Cybercrime is at an all-time high and the threat knows no boundaries. Whether you’re part of a small or large organization, it is important more now than ever to have a cybersecurity program in place and Real Estate Investment Trusts (REITs) are feeling the pressure.
A major concern for REITs is fraud via Business Email Compromise/Correspondence (BEC) attacks, which is a form of phishing that grew significantly in 2015. A BEC is when a fraudulent email is sent to employees to trick them into sending funds to a fake bank account. The impact of a cyber breach can be severe, resulting in wire transfers of hundreds of thousands of dollars and it is now harder to detect these emails because cyber criminals are using new tools and tactics to create emails that look more authentic. This type of cybercrime relies heavily on error of personnel and can be difficult to detect using only an anti-phishing software or service. That’s why it is important that your organization also trains employees on how to best prevent and respond to a cyber-attack.
Complying with the SEC’s Regulations
The SEC noted under federal securities laws that organizations could be required to provide data security risks and possible liabilities in their public financial statements when “risks meet the level of ‘material information.’” In order to prepare, REITs should asses the risk of claims from individuals whose personal information is lost, as well as from investors in the company who could argue the value of their investment has been tarnished by cyber breaches.
Even the Most Sophisticated Cybersecurity Technology May Not be Enough
While cybersecurity technology is important for organizations to have in place, it may not always protect against human error. There are many ways for employees to unintentionally and/or unknowingly create gaps in security, which is why it is necessary for organizations to communicate and train on cyber policies and procedures and to educate employees on cybercrime. Now is the time to perform a comprehensive risk assessment and ensure you are including cybersecurity plans in your risk management and businesses continuity programs. Take a proactive approach to mitigate the risks of a cyber-attack on your organization.
At REITWise 2015, EVP, CAO, and controller at Kilroy Realty Corp., Heidi Roth, stated “Internal education is critically important throughout the organization. From the board room to the mail room it’s critically important for everyone to understand the sensitivity of the information they are responsible for and to protect that information.” Employees should understand the importance of secure passwords, risks associated with incoming and outgoing emails, as well as risks associated with using mobile devices, etc. While you most commonly hear about the more malevolent cyber-attacks, most attacks actually occur from everyday circumstances, like a lost laptop containing unencrypted information or an employee opening a suspicious email or attachment. Be sure to consistently communicate your cybersecurity programs throughout your organization. Many cyber breaches are avoidable if the proper prevention plans are in place.
To learn more about how to prepare, respond to and recover from a cyber-attack, please contact us today at email@example.com or (855) 447-3750, or visit prepares.com/commercial-real-estate.