Protecting yourself and your business from security breaches matters more than ever. As digital interactions increase, the opportunities for cyberattacks also increase.
Every business and its employees must be alert and equipped to minimize the risk of a security breach. Qualia recently participated in the American Land & Title Association’s (ALTA) security-focused webinar “How to Get Your Cyber House in Order.” Below are some of the security best practices and takeaways shared during this ALTA Insights virtual event.
Everyone is a target for cybercriminals
In the United States, cyberattacks are now considered the fastest-growing criminal activity. In recent years, cyberattacks have been gaining in size, sophistication, and cost. It is estimated that the damage for all cybercrime will hit $6 trillion annually by the end of this year. The undeniable truth is that cybercriminals do not differentiate who they attack, they’ll attack anyone, and they are getting more creative as more people move online to conduct their day-to-day business.
Studies show that small businesses are particularly vulnerable to security breaches because they may lack the expertise and resources to protect themselves from threats. Here are a few staggering cybercrime stats:
- 58% of malware attack victims are small businesses
- 1 out of 13 web requests lead to malware
- 94% of cyberattacks come through malware or phishing emails under the guise of bills, invoices, email delivery failure notices, or package delivery notifications
- In email instances, the Federal Bureau of Investigation’s (FBI) 2020 Internet Crime Report reported $6 billion in losses in the United States from 2016 through 2020 and $3.6 million of that in the just the last 2 years (January 2019–December 2020)
Best practices for protecting against security breaches
People remain the weakest link when it comes to cyber threats. It is reported that 95% of cybersecurity breaches are caused by human error. However, there are ways to protect against human error-led security breaches.
Protect your connection. Avoid public wifi at all costs. Public wifi is precisely that—public. It is shared and vulnerable to interlopers wanting to access personal information. There are safer alternatives, such as a virtual private network (VPN) or tethering. A VPN connection is a secure connection between you and the internet. Through the VPN, data traffic is routed through an encrypted virtual tunnel. Device tethering means connecting a smartphone to another device (such as a laptop or tablet) so the device can use the phone’s internet connection to get online.
Update, update, update. It may be an annoyance to see constant update notifications across your phone, tablet, and desktop, but they are critical to your devices’ security health. Software providers release updates frequently that include patches and bug fixes. Regularly update devices and internet browsers. Updating can be as simple as restarting the browser.
Utilize password managers. An estimated 300 billion passwords are used by humans and machines worldwide. Passwords can easily be compromised, especially if the same password is used repeatedly, is easy to guess, or is shared among colleagues, friends, and family. Leveraging a password manager can help keep passwords safe. These systems create unique passwords for every site and store them securely. Some popular password managers include LastPass or 1Password.
Turn on multi-factor authentication (i.e., “two-factor authentication” or “2FA”). Multi-factor authentication is defined as “an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence.” Simply put, you’ll need multiple proof points that you’re an authorized user to log in to a system. For example, 2FA may require that you enter your password followed by a code that you receive via text message or email. Having 2FA can help to drastically reduce security breaches because the password would no longer be sufficient to grant cybercriminals access to information.
Employing all of these best practices can protect you and your business from various forms of online fraud.
Impact of cyber threats on the real estate industry
Title companies, real estate agents, mortgage lenders, buyers, and sellers are all vulnerable to wire fraud. And scams targeting the real estate industry continue to rise. The highest reported fraud was business email compromise/email account compromise (BEC/EAC). In this instance, cybercriminals hack into legitimate email account conversations, assume the identity of the real estate professional (title agent, real estate agent, or lender), and send the buyer false wiring instructions. In 2020, the FBI reported over 19,000 complaints of BEC, with reported losses totaling over $1.8 billion. According to ALTA’s 2021 Wire Fraud and Cyber Crime Survey, title insurance professionals reported that cybercriminals tried to reroute funds into fraudulent accounts during one-third of all real estate and mortgage transactions.
Title companies must take extra precautions and educate themselves and their clients, protect their email, and require wire information in-person when possible. One strategy to reduce wire fraud is to call the client directly to verify the wiring instructions over the phone. If there are any changes to wiring instructions, the title company should investigate before taking any action.
A multi-channel communication process can help mitigate wire fraud instances. For example, a multi-channel protocol would require a title agent to make a phone call if any wiring instructions are adjusted via email. It’s also important to maintain multi-channel protocols even in the face of missed deadlines or urgent timelines. Cybercriminals operate on creating false urgency. The sense of urgency creates anxiety and prevents real thought before taking any action.
A much safer option is a secure closing platform. Qualia Connect brings the entire closing team together onto one secure, cloud-based platform—facilitating communication and document sharing between title & escrow, real estate agents, lenders, and consumers.
Educating homebuyers about the severity of wire fraud
Homebuyers are particularly vulnerable to cybercriminals. According to the National Association of REALTORS®, in 2020, existing-home sales reached the highest volume (6.76 million units) in over a decade. The same study found that 31% of home sales were to first-time homebuyers. Cybercriminals often prey on inexperienced first-time homebuyers who feel uncertain during the home purchase process. The results are catastrophic— the FBI reports that consumers lost over $213 million in 2020 from real estate wire fraud. The numbers are likely higher than the reported figures. Only 15% of all wire fraud incidents are reported, according to the FBI.
The best thing real estate professionals can do is educate the end consumer about the severity of wire fraud. Consumers have a common misconception that banks or title companies can recoup stolen wired funds. It can be extremely difficult to nearly impossible to recover stolen funds, and it’s particularly difficult if the funds have been transferred overseas.
It’s strongly recommended that businesses notify the FBI of wire fraud whenever it occurs, regardless of the amount. Legislators look into this data to see how much effort they should put towards wire fraud prevention. Plus, by reporting quickly, there’s still a potential that funds could be recovered. The Financial Fraud Kill Chain (FFKC) is an FBI program that can cut off large ($50,000+) international wire transfers stolen from the United States if it is caught within 72 hours.
Be proactive with a security strategy
The security protocols above can help protect your business; however, a solid security strategy starts with your core technology and workflow software. Title companies must be vigilant when selecting a software provider and focus on their data privacy and security. Qualia has built systems and constructed the software around providing the maximum amount of data privacy and security for all users and has received independent verification of these procedures. The Qualia platform is ISO 27001 and SOC-2 certified, and was built with the goal of helping Qualia users stay fully ALTA Best Practices Pillar 3 compliant.
For more information on Qualia’s security and privacy policies, click here.