Top Tips for the Property sector

Estate agents and property managers, are you aware of the cyber threats facing you?

Here are our top tips that you can implement today to increase your cyber resilience.


Top Tips:

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable.

  2. Consider using a password manager for your staff to use. Remember just one strong password and your manager remembers the rest. Watch our short video to find out more.

  3. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account.

  4. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because thy have never tested them, and then when they need the data the most, they find that they can’t recover.

  5. Ensure you have anti-malware on all devices, including your phones.

  6. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do.

  7. If you have a website, get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it.

  8. Install those updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities.

  9. Have an incident response plan and test that it will help when the worst happens.

  10. Join the Eastern Cyber Resilience Centre. It’s free, and you will be kept up to date with the latest threats to your business as well as guidance, support and direction to free tools and services, and access to our affordable student services which can help with vulnerability assessments and staff awareness training amongst other services.


Why would my business be at risk?

Consider the data you hold.

Agents hold a large amount of sensitive client data including address, account information, personal information along with general business information, all of which have cyber criminals rubbing their hands in gleeful anticipation.


Cyber criminals have two ways to exploit this data:

  • prevent you from accessing it (and then blackmailing you to restore access) or

  • stealing it and then either selling it on to other cyber criminals (for more money), or they could do both.

Criminals are out to make money, so whether it is encrypting your files through ransomware or blackmailing you with a DDoS attack your company needs to put in place fundamental controls to try and stop these attacks from being successful. And for those attacks that do get through, make sure your company can recover as quickly as possible.


Most cyber criminals do not specifically target a particular business, they are opportunistic, looking for companies which have known passwords so they can log into your systems, or known vulnerabilities which they can exploit. Don’t be the car owner who left their bag in their unlocked car ready for that thief to come along. Lock your digital car today.


Why should we join the ECRC?

The ECRC is a Home Office supported, National Police Chief Council funded, police-led, not-for-profit membership organisation with the aim of increasing cyber resilience in small and medium businesses. We are here to provide support and guidance by way of monthly newsletters, a weekly “Little Step” programme focussing on one thing that you could implement, access to our forum where you can meet and talk with others in the same situation as yourself, as well as personal contact from a member of our team.

Did we say it’s completely free? Sign up today.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.