How to Keep Your Estate Agent Website Secure

Published: 28/04/2022 By Dakota Murphey

Websites are without doubt a powerful and valuable tool for every estate agency. A well-designed property website will provide huge benefits in a competitive and crowded property market if it is innovative, informative, well-maintained, functional and… secure.
Why are property websites vulnerable?

Websites have become valuable targets for cyber criminals over the years and this trend is only rising. Sites are likely to process important financial transactions, store private client data and plenty of other potentially valuable information. With people’s digital footprints stamped across the internet, cyberspace has become a well trodden route to crime. As a web user, you become vulnerable from the moment you visit a site, punch in your debit card details in, sign up for a newsletter, complete an online form, or share sensitive documents and information.

When it comes to the rise in cybersecurity attacks and sensitivity, the property industry is no exception, explains Paul Offley, Compliance Officer at The Guild of Property Professionals: “As well as deposits and other cash collected by estate agents, there is also a significant amount of sensitive data that should be protected, such as client’s addresses, account details, alarm records and passwords to access homes … Access to this kind of information is what has made the industry a target among cybercriminals.” 

Ultimately, there is a growing number of cybercriminals specifically targeting property sites, so it is more important than ever for owners to do all they can to keep up with security best practices.
Maintain full compliance

An important aspect of any site security is ensuring that it is fully compliant with the latest data protection regulations. For example, to ensure compliance with the General Data Protection Regulation (GDPR), you need to ensure that the personal data of customers is adequately protected.

While it might not be a legal necessity for every business, all sites should be 
encrypting the data on their site by using an SSL certificate. This ensures that any data that is intercepted by criminals cannot be read without the encryption key. Whilst making sure of this, it is also vital to check your configuration is secure.

It is also essential to ensure that your site is compliant with the PCI-DSS, a set of requirements designed to help protect cardholder data. A disappointing number of sites are not compliant, and this can leave them vulnerable to attacks. In fact, check when a site’s software is nearing its end of life to avoid having unsupported systems.

Keep your site up-to-date

Perhaps the first thing to note when attempting to keep your site secure is the importance of having a regularly updated platform to protect against attacks. Most good sites are regularly updated in order to fix known vulnerabilities. But, when website owners delay updating the platforms, their sites remain more likely to be compromised.

Set a strong admin name and password

It is also important to make sure that you are getting the basics right with your security. It doesn’t matter how robust the defences that you put in place are if you fail to set a strong username and password. With the growing trend to work remotely, you also need to ensure your staff and any external users are working on your site safely. Staff training and implementing fundamental cyber aware policies are key. It is a fact that far too many individuals use an extremely simple username such as ‘admin’ to control their site. So, ensure that you have a unique username.

However, it is important to point out that setting a strong password is even more crucial. Choose a password that uses a combination of upper- and lower-case letters, numbers, and special characters. This is the absolute bottom line in security for your site.
Restrict admin access

Another important way to minimise the risk of cyber criminals being able to compromise your website and gain access to sensitive information is to restrict user account privileges. The important thing to note here is that no single account should be able to gain access to everything. If you have a single account with access to all of the data in your system, any cybercriminal who is able to gain access to this account will have free reign.

You should have a separate admin account from the one used for day-to-day work, and ensure that across all accounts, user privileges are regularly reviewed, so that individuals only have the access they need to do their job.

Test your security measures regularly

Strong security measures are important – but so is testing them. No matter how strong you believe your system is, you need to have it thoroughly checked and tested by penetration testers who will be able to uncover potential weaknesses, as well as provide you with information on how to address them.

Penetration testers will look for vulnerabilities in your site that could be exploited. These vulnerabilities are often missed by automated scanning tools and include misconfigurations, authentication and data encryption weaknesses, injection flaws and input validation errors.

Either way, the Webdadi team is on hand to help – just hit the link below to contact us today.