Cybersecurity Tips: Insights from The Counselors of Real Estate

(CHICAGO)–October 20, 2017–Do you think your company systems and data are secure? Don’t be so sure. According to cybersecurity legal expert Dr. Sunny Handa, Partner, Blake, Cassels & Graydon LLP (Blakes), who teaches at McGill University, any organization can–and probably will be—hacked. It’s just a matter of when and how. This is one of the insights heard in Dr. Handa’s presentation at The Counselors of Real Estate’s recent annual convention in Montreal.

Quoting the former CEO of Cisco, John Chambers, Dr. Handa said, “There are two kinds of companies–those that were hacked, and those that don’t yet know they were hacked.” With the global hacker economy three to five times the size of the security industry, he urged all business owners and real estate practitioners–regardless of the size of the company–to proactively take steps to secure their company from the financial and reputational damage cyberattacks can cause.

According to The Counselors of Real Estate’s 2017-18 Top Ten Issues Affecting Real Estate, technology has revolutionized the property industry, with an unprecedented wave of innovation changing the way real estate is bought, sold, and managed. The pervasiveness of hackers–and the threat that internet intrusion presents to businesses, product functionality and homes–makes cybersecurity a top priority for real estate business owners and practitioners.

What’s the Difference Between a Cyber Attack and a Data Breach?

Cyber attacks are targeted intrusions into a company’s computer systems. A data breach involves unauthorized access to, use, or disclosure of personal information. Both types of attacks make headlines in the news on a daily basis, most notably when a department store, corporation, online company, or most recently, a credit bureau, has been breached.

Dr. Handa urged the audience of commercial real estate advisors to be aware of the types of IT attacks they or their clients could encounter, including viruses, “Trojan horses,” ransomware, password attacks, phishing, and denial of service attacks–caused when outside entities bombard a company’s server with emails or requests for information, causing system overload, thereby preventing legitimate contacts from reaching the company to conduct business.

Tech Convenience vs. Security

If devices in your company, office building or home are interconnected through a device (“the Internet of Things” or “IoT”), Dr. Handa advises caution. He explained there were more than six billion interconnected “things” in use in 2016–such as lighting systems, company computers and printers, HVAC, even medical devices. Intrusions are much more frequent than expected: an interconnected-device attack takes place every two minutes. This pits convenience against security–95 percent of large companies have been targeted by malicious traffic, and 65 percent of organizations that were attacked say the attackers evaded existing preventative security tools in place.

The cost of NOT preventing a data breach? It’s not just financial:

  • 33 percent of companies take more than two years to discover a breach;
  • 54 percent of breaches remain undiscovered for months;
  • 55 percent of companies are unable to determine the cause of a breach; and
  • It takes an average of 66 days to resolve a cyber attack.

How You Can Prevent a Cyber Attack at Your Company

While hackers are continuing to develop more sophisticated attack methodologies, real estate practitioners can better protect themselves and their clients if they take precautions–many of which are basic in nature. It isn’t necessary to be a security expert to enact better controls at any size of company. If security expertise does not exist within the company itself, Dr. Handa strongly recommended hiring an expert or a firm that specializes in protecting systems, and ultimately your reputation. The basic elements of a proactive plan include:

  • Establishing a company-wide information security team
  • Preparing a data map and data risk analysis
  • Providing cybersecurity training for employees
  • Developing a strict vendor management program
  • Creating a specific plan to enact if there is an attack—and practicing it
  • Considering appropriate cyber liability insurance

Successful security strategies include developing clear policies for company computer use, data use and passwords—and monitoring and enforcing the policies once they have been put in place. If all precautions fail and an attack occurs, it’s important to be prepared to act quickly.

Dr. Handa said company executives must consider notification obligations and risks, ensure communications strategy minimizes litigation risks, and manage employee communications carefully. Employees are not only on the front line with customers and vendors, they will be asked about the breach by friends and family – so carefully controlling communications could help reduce the risk of misinformation, which could cause more disruption and reputational damage.

The Counselors of Real Estate organization and its members are known as pragmatic futurists and thought leaders who present objective, balanced views on issues of critical importance to real estate and the world. Members of The Counselors include real estate senior executives and business owners in the United States and more than 20 other countries.

The Counselors of Real Estate®, established in 1953, is an international group of high profile professionals including members of prominent real estate, financial, legal and accounting firms as well as leaders of government and academia who provide expert, objective advice on complex real property situations and land-related matters. Membership is selective, extended by invitation. The organization’s CRE® (Counselor of Real Estate) credential is granted to all members in recognition of superior problem solving ability in various areas of real estate counseling. Only 1,100 people in the world hold the CRE credential. For more information, contact The Counselors of Real Estate, 430 N. Michigan Avenue, Chicago, IL 60611; 312/329.8427; http://www.cre.org