Real estate threatened by computer attacks

March 26, 2004

Experts advise on privacy, security

By Jessica Swesey
Inman News

The security and privacy of consumer data in real estate transactions has become a red-hot issue now that more information is being exchanged and stored in computers and incidents of technology attacks are on the rise.

Companies need to manage their privacy and security policies more closely to improve consumer trust and protect themselves from lawsuits, according to experts who spoke yesterday during an International Association of Privacy Professionals audio conference on privacy and real estate marketing.

The increased vulnerability of computers to viruses and other attacks, increased use of computers in conducting real estate transactions and new consumer privacy legislation all contribute to real estate companies' need to heighten their awareness of security issues and tighten their preventative security methods, the experts said.

"Clearly, in the real estate business, the Web is here," said Richard Mendenhall, principal of consulting firm WMWorks in Columbia, Mo., and former president of the National Association of Realtors.

Mendenhall pointed to Web-use statistics in real estate transactions to illustrate why security and privacy issues are an imperative part of company business plans. Sixty percent of home buyers now view properties on the Internet and 79 percent of consumers who use the Web to shop for homes also find their Realtor online, according to NAR research. That higher level of usage speaks to the greater need for security systems and privacy protections.

Incidents of computer break-ins have escalated over the last few years, noted Mark Lesswing, VP of NAR's Center for Real Estate Technology. He said nine new viruses have surfaced in the past week and 92 percent of respondents to a Computer Security Institute Survey reported attacks on computer systems.

Viruses can perform such nasty tricks as e-mailing consumer account information to an outside entity, he said. A company's level of preventive security and its seriousness about protecting consumer data can greatly impact consumers' decisions to do business with that company.

"Having security in place really does bring up the level of service," Lesswing said.

He described security implementation as "painful," but worth the time and money. Preventive security measures are much less costly than having to remedy a situation that arises from a security breach.

Companies should always use a firewall in their computer systems, regularly update anti-virus software and software patches and avoid installing malware, also called spyware, he suggested. Spyware programs, often installed as "extras" through other file sharing programs, can change the appearance of Web sites, alter settings, cause poor system performance and collect information from a computer, among other things.

"We want to reduce risk on the Internet. We want to demonstrate to consumers that we take care of their data," he said.

Lesswing also suggested real estate companies regularly back up databases and test the backups. Companies also should have their security systems evaluated by a security expert and they should implement a disaster recovery plan.

NAR's Realtor Secure program offers members a way to certify that they meet industry best practices by first performing a self-evaluation, then inviting a third-party security expert to assess a company's security practices. The Realtor group launched the program last fall.

Darity Wesley, CEO and legal counsel of San Diego-based Privacy Solutions, explained how a company's privacy plan of action encompasses security measures.

"It's really not just about technology, it's about people," Wesley said.

Privacy policies minimize a company's risk of liability and build trust with clients, she added. It's important for companies to pay attention to consumer concerns about how they obtain consumer data and what they do with it.

Wesley suggest real estate companies create a "terms of use" policy to display on their Web sites.

"Post an online privacy policy and an offline privacy policy," she said.

The Federal Trade Commission has made it clear that a company's online privacy policy is assumed to govern its offline data collection practices as well, she added.

Copyright: Inman News Features

Contact ALTA at 202-296-3671 or