We as professionals often focus on how technology can help propel our business but we often forget how quickly technology can hinder our business. One of the most scary but beneficial sessions was “How Technology Can Run Your Business.” The sections below provide a glimpse on how to protect your business in terms of antivirus and malware, repeating passwords, social engineering, secure data, internet safety, cloud and paperless safety, computer safety, and digital etiquette.
AntiVirus and Malware
The antivirus or malware struggle is real and everyone should protect themselves against attacks. Many websites will offer a free option, but don’t ever opt for the free version or even the next level up option. It is a far wiser idea to spring for the highest level the company offers, often referred to as a comprehensive or end-to-end protection. Craig Grant says, “A purchaser should expect to pay $75 to $100 for a proper level of coverage. Not only will it provide end-to-end coverage online, it will also preserve your email, file scanning, and will also monitor your installed software. The recommended programs to consider are Malwarebytes, Avast, Kaspersky, and MS Essentials. These companies typically score best in third party testing.”
STOP! Please stop carrying around your little password book containing all your trusty passwords. This method is not secure, and I am sure many folks that use this method pray daily they never lose their little black book of passwords. Let’s discuss why weak or repeated passwords are opening the doors to a potential hack. “It’s not a question of if you will become a victim, it’s a question of when you will become a victim,” says Craig. This is due to how quickly a hacker can hack a password. It has been proven that if your password is under six characters even all alpha or numeric, a hacker can crack your password in under minute. If your password is 12 characters and has combinations of upper case, lower case, symbols, and numbers it would take a hacker over three years to determine your password. If you want to have the most secure password, make sure it is at least 16 characters in length and has present all the combinations of a 12 character password. These additional four characters makes password hacking so difficult it could take a hacker 38 years to uncover your password. In a nutshell, you should have a long and unique password for every website you visit, not the same password for multiple websites.
Our brains inability of remembering many long and complicated passwords is the reason why humans do not have different 16 character passwords for every website they visit. This is why ever person should use a password generators or lockers app like LastPass.
“There is one weak link in the security chain of all businesses that most people do not consider and it is called social engineering. It is the art of manipulating people so they give up confidential information,” says Juanita McDowell. An example would be trusting a person at the gate who says he is the delivery person without first checking them out to make sure they’re legitimate, or giving information over the phone to a person you should not.
We’ve heard about social engineering schemes in title companies that must wire transfers of client funds, but another common social engineering attack that affects all companies involves email. If a criminal manages to hack or socially engineer one person’s email password they have access to that person’s contact list.
Having a safe password and using a secure site is only half the battle. The WiFi network you’re connected to should be something to pay close attention to. If you leave the WiFi on your smartphone turned on, you are constantly sending out all of the names and IDs of your trusted networks. EEK, right?
Oh kids this is where it gets really scary, so stay seated.
For under $100, a device can be purchased online that picks up your trusted networks and re-broadcasts the same signal. Even though you’re sitting at home, your phone thinks you’re at home, and connects to your “Home” network, but what you don’t know is someone else I owns you. What I mean by that is from that moment forward, someone else not actually in your home or on your “Home” network, can capture every piece of information – emails, passwords, banking data, etc. that you send over your secure network, even if the site is supposedly “secure”.
Wow, that is scary! So what can we do?
Alex Camelio suggests, “First, don’t leave your smartphone’s WiFi on while you’re roaming especially in public places like airports, restaurants, hotels, or conference centers. Second, don’t use “Free” or public wifi connections, and if you are going to use them, don’t do any banking or work on a secure website. If you want to take your security to the next level, try using a VPN, which stands for Virtual Private Network. This will essentially encrypt your information and create a secure connection. Personally, I recommend “OpenVPN”, but there are a bunch of VPN tools out there you can use. ”
Yes, you definitely need to not only protect your devices and connections, but also you need to start utilizing encryption tools. For example, if a hacker is able to obtain the files on your devices or sift through your emails and find important information that can get you in big trouble.
Craig suggests, “Encryption is basically password protecting a document, folder, email, attachment, etc. so that it is useless gibberish to a user unless they have a password which would unlock that file. You can encrypt your emails for free with Mailvelope, files and folders on your devices with tools like 7-Zip, cloud accounts with BoxCryptor, your mobile devices with the lock screen and finger print encryption. ”
The interwebs have become a very scary place, but if you take a few steps to secure yourself you should be fine. Always want to make sure you’re using a site with SSL. That means you want to see a little green lock next to the website address in your browser.
“Another tool that has a dual purpose is AdBlock. It’s a great browser extension that automatically removes ads and stops pop-ups on any page. I would download this for the ads alone, but a side benefit is that if you do wander toward a malicious site often times AdBlock will stop pop-ups that might otherwise take over your screen. Another browser extension to consider is “Hide My IP”. This will block or spoof your IP address so websites can’t track you or your location as easily.
The last tool I’d like to mention is called “your gut”. That’s right, your gut instinct. What I mean by that, is if it doesn’t feel right, don’t do it! If the website doesn’t seem right, or you’re not sure how you ended up there, err on the side of caution,” suggests Camelio.
Cloud and Paperless Safety
Craig says, “First of all, all cloud means is an internet connected program, so the cloud in general is no less secure than any aspect of the internet, but with more and more business applications running in the cloud that does open up today’s REALTOR® to a lot of risk as your livelihood depends on you properly securing your business.”
So in general the cloud is safe, but there are a few things you need to think about when using the cloud. Make sure you pick cloud vendors that have a excellent security. A perfect example of this is Dropbox who might be the most popular file storage tool, but is also known to have major security issues. Better options in that space would be Box, SugarSync, or Google Drive. Or if you are using Dropbox make sure you enabled a second sign on. You have to make sure you use them in safe ways, meaning strong passwords on all tools and strong virus protection on all of your devices. Utilize BoxCryptor that syncs with any cloud based program like Dropbox or GoogleDrive and then allows you to encrypt any file or folder in those accounts.
McDowell claims, “From this point forward you should consider your smartphone to be a “mini computer” and with that same security as a computer should be considered. Let’s start with those security reminders that apply to both.”
- Make sure you’re using the most current operating system. Often times people don’t want to upgrade, or think they don’t need to because they don’t need “new” features. But it’s not just about that. In fact, more often it’s about fixing bugs or patching security holes that was unknown at the time of the last update.
- Password protect BOTH devices.
- Dare I say BACK UP your devices with a cloud-based solution. Many users of mobile devices have this mastered but for computer users, not so much.
- Make sure you use anti virus software.
- Also, I take nothing for granted. If I’m in the library say, I’ll take my laptop with me to go find a book. Any public place I have a rule — never leave my laptop or phone (logged) on and unattended. Remember your machines need to be physically and technically secure. Going to grab coffee for a client during an appointment, secure your device. That may seem like overkill, but it’s important
- Now let’s talk freeware on the laptop and apps on the mobile device. Be careful to only download apps from the Playstore (Android) and the App store (iOS). Try to avoid unfamiliar, untrustworthy freeware or shareware sites.
- On both devices – remember what I said about emails. Be wary of opening emails from people you don’t know. Be wary of opening emails from people you do know – without taking a close look.
- Educate your team, your assistants.
We’ve heard a lot so far about securing our computers and information, but there are other facets of technology that can ruin your business right? How people conduct themselves online, and manage their online reputation is a great example.
So what problems do people run into and how can we avoid it?
Camelio’s favorite quote is, “Dance like no one is watching, email and post like it might one day be read aloud in a deposition.” But soon after he chimes in saying “In all seriousness though, we need to be cognizant of both what we’re putting online and what people are saying about us online.” Avoid saying things like “this property is in the most culturally diverse area” unless you can back it up with facts. For brokers, it probably makes sense to put together a Digital Policy that incorporates codes of conduct for both email and social media. There are lots of examples you can find online to give you some ideas and it never hurts to run it by your attorney. Beyond that, you really want to pay attention to what others are saying about you online. A great way to do this is using Google Alerts. This free tool allows you to setup a search automatically so that anytime things like your name, company name, or even a property address shows up online you are notified about it. Beyond that, you can use a product like LifeLock to monitor your identity and make sure people aren’t opening bank accounts, or credit cards in your name.
Overall Tech Tips
- Create a unique password.
- Watch out for phishing scams – fraudulent e-mails and fake websites, masquerading as legitimate businesses to lure unsuspecting users into revealing private account or login information.
- Never click links in emails. To be safe, if you receive an e-mail from a business that includes a link to a website, make certain that the website you visit is legitimate. Instead of clicking through to the website from within the e-mail, open a separate web browser and visit the business’ website directly to perform the necessary actions. Hover over the link!
- Never EVER open unsolicited attachments.
- Scan for viruses and malware.
- Avoid public Wi-Fi.