Cyber Security 101 for Estate Agents: What You Need to Know

Published: 15/02/2024 By Dakota Murphey

The property sector is no stranger to digitisation. It’s reached a point where, through platforms like Webdadi, web design and page editing have become increasingly less technical, so the idea of digitisation shouldn’t, at least on the surface, fill estate agents with dread.

That said, given the sensitivity of the information and amounts of funds that estate agents hold on file, it’s vital to uphold proper cyber hygiene.

Recent incidents of cyber attacks and data breaches have impacted the property sector in profound ways, bringing transactions to a standstill and delaying important market activity between buyers and sellers. The rise in remote or hybrid working has acted as a catalyst for increased vulnerabilities of estate agents, particularly the smaller ones in the market without as many defined cyber security resources or infrastructure. It’s reached a point where property firms are urged to take cybercrime more seriously.

As digital transformation accelerates across this industry and beyond, estate agencies are under increased pressure to invest in enterprise-grade cyber security measures and tools - such as vulnerability management and penetration testing - to keep all data on file secure and free from compromise.

This is easier said than done, given the ever-pervasive cyber skills gap that exists sector-wide, and how budgets for smaller agencies are stretched thin. The first line in any cyber defence strategy is the agents themselves, who - often unknowingly - are being targeted as part of broader targeted attacks seeking to defraud customers in a property sale or transaction. 

Considering the sophistication of these calculated cyber attacks, the potential damage they can inflict can be severe to data integrity, finances, and the reputation of firms in the property sector. Therefore, it’s fair to say that proactive workarounds are needed and risk mitigation steps must be taken, which can only begin if we truly understand the threat landscape. 

This guide explores some of the most prominent threats facing estate agents online and provides actionable recommendations on strengthening defences.

The threat landscape targeting property firms

The pressure imposed on multiple estate agents across a spectrum of property chains means they are under duress to complete transactions quickly. However, while this presents opportunities for cybercriminals to execute attacks methodically and covertly, it also means that there is a profound risk for all parties in a given chain. Should one firm be exploited, it could have a knock-on effect on all connected financial transaction data, identifiable and financial information, and sensitive information that could pose dangers to individuals’ safety. 

Below are just a few examples of cyber threats that could impact a real estate agency.

Ransomware attacks

Ransomware refers to a specific type of malware (malicious software) that, if allowed to penetrate systems, can lock users out, encrypt essential data and files, and restrict access until a ransom is paid. Ransomware can take many forms, all proving highly disruptive and damaging to agency operations and long-term stability.


Phishing, spoofing and social engineering scams

Phishing is one of the most prolific types of cybercrime, with a 2023 UK government study reporting that 79% of UK businesses faced phishing attacks within 12 months. Similarly, spoofing refers to the process of falsifying information and data in an attempt to earn a victim’s confidence. Seemingly convincing and legitimate emails or SMS messages aim to deceive and mislead users into divulging passwords or credentials, while links in correspondence often lead to fraudulent login pages where information can be stolen or intercepted.

Insider threats

Another big threat facing real estate agencies is insider threats, which typically stem from current or former staff members misusing privileges due to having unauthorised access. Confidential data or information can be stolen or sold to third parties, while critical systems can be locked down from the inside with limited recovery routes available. 

MITM (Man-in-the-Middle) attacks

An MITM attack is when a malicious actor positions themselves in a conversation between a user and software (or a seemingly legitimate other user) to eavesdrop or impersonate one of the parties. A seemingly innocuous or normal conversation or interaction results in the perpetrator stealing information unbeknownst to the user.

Why estate agents make tempting targets

In response to the COVID-19 pandemic, businesses in the property sector adapted to remote working models and adopted tech solutions to minimise disruption, maintain market activity, and improve accessibility for prospective tenants, buyers, sellers, and investors.

The emergence of ‘PropTech’ helped the industry stabilise to a point where transactions were able to be facilitated, despite the physical restrictions imposed by COVID and surrounding legislation. The downsides of this progress meant that data became more vulnerable and susceptible where appropriate security measures were not being deployed, managed, or reviewed. As more real estate professionals enter the tech-led property sector, it means that real estate firms have to upskill them in proper cyber hygiene. Otherwise, it could affect them individually and the firm as a whole.

‘Why might a cybercriminal target a real estate firm?’ You may ask. Here are just some of the reasons why estate agents make prime targets for malicious actors:
  • Online estate agents handle rentals that can be vulnerable to scams, contracts and large financial transactions.
  • They manage various conveying funds for sales.
  • They hold a wealth of sensitive and personally identifiable information like names, addresses, and dates of birth.
  • Often, full transaction histories of sales and purchases are stored in historical archives.
  • Many estate agents - particularly smaller firms - have fewer team members and limited resources to exhibit proper cyber defences.
  • Workloads are high, leaving little room during a working day to properly upskill in cyber hygiene.
  • Appropriate and relevant cyber security knowledge is lacking amongst leaders, with outdated practices often conveyed, leaving defences lacking.
  • Quite often, cyber attacks will not be discovered until months after a breach has already taken place.

Building robust cyber resilience

It’s easy to wax lyrical about all the possible cyber security solutions an estate agency could deploy that would improve its cyber posture. However, at a basic level, a few essential steps taken would exponentially shrink a firm’s attack surface, and drastically reduce the amount and frequency of common cyber attacks.

All firms in the property sector should, at minimum:

  • Secure emails and shared logins with multi-factor authentication (MFA) to provide an extra layer of protection. Requesting that users verify their access attempts - by clicking verification links or entering passcodes - will minimise the chances of illegitimate or unauthorised users gaining access by force.
  • Update all passwords across all shared services to lower the chances of compromised credentials and unverified access. Most passwords are too weak and easy to guess, while longer and more complex passwords with numbers, letters, and special characters drastically improve resilience.
  • Restrict account permissions to only essential staff, removing them immediately from former staff to mitigate insider threats.
  • Apply relevant software and core system patches and updates when prompted to close known vulnerabilities that could be exploited. 
  • Back up systems regularly to create offline copies of essential data, so that, should there be a breach, restoration and recovery are easy and will not hamper operational efficiency as severely.
  • Implement mandatory cyber security training and upskilling for all staff to address any skills or knowledge gaps, and refresh their knowledge regularly.
  • Supervise and manage all new tech-led processes and policy adherence, reviewing and updating accordingly.

How Webdadi protects property firms

Invariably, an estate agent’s website is the prime spot for seizing assets or information. Websites lacking in stability or security will undoubtedly attract opportunistic cybercriminals, which is why website security must remain a priority. If done right, a website can be an asset and lead generation tool, rather than an unwanted cost.

Webdadi enables estate agencies to see the true benefits of embracing a digital presence. We tailor web design packages to help any property agent business get the essential design flexibility and professional solutions they need to maintain a competitive edge in a fluctuating, highly volatile and service-driven marketplace.

The Webdadi website platform is built to help every estate agent rank well on Google through white hat SEO practices while maintaining security and stability. We recognise that many estate agents do not have - nor do they wish to hold - technical SEO expertise, which is why we take care of all that hard work so they can do what matters most. Our professional team adds new functionalities and features to keep websites updated and functional without the need for a full rebuild every few years.

By taking on board some basic cyber security tips, your website and digital presence can remain stable as you begin to see the real benefits of digitisation.

Take control of cyber risks

The future is increasingly digital - there is no denying it. The coming years will prove pivotal for estate agent opportunities online, but bilaterally, cyber threats will continue to permeate and become more sophisticated. Agencies lagging in their digitisation journey should align - sooner rather than later - with industry recommendations and best practices for thorough cyber risk management. Follow the advice above and take your website to the next level while staying secure.