Skip to main content


Are you vulnerable to a cyberattack?

6 April 2023

Author: Shraddha Nayak, Data Platform Developer, REINZ

Businesses are being warned to pay more attention to cybersecurity or face financial consequences and other risks for failing to adequately protect data. So, the big question is: are you confident in your business’s cybersecurity?

The importance of security awareness and securing sensitive information in the real estate profession cannot be overstated. Cyberattacks have impacted industries irrespective of size. The opportunity to safeguard information while it is still available should not be overlooked. Real estate professionals should be mindful when dealing with sensitive data and follow precautionary measures before it’s too late.

A recent survey by the Institute of Directors New Zealand indicated security controls had slipped down the list of concerns for directors of New Zealand companies and organisations, despite being identified as a top priority in a global survey by insurer Allianz.

The risk in real estate and property management

CERT NZ is a kiwi company that works to support businesses, organisations and individuals who are affected or may be affected by cyber security incidents. In their quarterly report, it was stated that the average number of incident reports per quarter is 2,166 with the average direct financial loss at $4.5 million. The top three incidents reported were data/privacy breaches, phishing scams, and unauthorised access. With annual transactions worth trillions of dollars, the real estate industry is no exception — and what we’ve seen recently is top real estate brands making headlines after becoming targets to cybercriminals.

Data security is one of the key challenges. Data breaches are easier to avoid than they are to fix. Businesses should think about a secure data storage solution to store the Personal Identifiable Information (PII), ensure restricted access, and hold any third-party vendors or partners accountable. Property managers ask tenants to provide everything from passports to employment histories when applying for a rental property and this pool of data is clearly a target for hackers. The way to minimise the harm of a data breach is to collect only the information you need from your clients and be clear about the purpose.

Don’t become a phisher’s catch of the day

Another significant issue is the rise in phishing scams. Attackers in these scams use email, social media, and other digital channels to trick victims into providing personal or financial information. Some scams can trick an unwary individual into transferring money into a fake account. These scams can be particularly devastating for real estate transactions as they can disrupt the process and result in financial loss for both the purchaser and the vendor. To combat this problem, businesses should educate their staff and customers on how to spot and avoid phishing scams.

As technology becomes significantly important to us, so does the data we create, store, and move within it — and with data comes responsibility. 

The consequences of cybersecurity breaches in the real estate sector can be impactful and costly. In addition to the financial costs of recovery, a security breach can also harm a company's reputation and credibility. Clients may lose trust in the company and its ability to protect their sensitive information, leading to a decline in business.

To address these challenges, businesses should have a Business Continuity Plan (BCP) in place for responding to and mitigating the impact of a scam if one were to occur. This may be detailed in your cybersecurity policy or included as a separate addendum.

Your plan should detail:
  • First steps, such as reporting to the correct department/key people within that department/privacy officer (if it involves personal information)
  • Mitigating against the risk (changing passwords, updating software)
  • Assessing what information has been compromised
  • Once the right outcome has been reached — look back and implement ways to prevent it from happening again
  • Logging all incidents into an incident register — a good way to record incidents and look for any trends.
Just as importantly, here’s how our profession can keep cybersafe:
  • Backup your data: Regularly back up important data, including client information, to ensure that it can be recovered in case of a disaster.
  • Keep your data and apps up to date: Regularly update software, including the operating system, browsers, and apps to fix security vulnerabilities.
  • Choose unique passwords: Use a combination of letters, numbers, and symbols to create strong and unique passwords. Avoid using personal information that can be easily guessed or obtained.
  • Turn on two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring a second factor, such as a code sent to your phone or using an authenticator app.
  • Avoid sensitive transactions on free Wi-Fi.
  • Use secure communication methods: Password protect emails and other forms of communication that contain sensitive client information to prevent eavesdropping and unauthorised access.
  • Use secure remote access: Implement secure remote access policies for staff working from home or on the go, using virtual private networks (VPNs) or other secure methods.

Wanting some more information on how to keep you and your business cybersafe? Cert NZ provides trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand. Head to to learn more.

You can also visit for information on protecting customer and employee data.

This article was originally published in the autumn/winter 23 edition of Real Estate.