By Bahar Sharifan
While there are a few industries where the proactive nature of IT management seems to be a bit behind the company’s fully outsourcing or onsite IT staff, some of the most underserved seem to be professionals in the real estate community. Many larger companies do have in-house or outsourced staff assisting with these policies and procedures. However, many of the smaller agencies believe they are too small or their contractor employee status leaves them without the ability to have proper IT help.
While the options for these individuals is not as limited as many believe it to be, whether or not professional IT services are sought, it is imperative that all individuals increase their education on various IT threats and issues in order to minimize their risk. As these individuals possess personal and private information regarding clients, opportunities, etc., they cannot merely rely on luck that nothing will happen to jeopardize this information.
We must move beyond the idea that the solution to a large-scale IT problem is merely to purchase a new computer. This may serve as an option if it is merely a hardware issue, but protecting against data breaches, etc., would not be covered by this approach. Further, by being proactive, you may be able to extend the life of your machine, saving money in the long-run.
Updates: Sometimes Windows requesting the computer be restarted to install updates seem pesky. You have work to do! However, skipping these updates and patches can cause significant long-term harm. For example, many viruses, like the recent WannaCry attack, take advantage of a vulnerability that was previously resolved through a patch available prior to the virus release. The importance of the timely installation of updates and patches is crucial and should not be overlooked. Turning on auto-updates is key to avoid delaying updates. The time required is worth it.
Antivirus: While a good start, an antivirus program alone is not sufficient. A potential single point of failure is never recommended. Implementing a layered security strategy will assist in serving as a multi-layer net to catch various threats. Layered security involves different applications working to protect against various attacks, i.e., antivirus, firewall, anti-spam, etc.
Network Access: Even smaller brokerages often have a shared network. Limiting network access can also play an important role in reducing the spread of an attack. An infected device may spread the virus to all shared folders and networks. Therefore, reviewing employee access relative to the job role and function and creating appropriate privilege rules will assist in limiting the spread of an infection. Access rules and rights may also be varied depending on where the information is accessed. Creating rules for out-of-office file access may help prevent vulnerabilities. Requiring employees and contractors to adhere to a remote access policy will also help. A remote access policy governs the usage of the company network when the employee is accessing the network from a remote location which occurs frequently in the real estate community. A remote access policy should outline the rules for remote users to ensure document and network security and outline the maintenance of the network to provide for a safer transmission of information.
Data Backup: With many real estate professionals virtually using their vehicle as an office, the potential for theft, damage, loss or destruction to their computers is at an increased risk. Not only could this data be put into the wrong hands, but it can be a significant challenge to the individual who relies on the data for his/her career. It is important to create a backup plan that involves either automatic or manual backups to minimize the potential for fully lost data. It is also important to install a remote shut-down/full-data- wipe mechanism on the computer in case of loss. Purchasing a new device can be frustrating, but minimizing that frustration by reducing the chance of a data breach will reduce the complications associated with such a loss.
Education: You cannot completely remove the potential of human error associated with the use of technology. Most people would prefer not infecting an entire network with a virus — especially if the virus results from something avoidable. The best way to mitigate these problems is to educate users. Knowing what to watch out for and what to avoid is crucial in the ability to avoid such traps.
The majority of computer users have heard of ransomware or at least have an awareness of recent virus attacks. However, the ever-changing methods to infect systems are continually evolving. Gone are the days where your only threats were written in broken English or from your long-lost friend now stranded in Africa requesting assistance. Technology users must be trained to understand that all devices are at risk: computers (both Macs and PCs), tablets, smartphones, servers, etc., and the various means of attack. It is important for users to understand how these viruses can spread. It may not only impact their own device, but may spread across the entire network and compromise all files and systems on that network.
Attack methods may exist even on legitimate websites. Free apps or those from unregulated third parties are at a higher risk of containing viruses. Spam emails masquerading as energy bills, tax returns, delivery notices, etc., are also common. These seemingly legitimate emails often have email attachments or contain a link to call, unsubscribe, fill out a form or obtain more information that lead to triggering the virus. It is important to keep current, to inform others of the email scam trends and to reiterate the necessity to avoid opening suspicious emails.
It is also important to be aware of the various psychological trickery often used to pressure victims into paying. Some ransomware attacks tie to one’s fear of ridicule or submission to law. Certain attacks will allege a user was acting unlawfully online and threaten arrest if the penalty is not immediately paid. The user may be blinded by the authority of law and pay to avoid the alleged repercussions or potential ridicule.
While it is important to educate yourself and your team on the various vulnerabilities in the IT realm, proper upkeep of your IT devices may help save money in the long run. Researching all options — whether bringing in a professional, outsourcing or handling IT individually — is important to assess the best route for each particular situation.
Bahar Sharifan is president of Wasatch I.T., a provider of outsourced IT services for small and medium-sized businesses.