Information Security and Cybersecurity in Real Estate

With increasing threats to businesses related to the loss of tenant, purchaser, and employee information, cybersecurity is an important area that the real estate sector should proactively address. As the industry increasingly utilizes technology—such as third-party, cloud-based applications and storage—there is an increased incentive to protect information while staying competitive with technology.  

Businesses often view an investment in cybersecurity as an added expense, but it can also provide a competitive advantage. With the media highlighting cybersecurity breaches daily, tenants want to see that their information is (and remains) protected. Cybersecurity insurance policies can be tailored to clients’ needs and, with proper controls, can be affordable. Preventative measures can help a business avoid potential business reputation loss and costly legal proceedings that can be incurred when dealing with a cyberattack. 

Key Cybersecurity Tactics 

Map Your Data 

Data mapping allows businesses to understand what information is being stored, where it is being stored, who has access, and how it is being protected. This exercise allows you to reduce risks and improve where needed. 

Look Outside of Your Own Company 

Partners, such as vendors, should be evaluated for what protections they have set for the shared data. EisnerAmper recommends requesting a copy of the Service Organization and Controls (SOC) report from vendors and software providers. This report provides details as to whether controls are effective and if there are any areas of concern. 

Establish Internal Guidance and Protocols 

Employee training and proper policy- and risk-assessment practices are valuable. With the use of document storage on computer drives and mobile devices, it is important to set policies for employees to follow regarding document security. 

Avoid Overstoring Data 

The more data that is stored, the higher the probability that said data can be compromised. Storing information in excess of regulations or required for a business purpose creates unnecessary risk. 

Maintain Compliance 

With ever-changing technology comes a growing list of regulations and guidance from governing agencies, and compliance is critical. It might be easier to garner support from investors to finance cybersecurity measures that are required by law rather than just as a prudent practice. 

Businesses often fail to act on cybersecurity until after an incident has occurred. According to the FBI’s 2023 Internet Crime Report, real estate organizations lost nearly $400 million across 11,000+ victims. These recommendations and comments let business owners consider various planning opportunities to protect their assets and create a plan to defend against cyber risk.