Humanity is more technologically advanced than ever before, from incredible advancements in interconnectivity in commercial and residential properties to the constant evolution of the phones in our pockets. In the shadows of these incredible advancements, cyber criminals continue to evolve their attack vectors, aiming at individuals, corporations, and even governmental entities.

To safeguard our digital spheres, it is crucial for commercial real estate (CRE) professionals to grasp and implement effective cybersecurity measures. There are many methods to protect, and many avenues to monitor, and this article will help prepare you for the cyber threat we all face.

Building Knowledge and Awareness

Continuous learning is one of the strongest defenses against cyber threats. Stay informed about the newest tactics, attack vectors, and trends by regularly perusing reliable sources, security blogs, and news outlets. Such resources provide insights into emerging threats and evolving best practices. By maintaining an updated knowledge base, you can better identify, anticipate, and mitigate potential vulnerabilities. For CRE professionals, CRE Insight Journal offers a wealth of resources on cybersecurity, shedding light on the intersection between commercial real estate and digital security.

Protecting Your Accounts

Robust and unique passwords often are the first line of defense against unauthorized intrusion. Ensure that you have strong and unique passwords for all your online accounts. Incorporating a mix of uppercase and lowercase letters, numbers, and special characters helps enhance password strength. Another option is to create a phrase or question for your password, such as HowManyTenantsAre@1300AveBlvd?, this tactic can allow for a very strong password with upper and lower case letters, special characters, and numbers. Refrain from using easily decipherable information like birthdays, pet or family names, or common phrases. A few options include LastPass, Bitwarden, and Dashlane, to name a few.

When making a password or setting security questions, do not use any information or names posted to social media, if you are targeted for an attack, public facing social media accounts are one of the first stops for a would-be cybercriminal. Social media platforms can inadvertently disclose personal information and provide cybercriminals with valuable data for social engineering attacks. Review and adjust your privacy settings to limit the visibility of your personal information. Exercise caution when accepting friend requests or engaging with unknown individuals. Avoid publicly sharing sensitive or personal details, as these can be leveraged for targeted attacks or identity theft.

Two-factor authentication (2FA) is an added layer of security by necessitating secondary verification. This commonly involves receiving a one-time code on your mobile device or utilizing a 2FA application on your mobile device. Enable 2FA wherever possible, especially for critical accounts such as email, banking, and social media platforms. The second verification layer provides a robust safeguard against unauthorized access, even if your account’s password is compromised.

Software, System Updates, and Antivirus Solutions

Consistent software, applications, and operating system updates are integral to the defense against cyber threats. Developers regularly launch updates to fix vulnerabilities and rectify security flaws. Old software can offer a potential entry point for cyber attackers, so keeping your software, including building automation systems (BAS) and connected internet of things (IoT) devices up-to-date can help decrease the risk of intrusion or exploitation.

Trustworthy antivirus and anti-malware software are integral in combating known threats. These programs regularly scan and monitor your system, files, and downloads for malicious or unusual activity. Keeping your antivirus software up to date with the latest virus definitions allows it to effectively identify and block new threats.

Email Practices and Anti-Phishing Measures

Phishing attacks continue to be a prevalent avenue of attack for cybercriminals to deceive individuals and access personal data. Exercise vigilance when opening emails from unfamiliar sources or clicking on suspicious links and attachments. Recognize signs of phishing, such as misspelled URLs, unsolicited requests for personal information, or urgent calls to action. If uncertain, validate the legitimacy of the email or website directly with the supposed sender. You can learn more about how to deal with email attacks and social engineering  

Securing Networks and Mobile Devices

With the increase in remote and hybrid options for work, home networks often serve as a gateway to multiple devices, making them an appealing target for cybercriminals. Enhance your home network security by altering the default router login credentials (a good habit in cyber hygiene), enabling encryption (WPA2 or WPA3), and regularly updating the router firmware. Deactivate remote management and consider implementing a network firewall to filter inbound and outbound network traffic.

Firewalls serve as a formidable barrier between your device and the internet, scrutinizing incoming and outgoing network traffic for any suspicious activity. Enable firewalls on all your devices, including personal computers, smartphones, and tablets.

The pervasive use of mobile devices and the sensitive information they house makes them another attractive target for cybercriminals. Safeguard your mobile devices by enabling passcode or biometric authentication, regularly updating the operating system and applications, and only downloading apps from trusted sources like official app stores. Be wary of app permissions and only provide access for necessary functions.

As you use your mobile devices and laptops, keep in mind that public Wi-Fi networks can pose significant security risks. When connecting to such networks, avoid accessing sensitive information or conducting financial transactions. Consider using a virtual private network (VPN) to encrypt your internet traffic.

Fostering a Culture of Security and Incident Response Plan

Creating a culture of security within organizations is essential to protect against cyber threats. Educate employees about cybersecurity best practices and train them to identify phishing attempts. Establish clear policies regarding data handling, access control, and incident reporting. By regularly communicating the importance of cybersecurity within the organization, you can cultivate a vigilant and security-conscious workforce.

As you develop your culture of cybersecurity, conduct periodic security audits of your digital environment. This is key to identifying and addressing potential vulnerabilities, and these audits should happen regularly as a part of your wider cybersecurity plan. This entails reviewing your devices, networks, and online accounts, revoking access privileges for unused or outdated accounts, removing unnecessary software or plugins, and monitoring your online presence for signs of compromise. For CRE professionals, regular security audits help to ensure the security of not just their personal data but also sensitive client and property information.

Despite the implementation of preventive measures, it’s crucial to be prepared for a major breach. Develop an incident response plan that outlines the steps to be taken in the event of a security breach. This could include isolating affected systems, contacting relevant authorities or cybersecurity professionals, and communicating with tenants and staff relevant information. Be sure to regularly test and update your plan to ensure its effectiveness and to adapt to evolving threats and business needs.

The final tip is to ensure you have regular data backups. Regularly backing up your company’s data is a vital practice to minimize the impact of ransomware attacks, hardware failures, or unintentional data loss. Implement both local and cloud-based backups to ensure your backups are running. Verify the integrity of your backups periodically and make sure that the storage is secure. This way, you can restore your data and systems to a known secure state, lessening the potential impact of a breach.

Developing a Plan

While cyber threats pose significant risks in our digitally interconnected world, individuals and organizations can substantially reduce these risks by adopting proactive measures. For commercial real estate professionals, building a comprehensive cybersecurity plan—encompassing education, strong password practices, data backup strategies, software updates, network protection, and robust incident response plans—is essential. Such a plan not only safeguards your professional and personal digital lives but also demonstrates to clients and stakeholders that you take their digital safety seriously. Remember, the key to robust cybersecurity lies not just in having the right technologies in place, but also in fostering a culture of cybersecurity awareness and vigilance.

To stay up to date on news and resources such as this and other topics of importance to the real estate industry, subscribe to the free CRE Insight Journal Newsletter using this link.