BPM's Real Estate Insights 2019 Volume 01 | Page 16

PropTech Corner By David Trepp Top 5 Commercial Real Estate Security Considerations for 2019 The New Year brings with it new security and privacy challenges. As we look forward to a new wave of attacks, from dramatic advances in the use of artificial intelligence in malware, to the same old tried-and-true social engineering dupes, 2019 promises to be another eventful year. Below are BPM’s top five considerations for you and your team, as you strive to maintain safe computing habits for the coming year. 1. Always be on the lookout for scams Just because you’re paranoid, it doesn’t mean they’re not out to get you. Indeed, when it comes to cybersecurity, they are out to get you and your company. Training employees to remain vigilant about every phone call, email and in-person interaction you have (especially ones you don’t initiate), will protect your organization by spotting social engineering attacks. 2. Use Strong Passwords The only strong password is a long password that’s been securely stored. Consider using passphrases; they’re computationally strong, easy to remember, and surprisingly easy to type. And encrypt the storage of your passphrases. Even if you’re just using a spreadsheet to store your passphrases, put a password on the spreadsheet itself. 3. Secure Your Browser Keep your browser patched/updated and always “enable” privacy settings. Even though it may degrade your browsing experience, consider privacy/security browser add-ins such as: • No-Script: to prohibit a staggering number of scripts that attempt to run in the background, • Privacy Badger: to limit advertisement, cookie information harvesting and tracking tools, and • Foxy Proxy: to hide your point of origin. 4. Secure email for Sensitive Conversations and Attachments If you must use email for sensitive conversations, consider strong encryption tools like Mimecast, PGP or Zixmail. Otherwise, use encrypted messaging tools like WhatsApp or Telegram for confidential conversations. If you’re sending a sensitive file attachment via email, password protect the file and send the recipient the password via a different medium, e.g. text the password to them. 5. Verify URLs Before Clicking Train employees to hover over links before clicking and, if the link revealed by hovering doesn’t match, DO NOT CLICK! Educate employees to pay extra attention to the word immediately preceding the .com, .org, etc. in all URLs. The word just before the .com is the domain you’re actually visiting. If the word before the .com is not exactly, letter-for-letter where you intend to go, don’t go there. n David Trepp is a Partner in BPM’s Information Security Assessment Services Practice. Contact David at [email protected] or 541-687-5222. 16 BPM Real Estate Insights