Cybersecurity Warning for Property Managers

Property Management,  Property Managers

Last month, the Australian Government became victims of a “state-sponsored” vicious cyber-attack. The security breach, which impacted both the Government and Australian businesses, is a timely reminder that property managers and real estate businesses must reassess their own online behaviours and policies.

Here are four points to consider reviewing to help prevent a cybersecurity breach in your business.

Review Your Programs and Procedures

Undoubtedly, the property management profession is becoming increasingly digital. Most property managers are familiar with cloud property management software, and on a day-to-day basis, business can be conducted via email, the web or even social media. During the peak of COVID-19, property managers delved even further into the world of operating online – opting to conduct virtual routine inspections to comply with the Government’s social distancing measures.

Since a property manager’s line of work is so digital, it’s important to review what programs and procedures your team is using in order to prevent cybersecurity breaches. Having up-to-date security software and operating systems is one of the best ways to protect your devices against viruses. For example, spam filters can reduce the chance of spam or phishing emails getting through to your staff.

Offline security measures should also be looked at in order to prevent data breaches. Ask yourself: where are you filing sensitive hard copies of information? Contracts and documentation have always led to significant overhead and risk within property management. The REIQ’s One Touch Execution aims to address that. REIQ PMSS Team Member Connie McKee can attest to the security benefits of using OTE. “In this day and age, why would you not have a paperless office?” asks McKee. “That’s just the way we’re moving. The One Touch Execution is a secure environment; it’s very well automated once you put in the data correctly. There are fewer hands involved in the process, less filing, you’ll know how to retrieve it, and you can rely on it in the event you go further for QCAT.”

Conduct Regular Training

Unfortunately, most property managers have a horror story about a data or cybersecurity breach. While it’s not always avoidable, regular training with staff can combat some of the most common security breaches – like phishing. Rebecca Fogarty, Co-Founder and Director of Blackbird and Finch Property Management Specialists, is no stranger to cybersecurity breaches, having fallen victim to a clever hacker imitating one of her clients. “A few years ago we had an email to admin from an owner changing the bank details,” says Fogarty. “It was done, but at the end of month the landlord called to say they hadn’t received the money. Reception asked about the new bank details and the owner said she hadn’t sent anything.” After reviewing the initial email, it was discovered there was one small difference – the phisher had used a dash instead of an underscore in the email address. “That’s how easy it can happen,” warns Fogarty.

In December 2019, the Office of the Australian Information Commissioner (OAIC) reported that human error was the second largest source of data breaches across all sectors. From these human error breaches, 35 per cent were from people emailing the wrong recipient with personal information, followed by unintended release or publication of information and loss of paperwork/data storage device.

These frightening statistics highlight the importance of regular cybersecurity training. This might include education around data breaches, managing user permissions, how to identify fraudulent emails, and enforcing a two-factor authentication policy when tenants or landlords want to make changes to their details. Moreover, as people continue to work remotely post-COVID-19, you may want to create new educational materials on the risks of using public or unsecure WiFi networks, not filing paperwork securely, and leaving their desktop unlocked without password protection.

Don’t Be Left In the Dark

Mitigate the risk of breaches by joining the Australian Cyber Security Centre’s (ACSC) Stay Smart Online program to receive up-to-date email or social media alerts on cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours. The ACSC’s service is free and can be accessed by visiting here.

Invest in Cyber Insurance

While following the above steps can help you stay cyber safe, it’s unlikely any business with a digital footprint is fully immune to cybercrime, regardless of where they work or the policies they have in place. For this reason, cyber insurance can prove to be invaluable. Karen Herbert, Director of Arrive, found out the hard way about the value of cyber insurance when a former staff member had illegally lodged eight bond refunds with the RTA, totaling ~$15,000. “We contacted our insurance company, only to be told that we had no cyber insurance,” says Herbert. “We now have a $20,000 cyber insurance added to our policy.”

If you already have cyber insurance, Aon Insurance recommends contacting your broker to confirm what you’re covered for, particularly whether or not you’re covered for cyberattacks that occur whilst working remotely during COVID-19.

REIQ Members seeking further advice on this topic or any other property management topic can call the PMSS Team on 1300MYREIQ (1300 697 347) or email


Important disclaimer: This article is provided for general information only, and the author is not engaged to render professional advice or services through this article. Readers should satisfy themselves as to the correctness, relevance, and applicability of any of the above content, and should not act on any of it in respect of any specific problem or generally without first obtaining their own independent professional legal advice.