You hear it all over the news lately, another company has reported a data breach and personal accounts were stolen. In this digital age where we have an enormous online presence with social media and online shopping, thieves no longer have to break into your home to steal from you. They target the companies that house information on you including those credit cards you use to swipe in a machine that we now just give to online retailers over the internet.
Here in Massachusetts, by law 201 CMR 17.00, all companies need to have a Written Information Security Plan or WISP in place to govern how personal information is used, stored, and protected against cyber crimes. This plan also contains steps on what happens when and if a data breach happens. From reporting it to the designated internal team to authorities and clients.
As a brokerage we need to have a WISP in place because of all the personal information we need for housing transactions. From the buying and selling of homes, copies of checks are always being passed from one place to another. Making sure that information is always secure and never falls into the wrong hands is our due diligence to our clients. As an agent you should also have your own WISP in place due to the fact that mostly all real estate agents are considered independent contractors to their brokers.
Let’s go over why this is important and what the WISP says to do.
You just took a photo or scanned an offer deposit check to send to the seller’s agent. You emailed that photo to them to show proof that this is the earnest money for holding the home. Most of the time these checks are from the perspective buyers and they are drawn on a personal checking account.
- Did you cover up the routing numbers and account numbers at the bottom of the check with a thick piece of paper or a business card before taking the photo or scanning?
- Did you black out the routing numbers and account numbers at the bottom of the check using a paint program on the digital photo before sending?
Most will answer yes to these questions and most will almost always use a phone or computer to do this because its fast and easy to do. You have to remember however that these photos unless deleted immediately after sending will always be stored somewhere on your phone or computer. The issue here is that if your phone or computer is lost or even stolen that information might be accessible by anyone who finds it.
This is where following your WISP can help. In your WISP are certain guidelines to help prevent this information from being accessible.
- Is your device encrypted? Most modern day cell phones, laptops, and tablets are encrypted. If you are using a login to wake function like a pin code or fingerprint to open your device might be encrypted.
- Is your device set to lock after a certain amount of time? Phones, tablets, and computers have a function where if you are idle for a few minutes they lock themselves. This secures the information when you are not around. Most of these devices will completely lock down if the password is entered wrong after a few tries.
- Is your device operating system up to date? Keeping the operating system up to date means that any security problems that have been found are fixed as they are discovered.
- Are you running a firewall to help prevent an attack from the internet? This can be either a firewall that is used at the location you are accessing the internet or turning on the firewall in your operating system on a computer.
- Do you have an antivirus program installed and running? Is it kept up to date with the latest definitions and updates. You can always get antivirus software for many devices. Keeping them running and updated helps protect your device.
Most smartphones, laptops, and tablet devices can be wiped completely clean these days if you ever lose or have them stolen. Some offer the service where you login to a website and report that it was lost or stolen and the next time it is connected to the internet it will completely reset itself deleting everything from the device. Check with your devices vendor.
If there is one piece of advice to take from this post it would be to familiarize yourself with your local regulations on personal information data and follow the guidelines. Protect your client’s information, and protect yourself.