What threats do real estate businesses face today? There are really a few vectors of risk. There is the technical part: network vulnerability, vulnerability of equipment and software, infrastructure vulnerability and poorly assembled architectures, thus potentially with backdoors. There is also the human aspect, the weak link. Here are three tips about cyber security for a real estate business.
1. Attackers typically target collaborators with privileges on the information systems.
Or, on the contrary, attackers try to attack through the forgotten small gateways, such as service providers who access the information systems of a larger structure. Breaches can thus be created very quickly. The problem is often there: companies will shield the doors of their "safe" gateways, but not those of all the associated components, the human resource information system for example.
Both the core business infrastructure and the entire ecosystem of the enterprise, including what is called IT, must therefore be protected. We then find ourselves with vulnerabilities to patch late, because the security issues were not thought upstream.
2. Therefore, the idea is to make employees understand that cybersecurity is everyone's business.
Even someone who is not a network administrator can be important in the security chain of the company. We speak of social engineering, for example: check the origin of emails before opening an attachment or clicking on a link, do not give information to attackers and do not leave passwords out on a desk. Apache Kafka makes the integration of real-time data processing easier and simple.
3. What is the best advice to give on cyber security? To raise awareness internally.
This awareness-raising phase can take the form of face-to-face training or e-learning with a final questionnaire to assess the level of understanding of the different subjects tackled. This applies to both professional and personal data, which will be regulated.
We see more and more BYOD (Bring Your Own Device) in companies: employees bring their own machines and access the company's network. These practices are of course sources of risk and reflect the difficulty of reconciling trends. Some administrators also manage the network infrastructure from the same computer they surf on the internet.
In addition to traditional attacks such as DDoS attempts and phishing campaigns, a few major threats have recently emerged: Ransomware, which encrypts or blocks access to a part or all company data until the target has paid a certain amount of money. Those related to the Internet of Things (Internet of Things or IoT). The Advanced Persistent Threat (APT), which seeks to steal data by entering the company IS, targeting certain industrial and media sectors.
On the one hand, awareness of the danger of attacks on companies, and, on the other, a desire to be less restrictive and to make security transparent to users. Some large groups are in the habit of managing this problem and have succeeded, through long-term solutions, in isolating the professional and personal environments. On the other hand, the smaller structures are still in the approximation, which can have catastrophic consequences.
In addition to user awareness, what would be the key elements to be monitored to better prevent cyber risks that threaten information systems? Strong authentication protects information systems: good passwords, everywhere, on the user side, on service accounts, and so on. Tighter code and deployment of updates also protects information systems.
The use of encryption and managed detection and response services also protects information systems. Also, there is the principle of granting the least privileges when granting rights. These the are classic best practices of the trade.
How can we ensure that our company is well protected? The security audit is a very good indicator. It notably allows a company to define whether good business and organizational processes are in place from a cybersecurity perspective.
The security audit detects, through technical intrusion tests, possible failures, equipment that is out of date, etc. Note that companies often also neglect their service providers. Security is an absolutely transverse issue: from the user to the administrator, via the developer or the external call center, to the person in charge of marketing, everyone can be impacted and everyone has a role to play.
The protection against viruses must of course be regularly updated. As a result, any company thus preserves its computers against these formidable attacks. In particular, every computer must be equipped with a virus protection system, otherwise the user can be sure that if he connects to the Internet, a virus will infect his computer in less than an hour.
