Five Common Threats to Business Cybersecurity
Cybercriminals don't discriminate when it comes to businesses and organizations, and they continue to grow in scope and sophistication. According to the Federal Bureau of Investigation (FBI)’s most recent Internet Crime Report, reported losses from cybercrime reached more than $10.3 billion in 2022, a significant rise from $6.9 billion in 2021. Without examining your own cybersecurity, you may not realize you have a security risk until it’s too late. Here, we highlight five common cybersecurity threats to the title and real estate industry, and how you can protect yourself and your organization.
FIVE COMMON CYBERSECURITY THREATS
1. Phishing, a type of cyberattack that combines email and social engineering to entice victims, was the number one cybercrime reported to the FBI in 2022. Phishing emails often appear to come from a familiar organization or individual, tricking the recipient into clicking on a link or opening an attachment that contains malicious code. Once this code runs, the computer may become infected with malware. Phishing schemes have branched out from email and may also arrive in the form of a text message.
2. Business Email Compromise (BEC) is a scam that targets both businesses and individuals performing transfer of funds. Originally a scheme in which a cybercriminal hacks or “spoofs” a legitimate business email to request that wire payments go into a fake bank account, BECs typically scammed businesses with requests for W-2 information, claims of gift card purchases or targeted compromised vendor email accounts. They’ve evolved with changing technology and 2022 saw a rise in BECs targeting cryptocurrency exchanges and investment accounts as well.
3. Ransomware is a type of malicious software that is so destructive it merits its own category. Ransomware is a type of malware that takes over your computer and encrypts your data, refusing you access to it until a ransom is paid. Ransomware attacks are on the rise across the world, with notable impacts to the title industry. Ransomware can be introduced through phishing emails or infected websites, so always avoid clicking on suspicious links in both email and text messages.
4. Wire fraud is a type of fraud involving telecommunications or the internet, including phone calls, faxes, emails, texts or social media messages. CertifID, a wire fraud protection firm, reports that suspected wire fraud attempts in 2022 reached $1.4 billion, with a 145 percent year-over-year increase in instances of reported fraud. The COVID-19 pandemic has prompted more people to depend on digital payments, which, with their speed, high monetary value and challenges of recovery, make wire transactions alluring targets for cybercriminals. CertifID reports that suspected wire transaction fraud targeted 83 percent of its customers at least once in 2022.
5. Title fraud, a form of identity theft, occurs when a fraudster illegally transfers the title to real property without the actual owner’s knowledge or consent. Some examples of title fraud include:
• Vacant land fraud, in which a fraudster searches through public records to find properties that are free of mortgages or liens. They identify the owner of the property, pretend to be the owner, and contact a real estate agent to sell the property. Such a fraudulent “seller” may dupe real estate professionals by claiming to have no social security or TIN number, claiming to be abroad for business, or living in a foreign country or state from their listed mailing address.
• Notary fraud occurs when a fraudster impersonates a Notary Public and forges notary seals to create a fraudulent deed. Most counties have notaries available for certifying documents for public records, but there are no firm regulations for verifying the legitimacy of a notary seal, making it easier for criminals to forge them. The fraudster will likely refuse to meet in person for a closing and all communication will be done via email.
PROTECTING YOUR BUSINESS
To protect yourself and prevent cybercrime from attacking your business, be sure to take proactive steps like the ones below:
- Train your employees: Teach your employees how to do things like spot phishing emails and texts, avoid suspicious downloads, protect sensitive information and create strong passwords.
- Secure your networks: Safeguard your information by using a firewall, encryption and secure wi-fi network.
- Require strong passwords: Improve your cybersecurity with password requirements, such as 10 characters or more and a mix of uppercase and lowercase letters, numbers and special characters.
- Use multifactor authentication: Require additional information to access sensitive information, such as a security code sent to your phone.
- Invest in a cybersecurity team: One of the best ways to protect your business is by employing professional help. Finding and maintaining employees dedicated to keeping your company digitally secure is a huge step toward long-term cybersecurity.
Federal and state-level regulators for financial service organizations are urgently updating cyber-related regulations to keep up with evolving cybercrime. The U.S. Securities and Exchange Commission is undertaking an effort to expand its cyber-related regulations by requiring certain entities to establish, maintain and enforce written policies and procedures reasonably designed to assess cybersecurity risks. Under Proposed Cybersecurity Rule 10, covered entities would be required to implement the following:
- Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of these assessments;
- Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
- Measures designed to monitor the Covered Entity’s information systems, protect it from unauthorized access or use, and oversee service providers that receive, maintain or process information, or are otherwise permitted access to the information systems;
- Measures to detect, mitigate and remedy any cybersecurity threats and vulnerabilities within the Covered Entity’s information systems; and
- Measures to detect, respond to and recover from a cybersecurity incident by documenting, in writing, any such incident and the response to and recovery from it.