Cyber Security for Real Estate Agents

SAFE COMPUTING IN THE AGE OF

PERVASIVE CYBERCRIME

A Real & Present Danger

Jane Ginn, MRP, AIT

Managing Director

SedonaCyberLink

PURPOSE:Why are we here today?

Characterize magnitude of problem

Overview of threats/vulnerabilities Identify potential cyber exploits

Outline countermeasures Online resources

Hotlinks on PowerPoint Local resources

Tech support

KEY ISSUES TO PLAN FOR

Data Security Customer Privacy

GROWTH OFCYBERCRIME

Exponential growth of criminal activity on the web ---

STATE OF THE WORLDCenters of Criminal Activity ---

Source: HostExploit – Global Security Report, April 2012

DEEP WEBDark Nets of Cyber Crime ---

CYBER CRIMINALSWhat is their motivation?

CRIMINAL ACTIVITY2011 Poneman Benchmark Study

Source: Symantec

NEW MALWARE2011 Patterns ---

Source: Panda Labs

GLOBAL SPAMTypes ---

Source: McAfee 2011 Q4 Report

SPAM TO USOver 50% from US, China & Brazil-

http://www.securelist.com/en/analysis/204792234/Spam_report_May_2012

BOTNET HERDS2011 Infections ---

Source: McAfee 2011 Report

EXPLOITS EVERYWHERE

Apple Exploits (2009 data)---

http://www.sans.org/top-cyber-security-risks/trends.php

RELATIVE VOLUMEHuman errors lead to most exploits ---

ACTIVITIES & EXPLOITS

What you do during the day that could lead to a cyber exploit ---

AGENT/BROKER PROCESS

Marketing

Prospecting

Developing Deal

Closing Deal

Across

All

USING EMAIL AS A TOOL

Local and Web-based Clients ---

Sending and receiving eMail Criminals intercept and steal

confidential information Man-in-the-Middle Attacks (DSN example)

Criminals conduct phishing attacks (spam)

Fraud, Extortion Recruiting for Botnet Herds

Criminals plant malware Viruses Spyware Trojans Worms

SURFING THE INTERNET

All Browsers---Browsing Websites

Criminals use Cross-site Scripting (XSS)Spoofed websites for capturing

personally identifiable information (PII) Downloading Key-Loggers Downloading Screen-Capture Programs Downloading rootkits

Criminals Recruit for BotNetsDistributed Denial of Service Attacks

(DDoS) Computer used as proxy for:

Peer-to-Peer hosting Darknet usage

BUILDING A WEBSITEGetting your message out ---

Website design Criminals seek access control

Password cracking Brute-force attacks War-dialing War-driving

Criminals want your client listsSQL injection

Criminals can steal your client informationGraham – Leach – Bliley ActCalifornia data breach notification law, SB1386

Criminals want your mailing lists (prospects)

SOCIAL NETWORKING

Increase in exploits ---Facebook scam

Bogus Facebook warnings – June 6, 2012 Infected Apps- Software installer w/

TrojanTwitter hack

LulzSec posts 10,000 passwords in mid June, 2012 TweetGIF hack

LinkedIn hack 6 million passwords stolen in early June,

2012 Weak password encryption (SHA1)

Real estate scams – 67,190 in 2009 (FBI)

USING WIRELESS ACCESS

Special Risks ---Cellular calls & data services

Criminals download malware to mobile devicesAndroid – iPhone - Blackberry

Mobile banking vulnerabilities Criminals intercept mobile transmissions

Gap in the WAP vulnerability

Bluetooth Criminals can hijack bluetooth devices

Wireless local area networks (LAN) Criminals can infiltrate your network

OTHER EXPLOITSExploits Targeting Humans ---Point of Sale (POS) scams

Criminals steal credit card dataFor sale on darknet sites

Botnets Criminals set up proxies on legitimate

sitesPolitical activism

Protect activists against tyrannyHacktivism

Conduct DDoS AttacksMask IP addresses for sale of illicit items

(drugs, porn, PII, money mules, money laundering schemes, etc…

COUNTER-MEASURES

What you can do to prevent cyber exploits ---

ADMIN CONTROLSKeeping security tight ---

Manage networkEstablish Network AdministratorStress Test System

Perimeter testingAvoid social engineering

Maintain computer updatesPatch your operating system (OS)Patch your applications

Freeze credit reports

SAFE NETWORKINGReducing vulnerabilities ---

Home-based Office Solutions Use Antivirus + Personal Firewall

SolutionNorton 360, McAfee Total, Webroot Secure

Anywhere Use Specialty Software for Banking

Outsourced Solutions Hosting Service Offsite data storage

Use Secure Wireless Access 802.11i (WPA2)

BANKING SECURITY TOOL

Simple Controls Editable Security Policy

SAFE INTERACTIONSMaintaining constant vigilance ---

Practice Safe eMailing Spam Filters

Black listingWhite listing

Practice Safe web surfing Browser security

HTTPSGoogle ChromeCocoon (Firefox & IE)

Carefully manage client lists Salt list (proof of theft)

Monitor scams on social networks

BROWSER MATTERSPerformance & Security ---

3RD PARTY CRM TOOLTop Producer CRM ---

3RD-PARTY CRM TOOLCheck security policy ---

ONLINE RESOURCES

The websites that you can visit to learn how to protect yourself & your clients ---

REALTOR UNIVERSITY

Course Addressing Data SecurityCourse Addressing

Privacy

NGOS & GOV AGENCIES

Links to help you --- Identity Theft

Privacy Rights ClearinghouseElectronic Privacy Information Center

Banking FraudFederal Trade Commission

Phishing IntelligenceFraudWatch International

NotificationsUS-CERT

PRIVATE SECTOR SOURCES

Apps for tracking latest scams ---

COMPLIANCE ISSUES

Data Security Customer Privacy

Databases – ISO 27001 & 27002Credit Card Payments – PCI

compliance

Gramm Leach Bliley Act

NIST 800-122

RECAP

And now?

SUMMARY:What did we cover?

Characterize magnitude of problem

Overview of threats/vulnerabilities Identify potential cyber exploits

Outline countermeasures Online resources

Hotlinks on PowerPoint Local resources

Tech support

Q & AJust the beginning….