How to Protect Your Real Estate Customer List From Internet Hackers
April 28th, 2009 | by hotmail |
Reginald Esteban asked:
Introduction
The purpose of this article is to give a brief overview of how to protect your buyer’s list from unauthorized intruders. This article does not provide a comprehensive security strategy for mitigating information security risks.
What are some of the main targets of your competitor?
Real estate investors often store lists of customer data in customer relationship management (CRM) and email systems. In this article, we will use an “auto responder” website as an example of a CRM. For the email system, we will refer to the accessing method as the “email account”.
Investors frequently maintain real estate customer lists to cultivate and maintain relationships with their buyers so that they can sell houses and other products to the buyers. The customer’s information is stored in a database with data such as the customer’s name, phone number, email address, and buying tendencies.
A motivated competitor with an incentive may attempt to hack into your email system to learn more about your investing strategies. A hacker that has knowledge of website vulnerabilities could attack your auto responder website and extract or delete your customer buyer list.
How to protect your passwords from malicious users
For both of these sites, a common way of hacking into an account is by guessing usernames and passwords. When a competitor finds your email address, he or she can go to your email website and attempt to guess the password. There are automated tools on the Internet that can guess passwords by attempting to login using hundreds of passwords per hour. These “brute force” password hacking programs can use dictionaries and randomly generated passwords. When the right password is found, the tool saves the result for the attacker. Additionally, there are ways to disguise or "spoof" the location of where the attacks are really coming from. Therefore, having an administrator track down an offending system may result in chasing a computer a foreign country.
Some websites will lock the account after a certain amount of invalid attempts are made. Some other sites will not. Make sure that your website locks your account after 3 invalid login attempts. Also ensure that the website has a way of verifying your identity when you attempt to get the password unlocked. When using passwords, the password should be at least 8 characters long, with a combination of 1 upper case, 1 numeric character, and 1 special character in addition to lower case characters. Ensure that the email or auto responding service allows special characters for passwords. Do NOT use passwords that are dictionary words, trivial number sequences (e.g. 1234), or passwords that are equal to the username.
A common way of stealing passwords from people is through social engineering. For example, a hacker may target one of your employees and attempt to pressure or trick them into giving up their password. An example of this would be a malicious hacker posing as a technical support employee at the auto responder website. The hacker may say that he noticed that your company is having technical difficulties and they need to check your account. If the employee resists, the hacker usually has some way of pressuring or tricking the employee, such as, "We are about to lose your real estate buyer’s list. We need your password NOW." Security awareness training is the best way to prevent this from happening. Instruct your employees to never give out their password on the phone. These principles should also be applied to a user’s email account. Another way of preventing compromises through social engineering is by restricting access to sensitive data for those employees who do not have a valid business requirement for using the data. If the employee does not use the data, then do not give them access to it in the first place.
Another way that your password can be compromised is if the Internet connection is not encrypted. Your password can be compromised while it is being transmitted to the email system right after you type it in and hit enter through the browser. One way to help mitigate this risk is by making sure the system used an encrypted session. When you first connect to the system, ensure that the web address in Microsoft Internet Explorer starts with "https:". The "s" shows that the system connection is encrypted and will make it harder for malicious users to compromise your password while in transit. Additionally, in Internet Explorer (version 7), you will see a small yellow pad lock icon to the right of the web address. This also indicates that the session is encrypted. Some email websites such as www.hotmail.com have an option to turn on encryption. For example, go to www.hotmail.com and click on “Use enhanced security”. This will enable encryption.
Mitigating physical security threats
Another way to lose your buyer’s list or sensitive emails is to have your laptop stolen. This is not uncommon and many times the data on the laptop is more valuable than the laptop itself. One way to manage the risks of having your laptop stolen is to encrypt the hard drive. When the thieves steal the laptop, the data will be irrecoverable without the proper authentication information. This is in contrast to some unencrypted laptops, where the username and password prompt can be bypassed and the data can be retrieved if the thief has the laptop in physical possession. One encryption product to consider is PointSec® from CheckPoint. PointSec® is in compliance with the US government encryption standard known as FIPS 140-2. This encryption can also be applied to USB thumb drives.
Conclusion
As real estate investors, spending many hours buying and selling houses can result in building many customer relationships. Protecting your customer information is a vital part of your company’s success and should not be overlooked.
hotmail coj
Introduction
The purpose of this article is to give a brief overview of how to protect your buyer’s list from unauthorized intruders. This article does not provide a comprehensive security strategy for mitigating information security risks.
What are some of the main targets of your competitor?
Real estate investors often store lists of customer data in customer relationship management (CRM) and email systems. In this article, we will use an “auto responder” website as an example of a CRM. For the email system, we will refer to the accessing method as the “email account”.
Investors frequently maintain real estate customer lists to cultivate and maintain relationships with their buyers so that they can sell houses and other products to the buyers. The customer’s information is stored in a database with data such as the customer’s name, phone number, email address, and buying tendencies.
A motivated competitor with an incentive may attempt to hack into your email system to learn more about your investing strategies. A hacker that has knowledge of website vulnerabilities could attack your auto responder website and extract or delete your customer buyer list.
How to protect your passwords from malicious users
For both of these sites, a common way of hacking into an account is by guessing usernames and passwords. When a competitor finds your email address, he or she can go to your email website and attempt to guess the password. There are automated tools on the Internet that can guess passwords by attempting to login using hundreds of passwords per hour. These “brute force” password hacking programs can use dictionaries and randomly generated passwords. When the right password is found, the tool saves the result for the attacker. Additionally, there are ways to disguise or "spoof" the location of where the attacks are really coming from. Therefore, having an administrator track down an offending system may result in chasing a computer a foreign country.
Some websites will lock the account after a certain amount of invalid attempts are made. Some other sites will not. Make sure that your website locks your account after 3 invalid login attempts. Also ensure that the website has a way of verifying your identity when you attempt to get the password unlocked. When using passwords, the password should be at least 8 characters long, with a combination of 1 upper case, 1 numeric character, and 1 special character in addition to lower case characters. Ensure that the email or auto responding service allows special characters for passwords. Do NOT use passwords that are dictionary words, trivial number sequences (e.g. 1234), or passwords that are equal to the username.
A common way of stealing passwords from people is through social engineering. For example, a hacker may target one of your employees and attempt to pressure or trick them into giving up their password. An example of this would be a malicious hacker posing as a technical support employee at the auto responder website. The hacker may say that he noticed that your company is having technical difficulties and they need to check your account. If the employee resists, the hacker usually has some way of pressuring or tricking the employee, such as, "We are about to lose your real estate buyer’s list. We need your password NOW." Security awareness training is the best way to prevent this from happening. Instruct your employees to never give out their password on the phone. These principles should also be applied to a user’s email account. Another way of preventing compromises through social engineering is by restricting access to sensitive data for those employees who do not have a valid business requirement for using the data. If the employee does not use the data, then do not give them access to it in the first place.
Another way that your password can be compromised is if the Internet connection is not encrypted. Your password can be compromised while it is being transmitted to the email system right after you type it in and hit enter through the browser. One way to help mitigate this risk is by making sure the system used an encrypted session. When you first connect to the system, ensure that the web address in Microsoft Internet Explorer starts with "https:". The "s" shows that the system connection is encrypted and will make it harder for malicious users to compromise your password while in transit. Additionally, in Internet Explorer (version 7), you will see a small yellow pad lock icon to the right of the web address. This also indicates that the session is encrypted. Some email websites such as www.hotmail.com have an option to turn on encryption. For example, go to www.hotmail.com and click on “Use enhanced security”. This will enable encryption.
Mitigating physical security threats
Another way to lose your buyer’s list or sensitive emails is to have your laptop stolen. This is not uncommon and many times the data on the laptop is more valuable than the laptop itself. One way to manage the risks of having your laptop stolen is to encrypt the hard drive. When the thieves steal the laptop, the data will be irrecoverable without the proper authentication information. This is in contrast to some unencrypted laptops, where the username and password prompt can be bypassed and the data can be retrieved if the thief has the laptop in physical possession. One encryption product to consider is PointSec® from CheckPoint. PointSec® is in compliance with the US government encryption standard known as FIPS 140-2. This encryption can also be applied to USB thumb drives.
Conclusion
As real estate investors, spending many hours buying and selling houses can result in building many customer relationships. Protecting your customer information is a vital part of your company’s success and should not be overlooked.
hotmail coj
