Latest News

GDPR and consumer rights

25 May 2018

With General Data Protection Regulation (GDPR) now in force, it is important to understand the effect consumer rights could have on the way you process and hold information. Read More...

The cost of non-compliance when handling repairs and maintenance

24 May 2018

It’s no exaggeration to say that compliance is one of the most important aspects of property managers’ jobs. Every action they take is fraught with legal responsibilities, especially when it comes to dealing with the repairs and maintenance tasks associated with properties across their portfolios. Read More...

Khan's vision for housing in London comes to fruition

24 May 2018

After a consultation late last year, which elicited more than 2,000 responses and which we responded to, London Mayor Sadiq Khan has now laid down his final plans aimed at tackling the capital's housing crisis. Read More...

Can co-living do what the PRS does?

23 May 2018

Co-living is a form of housing that combines private living space with shared communal facilities. Unlike flat shares and other types of shared living arrangements, co-living explicitly seeks to promote social contact and build community. Co-living encompasses a diverse range of models, from co-housing mutual to options in the private rental sector. Read More...

 

 

Ransomware – should your agency be worried?

Monday 24 July 2017

Since WannaCry's cyber attack hit the NHS back in May, and Petya also made it into the headlines in June, ransomware has become the focus of much attention - and rightly so.

In recent weeks, estate and letting agencies have also been affected by ransomware. Aside from the obvious irritation of not being able to operate for several days, or at least having to operate blind whilst pretending to the outside word that its business as usual, these companies have incurred significant disruption to their business, as well as additional costs recovering their data and returning to a pre-attack status.

And, whilst ransomware, given its recent high profile is an obvious threat, it's probably not the one that agencies and in particular firms with a letting department should be most worried by. According to a recent cyber-security report released by Cisco, it is reckoned that cyber-criminals still stand to make five times the money from other more traditional forms of attack, such as business email compromise (BEC) than from ransomware.

Malware, including spyware introduced on to your firm’s systems provide a far quicker and more lucrative prospect, by potentially giving the cyber-criminal access to your company’s bank accounts. And whilst your customers might not be too fussed about what happens to your company’s own money, I think we can safely predict that they’ll be less than amused if you lose any money you are holding on their behalf.

But most of all, probably the number one threat at the moment is complacency! Many of those who suffered from Petya ransomware shouldn’t have. Had they taken note of the WannaCry outbreak and ensured they were following the advice issued by government agencies and security industry experts, it is unlikely they would have been effected as they have been. Some organisations have taken weeks to resolve the issues and some large firms have still not recovered.

Keeping up with the attackers

Detecting an intrusion is only half the battle, while the first priority will always be to limit the impact, it is also vitally important to follow up with a thorough investigation to discover how the attack was carried out.

Duncan Hall, Managing Director of cyber-security company Millbridge Systems recommends in the first instance, making sure the leadership team in your business (the board of directors, partners or in the case of very small firms, the owner) assume ownership and responsibility for cyber-security issues and draw up a strategy. Consider the following:

  • Are your staff aware criminals send businesses malicious emails in order to attack them, and how seriously such emails could affect the business?
  • Do your staff know how to minimise the risk of successful attack of your business by criminals using malicious email?
  • If a member of your staff got a ransomware message on their computer screen, would they know what to do next in order to minimise the damage to your company?

Sound a bit like overkill? Well times are a changing. General Data Protection Regulation (GDPR) gives some insight into the imminent legal and regulatory changes. And the exponential growth in cyber-crime, means firms would be unwise to ignore the associated risks to their business from cyber criminals. Even if you don’t think such strategic business planning is excessive, in light of the changing regulatory and criminal landscape, you could certainly be forgiven for feeling a little overwhelmed.

But what are your options if you don’t have in-house expertise and are baffled by terms like DoS, malware, ransomware, phishing and whaling?

As property professionals, you’d probably advise buyers and sellers to take proper professional advice and that those who shun your services in a favour of the “do-it-yourself” online property marketing platforms are unlikely to realise the true value of their property transaction. Well cyber security is the same. Whilst it is important to recognise the signs of a cyber attack or data breach, by combining the skill and support of third party security experts with a well-planned incident response plan at all levels of the business, organisations can greatly increase their ability to contain unfolding threats before the damage is done.

And one last piece of friendly advice - avoid the temptation to farm the problem out to your IT team, it’s an easy and obvious solution but one that could cause more harm than good. In their efforts to protect the company from an attack or clean up the mess, vital information can become lost or destroyed. Whilst wiping an infected device may seem like a logical step to take, it could also remove potential clues about when and how the network was accessed.