Cybersecurity Tips for REALTORS®: Multifactor Authentication

With most of our business being conducted online, REALTORS® and managing brokers must be aware of good cybersecurity practices. Ensuring your digital accounts are secure online prevents hackers from obtaining not just your sensitive information, but also private client information.

In a recent Community of Practice for Managing Brokers session, BCREA Technology Manager, Mairon Batista, presented about multifactor authentication (MFA). If you missed the session, you can find the recording on our Community of Practice page (BCREA Access login required).

What is Multifactor Authentication?

“Multifactor authentication” or “two-step verification” is a process to confirm your identity when you try to sign in to an application. There are three ways a computer or a system can identify you. It can ask for:

•  a pin or password;
•  a card, badge, USB key, cellphone; or
• biometrics (fingerprint or facial recognition).   

Many online services like social media, email and government services like the Canadian Revenue Agency use MFA. Often, MFA occurs when you log in to an account on a new device or web browser. This additional step prevents hackers from breaking into your account with  a compromised username and password.

It is less likely that a hacker can log into your accounts and systems if you use MFA in your daily operations.

Another critical point to note is that using SMS or text message codes as a factor of authentication is not the best practice anymore. Hackers can copy phone numbers and intercept text messages. Instead, using authenticator apps on your smartphone is more secure. Here are some of the best multifactor authenticator applications:

• Twilio Authy.
• Microsoft Authenticator.
• LastPass Authenticator.
• Yubico YubiKey.

Most major services and applications give you the option to set up MFA. Examples are Facebook, Instagram, Twitter, LinkedIn, Dropbox, Amazon Web Services, WordPress, Office365, and G Suite.

And always be mindful that you provide the code to the authentic website, not a fake one.

Reasons to Use Different Passwords

Given the increase in security threats in today’s world, a complex password is not enough to prevent cyber-attacks and breaches. Therefore, incorporating MFA is the best practice.

Additionally, using different passwords can prevent potential cybersecurity breaches when emails and usernames are easily searchable.

A hacker simply needs a victim’s username or email and password. So how do hackers get your credentials you may ask? A huge part of this is due to weak or stolen passwords hackers may obtain from a previous data breach and reuse the stolen credentials across the internet.  

Another way hackers can gain access to an organization’s network is through password spraying. This hacking tactic is when hackers try a specific password across many accounts before moving on to the next one.

Here are some password management tips:

• Replace the password with a pattern. For instance, use a unique code or pattern formed out of letters or numbers.
• Use various numbers, symbols, and upper and lower-case letters.
• Avoid reusing passwords.

What else can you do to protect yourself?

Despite our best efforts to be safe online, hackers are savvy. So be aware of social engineering tactics regarding your interactions online. Social engineering is the art of exploiting human psychology rather than technical hacking techniques to gain access to networks, accounts, or data. Read more about social engineering and how to spot it in this blog post by CSO.

Furthermore, you should educate yourself and your peers on the latest cybersecurity best practices and incorporate extra security measures into your business. Here are some other practice tips to enhance your cybersecurity awareness:

• Do a review in your organization of what services you use. Then, log in and check if you can activate MFA or two-factor authentication.
• Ask yourself: what would impact our organization if someone had access to this account or service? Usually, besides a financial impact, there is also the risk of repetitional damage.
• Enrol in cybersecurity awareness training.
• Follow Cybercrime Magazine to stay up to date with best practices.
• Apply for cyber insurance via BCREA’s affinity insurance program for managing brokers.

To subscribe to receive BCREA publications such as this one, or to update your email address or current subscriptions, click here.