Push for Cyber Security in Real Estate Transactions

  • August 2, 2015
  • devinlucas
Newport Beach, Costa Mesa and Orange County real estate consumers and professionals take note of cyber security issues in real estate transactions.  We all take email for granted. It’s an amazing tool that has impacted and changed the way we all communicate. But until some recent high-profile events, people thought little, if at all, about the security of their emails. As REALTORS® (and title, escrow and lenders), we are entrusted with our clients’ (and others’) sensitive data, such as social security numbers, bank accounts, dates of birth, etc. (just think of all the pre-approval letters, proof of funds documents, title/escrow statement of information sheets, etc.). Do you email that data around? Do you do so using public Wi-Fi connections?

As real estate professionals should be aware, there are many changes in the pipeline dealing with the Truth in Lending Act (TILA), the Real Estate Settlement Procedures Act (RESPA) and the Consumer Financial Protection Bureau’s (CFPB) oversight. A less-known issue is the topic of email encryption. Non-public information (NPI), such as social security numbers, must be protected. While the current rules seem to fall short of outright mandating email encryption, “NPI should only be delivered via secure methods.”

You don’t have to be SONY Pictures to be prone to cyber attacks. Daily, there are countless small businesses and individuals getting “hacked.” Often data is stolen; but frequently data and computers are held hostage, frozen for ransom, typically demanding payment via bitcoin or threatening to delete all data and render the computers useless. Many companies do not publicly report these attacks, though there have been reported cases in real estate including wire transfer instructions being intercepted, altered, and then forwarded on with the consumer then transferring money to an offshore bank account.

What to do? – It’s easy to beef up your security; but virtually impossible to be 100 percent protected. Foremost, use strong passwords (“Rea!estate%^_@444” vs. “Realestate”). Never connect to a public Wi-Fi without using a VPN (there are hundreds of companies that provide these “virtual private networks”), and probably best to use that same rule even at the office or home Wi-FI networks. Never open attachments or click links from emails you don’t 100 percent trust. This seems obvious, but all it takes is one staff member opening a link on their networked computer, and everyone’s in trouble. Redact sensitive client data before sending to others. Backup your data frequently and keep offsite copies – don’t keep your backups connected to your computers. Larger outfits must invest in serious cyber security and everyone should consider encrypted emails when it comes to NPI. By no means is this an inclusive list, check with your office’s IT department for additional technical tips and your brokers/supervisors regarding any further compliance issues; fellow independent operations must seriously look into these issues or hire appropriate consultants.

-Devin Lucas


Author Devin R. Lucas is a Real Estate Attorney, Broker and REALTOR®, specializing in Newport Beach, Costa Mesa and Orange County, serving individual, investor and small business interests in real estate.  Active with the Newport Beach Association of REALTORS® and Costa Mesa Chamber of Commerce, Devin R. Lucas Real Estate is an independent real estate brokerage and law practice located in Newport Beach, California.

Devin R. Lucas Real Estate
Real Estate Attorney | Real Estate Broker | REALTOR®
devinrlucas.com | [email protected] | BRE No. 01912302
949.478.1623 office | 888.667.6038 fax

2901 West Coast Highway Suite 200
Newport Beach | California | 92663-4023

Official Site | Blog | LinkedIn | Facebook | Pinterest | Google + | Yelp | Avvo | Twitter | Zillow |

—-Disclaimer —-
The content on this blog is for informational purposes only. Nothing on this blog should be construed to be legal advice, and you should not act or refrain from acting on the basis of any content on this blog without seeking appropriate legal advice regarding your particular situation, from an attorney licensed to practice law in your state. The content on this blog is not guaranteed to be correct, complete, or up to date. Devin R. Lucas’ office is in Newport Beach, California and is only licensed to practice law in California. Please be advised that Devin R. Lucas only provides legal services or advice pursuant to a written legal services agreement. The content on this blog is not intended to, and does not, create an attorney-client relationship between you and Devin R. Lucas, nor does our receipt of an email or other communication from you. Some jurisdictions may consider this site to constitute attorney advertising; accordingly, please be advised this is an advertisement.

devinlucas