Cyber Liability Coverage for the Digital World
Cyber attacks on real estate professionals are on the rise, particularly in the form of wire transfer fraud.
What is Wire Transfer Fraud?
Wire transfer fraud is when transaction funds are transferred into a fraudulent account. In most cases, wire instructions are being changed by someone posing to be with the real estate firm.
How is this occurring?
Criminals are dropping flash drives with software viruses outside of real estate offices hoping agents will plug them into their computers. The infected computer can then be hacked and the emails monitored.
Criminals are also hacking email accounts of real estate firms, and/or agents, and monitoring their sales activity. They main gain access to your account when you click on an attachment, which loads a virus onto your computer (and potentially into your network).
They then send false transfer instructions from that email account to steal funds. The firm/agent can then become liable because they failed to protect their e-mail account.
In one case, a hacker from China gained access to a broker’s e-mail account, monitored the sale of a commercial property, and just prior to the close, sent an email from the broker’s account advising of a wire instruction change. The money went to an offshore account and was not recovered. Don’t let this happen to you.
5 Effective Tips to Maximize Cyber Security
Good news! The majority of cyber-crime can be combatted simply by remaining vigilant and knowing what red flags to look out for.
- Be Wary of Inconsistencies — double-check EVERY email you receive before responding
Email fraud is an extremely popular way for hackers to gain access to personal and financial information. When responding to an email from a client or business partner, make sure the actual email address (not just the name) matches previous correspondence. Don’t click on any attachment from an email address you don’t recognize. Call the sender to verify — but DO NOT USE the phone number listed in the email. Verify the phone number from a separate source (like previous correspondence or their company’s website).
- Triple-Verify Wire Instructions — and any changes to Wire Instructions
Often, verification will only take a few moments at most and can save you and your clients hundreds of thousands of dollars. Call the Escrow Officer or Closing Attorney to verify (but do not use the phone number listed in the email). Confirm instructions by fax so you’ll have a written copy. Advise every client NEVER to transfer funds before calling you to verify, and then receiving a text from you.
- Secure Internet Servers
Ensure that all e-mails, documents, and communications are sent, received, and stored on protected servers. If you’re using third-party servers/e-mail software, make sure the company you are using is reputable and secure.
- Discard Suspicious Technology
Don’t use flash drives that aren’t yours or that have been out of your possession for any length of time. Exercise caution even when using a colleague’s or client’s flash drive as you have no way of knowing if it has been compromised with viruses.
- Scrutinize Employees
No one is in a better position to access sensitive information than an employee. Before hiring anyone, be sure to thoroughly review their record and employment history.
Criminals aren’t the only digital threat
It’s not only malicious, deliberate attacks that can cause data breaches. Human error and technical glitches can be just as damaging as criminal activity. In fact, only around 1/3 of data breaches are the result of criminal activity.
- The average notification cost of a data breach is $590,000.1
- The average post breach cost is $1,720,000.1
- The average additional cost of lost business has grown to $3,970,000.1
- The average TOTAL cost of a data breach is $7,010,000 — a 7% increase since 2015 1
Cyber liability is a serious threat. Don’t let it hurt your business.
CRES E&O policies for individuals include up to $50,000 Cyber Notification (data breach notification coverage)* and firms can add this coverage as an option.
Expand Your Cyber Liability Coverage
Optional you can add expanded Cyber Liability (Privacy and Network Security Events) coverage to cover damages and defense costs of first and third parties affected by a data breach.
- Individuals can add Cyber Liability (Privacy and Network Security Events) coverage starting at $35.
- Firms with 2-20 agents can add $50,000 or $100,000, starting at $75.
- Firms with 21+ agents have options for $100,000 and $250,000 (and $500,000 for offices with over 150 agents) coverage starting at $125.
To receive a quick quote, fill out the cyber liability questionnaire below and return it to CRES at firstname.lastname@example.org or fax it to 1.858.618.1655.*
*Basic cyber notification coverage is included with policies that include Broad Form coverage. This is “first party” data breach notification coverage (covering the insured). The Cyber Liability protection does not cover the actual transfer of money or security.
1 Source: Ponemon 2016 Cost of Data Breach Study: Global Analysis