PRINCETON, N.J. – While real estate companies have yet to hit the mainstream-media headlines for cybersecurity attacks, these businesses, their operations and engineering specs contain a wealth of information that make them a solid target for future cyberattacks, according to the Real Estate Services team at WithumSmith+Brown, PC (Withum). The nationally ranked top-30 audit, tax and advisory firm serves a wide range of commercial, residential and industrial property developers, owners/investors, managers, agents and brokerage professionals.
“The fact that someone can enter an IT system or any other connected device – from cameras and HVAC systems to video conferencing and printers – via the digital marketplace should be of great concern to owners and operators of all real estate assets,” said Anupam Goradia, a senior manager within the Cyber & Information Services practice and a member of the real estate industry services team. “Any organization that stores information digitally or uses any form of information equipment – as simple as a smart phone – is susceptible to a cyberattack.”
According to Goradia, real estate businesses are attractive targets due to the nature of information they compile and how easily it can be accessed from cloud-based systems. Risks range from tenant-specific information to operations-related functions as well as important business intelligence such as market rentals.
“Residential housing entities – from single-family developers to multi-family property owners and managers – continually receive and retain personal data about their current or future tenants, beginning with the application process upon initial contact,” explained Goradia, who noted this includes Social Security numbers, annual income details, information about who lives or works in the space and even the make, model and license plate numbers of cars. “Furthermore, in this day and age of electronic payments, tenant credit card information and bank account numbers also may be ‘on file.’”
Another key area of vulnerability is real estate’s newfound mobile amenities. Remote access by employees or tenants to heating and security-system controls yields enhanced hacking exposure. If breached, the systems can be operated in a detrimental manner. “In addition, ransomware attacks are growing in this space,” added Goradia. “Hackers can and do seize, control and prevent access to a company’s information systems, all from a remote computer.”
One recent cyberattack example focuses on energy-conservation technologies that implemented to reduce a building’s carbon footprint as well as operating costs. According to Goradia, the cyberattack focused on smart lightbulbs. “The digitally connected bulbs were never properly secured, so the hacker was able to gain access through this conduit to a host of other vulnerable systems,” he said.
Withum’s Cyber & Information Services team can arrange to have “ethical hackers” conduct phishing email tests and see which tenants and/or employees may fall prey. The team then uses its test findings to educate personnel. In addition, the firm’s cyber specialists perform risk-based analyses.
“This determines the extent of security and testing required for each of these systems so there can be a greater focus on that which is most vulnerable,” said Goradia, who advises property owners and managers to have an in-place, written action plan to address an attack that is in progress or in its aftermath. This is similar to today’s disaster recovery and business continuity plans.
“Companies not only need to invest in resuming their operations and controlling damage to their reputations, they also will have legal costs associated with any lawsuits that may follow,” he said. “Talk to your insurers and learn exactly what risk-based scenarios are covered.”
Established in 1974, Withum is committed to providing quality services and innovative solutions to businesses, non-profits, individuals and communities. As one of the nation’s 30 largest accounting and consulting firms, the firm also is a member of HLB International, a worldwide network of independent professional accounting firms and business advisors committed to assisting clients build and expand globally.