02 October 2023
By Liam O’Reilly – Head of Information Security at FirstPort
Digital technology forms a crucial part of how many businesses, including those in property sector, operate. In property management especially, we’re seeing more businesses adopt smart technology which creates a streamlined service for customers. But as with all new technology, there are also new cyber risks. That’s why the focus for the property industry – more than ever before – must be on managing these cyber threats to keep both customers and business operations safe from attacks.
I started my career in cybersecurity over 10 years ago and in that time, I have witnessed hackers grow in sophistication and exploit vulnerabilities in the supply chains, as well as an increasing prevalence of cyber-attacks. In order to tackle this, the property industry must bolster its information security abilities and help combat threats from all areas of business.
Awareness is always a priority
While there are incredibly sophisticated cyber-attacks occurring across businesses every day, the most common online security threats we see are phishing emails. This can be tackled by increasing awareness of cyber threats. In fact, employees can be your strongest link and last line of defence in spotting phishing emails. By increasing awareness, employees know they can combat these modern threats and they’re also able to avoid it outside of work too. At FirstPort, we’ve enabled an email button which lets colleagues report potential phishing emails to the information security department where they can be reviewed. Other ways we are increasing awareness at FirstPort is by working with our local communities and making use of the resources they have on offer to help us build our knowledge of cybersecurity. For example, we’ve partnered with Bedfordshire Police’s Cyber Protect Unit to provide online webinars for colleagues. The webinars help to raise awareness of cyber fraud and give our colleagues the best chance of avoiding becoming a victim. We’re also working with our Learning and Development team to increase awareness, as well as increasing our internal communications so colleagues know we are always on hand to provide support.
Technological advances
As more and more businesses are moving towards cloud-based services, there are greater risks of cyber threats. This means that businesses need to ensure there is a security presence and risk management process across all of their services, whether delivered physically or in the cloud. Online security experts within the property industry must keep up to date with the latest best practice and implement risk-appropriate controls to protect our customers, especially when there is more of a movement towards Infrastructure as a Service (IaaS) for hosting crucial services.
Combat threats
We also need to look at expanding threat intelligence to combat the latest cyber-attack tactics. It’s a continuous exercise that the property industry must be on top of, and we must understand what is active in the industry in terms of cyber threats. The only way to truly be effective with this is to partner with others in the industry and agencies, using services such as the Cyber Security Information Sharing Partnership (CiSP) offered by the National Cyber Security Centre (NCSC).
Third-party supply chains
In particular, cyber-attacks can occur through third party supply chains. The property industry must do more to secure its third-party supply chains. This can be tackled proactively with guidance on basic security controls, such as multi factor authentication, strong passwords (e.g., using NCSC’s recommended three-word passphrase), advanced anti-virus software, email security filters, and keeping all company devices and applications up to date. Ultimately, we are all on the same team; therefore, bigger organisations should also look at providing support for small companies who may not have the resources that large companies have. Working in cybersecurity, we must ensure we can support diverse environments and customer services safely and securely. The vast cyber security environment is incredibly fast-moving, and businesses must do their best to anticipate a hacker’s next move.