A comprehensive defence strategy is vital
Cybersecurity in the real estate industry took centre stage at this year’s PayProp Academy road show.
If you’re involved in South Africa’s real estate industry, then there’s a good chance you’ve heard of PayProp, the leading processor of rental payments for the property management sector. The company’s eponymous payment and reconciliation platform is used by several local real estate brands, including Pam Golding Properties, Jawitz Properties, Seeff, Harcourts, and REMAX.
In recent years, PayProp has gathered experts from diverse fields for its PayProp Academy presentations. These annual road shows are designed to give property managers an inside look at the latest developments in the property sector, and to showcase the technologies available to help them maximise their own business performance.
In 2017, the PayProp Academy events covered rental trends, risk management, profitability, and the legal landscape. In 2018, speakers demystified property tech and discussed some of the tools available to help attendees streamline their processes and empower their staff. This year, the focus shifted to cybersecurity, the importance of data protection, and the need for vigilance.
PayProp South Africa’s chief executive officer, Louw Liebenberg, and general manager, Jan Davel, were joined by Laurent Peretti-Poix (chief technology officer at Humanstate), Bernard Chadenga (senior cybersecurity manager at PricewaterhouseCoopers), and Handre van der Merwe (our own CISSP and head of marketing here at BUI) for a series of talks in Durban, Johannesburg, Port Elizabeth, and Stellenbosch.
Cybercrime is a growing problem. South Africa’s economy loses more than R2-billion a year to criminal activities conducted in cyberspace. The country also has the third-highest number of cybercrime victims in the world. And if you think hackers are only targeting big businesses, think again: it’s often the smaller organisations that unwittingly provide gateways for cyber villains to exploit.
Real estate companies, rental agencies and property managers handle vast amounts of personal and financial information. From names and ID numbers to home addresses and bank accounts, data is being collected, processed, and stored every day. Private data. Sensitive data. Valuable data. What can you do to help safeguard the information in your care? Here are five people-centric pointers from this year’s PayProp Academy presenters…
#1 | Be vigilant and ask questions
“We cannot throw the dice and depend on luck (for protection),” warns Jan Davel, highlighting the meticulous, methodical treachery of Bernie Madoff as a prime example of deception. “Sometimes, we don’t even know what we don’t know,” he adds. That’s why it’s important to be aware of the risks, to query anything that looks suspicious, and to stay informed about the latest industry-specific scams. “We’re all busy. We all get tired and frustrated. But we’ve got to focus on the finer details.” So, check that payment authorisation form one more time. Call that client with the strange email address. Stop, think, evaluate, and then act responsibly.
#2 | Understand the threat landscape
Getting to grips with the current playing field is essential. “What we used to see in the movies and think was impossible, today is possible,” says Bernard Chadenga, explaining how cybercriminals search for access points in our personal and professional lives. “They hack our businesses. They hack our homes. They hack us.” So, be careful what you share, and with whom. Be careful how and where you connect your devices to the Internet. Realise that there are hackers who could create havoc with just your username and password. “You’re a piece of the puzzle, a link in the chain. And the bad guys will try to manipulate you.”
#3 | Diversify your defences
In an increasingly connected digital world, cybersecurity should not be delegated to your IT staff alone, cautions Handre van der Merwe. Every single employee has a role to play when it comes to data defence. “Hackers need to be right one time, but defenders need to be right 100% of the time.” Technical safeguards (like multi-factor authentication for user logins) create barriers to entry, but Van der Merwe believes company-wide watchfulness is important, too. “Have a few more things in your arsenal,” he says, because it pays to know what’s happening on your machines, who’s accessing them, and why.
#4 | Protect your devices
Our smartphones, tablets and laptops are never far from us. And it’s not an exaggeration to say we use them every day – in private, in public, and even on the go. These devices are so ubiquitous and so entrenched in our routines that we often take them for granted – and that needs to change immediately, says Laurent Peretti-Poix. When it comes to cybersecurity, there’s no room for complacency. So, turn on automatic updates, use reputable anti-virus and security software, and be sensible when connecting to external networks. “You send a postcard if you’re happy for everyone to read it, but you put a love letter inside an envelope,” he says in reference to HTTP and HTTPS.
#5 | Expect to be targeted
South African real estate businesses operate within the confines of the Finance Intelligence Centre Act (FICA) and the Protection of Personal Information Act (POPIA), among other laws. Certain international legislation, like the European Union’s General Data Protection Regulation, may also apply to local companies in certain circumstances. Hackers have no regard for such boundaries – and that means they can target anybody, anywhere, at any time. “It’s tempting to think that a hack is all about you, the victim,” says Louw Liebenberg. “But it’s not about you; it’s about what you hold in your hands.”
This year’s PayProp Academy events were held at the following locations:
- The Oyster Box in Durban (13 May 2019)
- The Venue in Johannesburg (14 May 2019)
- The Radisson Blu in Port Elizabeth (15 May 2019)
- Spier Wine Farm in Stellenbosch (16 May 2019)