 96% average failure rate for all phishing campaigns. As communication in the real estate industry becomes more digitized, this is simply unacceptable.
Showing your employees real examples helps them identify the small, tell-tale signs of fraudulent impersonation. Google’s phishing quiz is an excellent way to test if your workforce knows what social engineering looks like. With realistic examples of legitimate vs. phishing emails on each page, it shows the elements of genuine or fake messages.
The most important thing to remember is that cybersecurity training shouldn’t be a one-off event. Fully 96% of cybersecurity professionals agree that continual education is of the utmost importance. Without ongoing training, your real estate firm becomes extremely vulnerable to wire fraud attempts.
Test your employees
Testing your employees is a great way to gain valuable insight into how well your real estate company can handle social engineering attacks.
Consider conducting unannounced phishing tests created by a third party, such as PhishMe or Wuvavi. The simulated testing offered can be very cost-effective to perform and provide results that prevent real attackers from tricking your employees in the future.
PhishMe is free for organizations with less than 500 employees. You can run up to 12 scenarios a year and choose from 18 different templates. The service also comes with educational content and a dashboard for analytics and metrics.
Wuvavi has similar services but also offers cyber awareness training that can help teach your employees to become more vigilant and aware of phishing attempts. Their awareness training is funny, informative, and effective.
Compare the average cost of $34,604 a year for a small business hit by a cyber incident. Running regular phishing tests is a cost-effective precaution. The outcome is that your business becomes known as a trusted partner for wire transactions.
Practice good digital hygiene
Like good personal hygiene keeps your body healthy, good digital hygiene keeps your data safe. Your organization and all transaction participants need to practice meticulous digital hygiene.
Every employee should limit the amount of personal information that’s publicly available. For instance, any of their posts and details on social media should be private. If fraudsters can’t get to the data, they can’t use it to craft phishing emails.
Here are some more tips on how your real estate business can practice good digital hygiene.
Contain sensitive data within company software platforms
It’s vital your employees never distribute information outside of standard company software platforms. Be particularly cautious of emails, electronic documents, or other third-party sites.
It is more convenient to answer an email directly when information is requested, but don’t do it! The lack of encryption makes it easy for cyber scammers to hijack the data and any related transactions.
Use strong passwords and a password manager
Fraudsters work to gather user credentials through brute force attacks. They use programs that try various combinations of usernames and passwords until they’re successful. This is why you should create complex passwords with upper and lowercase letters, numbers, and special characters.
In 2018, 62% of phishing campaigns captured at least one set of user credentials. Using the same credentials for multiple accounts puts sensitive information at extreme risk. For this reason, it’s good practice to use separate, hard-to-guess passwords for each account.
However, generating and remembering which password belongs with which account soon becomes difficult. This is why we recommend you use a password manager like LastPass or 1Password. These add-ons not only manage all your passwords but also encrypt them for safer storage.
Enable two-factor authentication (2FA)
2FA is the use of two steps to gain access to an account. For example, you may be asked to enter a code that’s sent to your mobile phone moments after you submit your password.
This type of authentication adds an extra layer of security, especially in the case of brute force attacks. Including this second step will stop a cybercriminal who won’t have access to the phone receiving the code.
Create a safe environment
The IT team should be viewed as trusted advisors for the operational departments in your organization. Your workforce needs to feel secure, knowing there are no negative consequences for communicating threats and anomalies. When questions are welcomed, it creates a safer environment for everyone.
If there’s no trust in your office, it’ll hinder efforts to prevent, stop or reverse wire fraud attacks. Without trust, employees aren’t empowered to step up with crucial information, leaving your business exposed to attempted cyber attacks.
Next up in this series of articles on wire fraud prevention: The subject of business processes.