Why Web Security Matters – And 5 Vulnerabilities You Need to Know About
You think it’ll never happen to you. Until it does.
Zillow is one of the most visited real estate websites in the world, pulling in over 328 million visits per month.
As often happens, though, the bigger you are, the bigger the target on your back. In 2019, hackers logged into Zillow’s system, seized control of the listing page for a high-end home, and misrepresented the property’s sales history (despite it being a new construction).
Zillow was slapped with a $60 million lawsuit because the property owner claims that hackers were able to bypass security questions to hijack the listing page.
There are two important things to glean here: no one is immune to data hacks and it never hurts to be vigilant.
Watch your back… or else
As a real estate agent, you often handle financial transactions worth hundreds of thousands (if not millions) of dollars. And if you work in luxury real estate, you likely have the personal details of high-net-worth individuals on file.
If you think these cyberattacks aren’t worth losing sleep over, you had better guess again.
-
It’s happening — a lot
In 2022 alone, there were about 1,800 data compromises reported, which affected over 422 million people. When it comes to being hacked, it’s not a question of “if” but rather a question of “when.” And if you’re not cautious, it’ll be sooner rather than later. -
It could damage your brand
It’s not hard to imagine the kind of damage a data breach could inflict on your business’ image. Just take a look at the battering that Facebook took after it was revealed that data for over half a million users was compromised. Clients rely on you to handle one of their most personal transactions: buying or selling a house. How can they trust you if they can’t entrust you with their personal data?
-
It will cost you money
Needless to say, a hit to your brand image is also a hit to your bottom line. According to research by IBM, the average cost of a data breach in the U.S. is a cool $9.44 million. At this volatile time in the real estate market, you simply can’t afford the financial damage a hacking incident will inflict on your business. -
It’s inevitable for older websites
Think of it this way: older padlocks are easier to pick than new ones. By extension, an older website that uses earlier security protocols will be easier to hack. If it’s been a while since you’ve redesigned your website, there’s no better time than now to do so — not just for aesthetics and functionality, but for security reasons, too.
Know the common pitfalls
While the prevalence and consequences of hacking are enough to keep any agent awake at night, our goal is to cause panic. Rather, we want to educate you on the risks you might face so you can avoid them.
Think of the section below as a checklist or troubleshooting guide that you can use to address vulnerabilities on your website.
Malware
The name says it all. Malicious software is a code or program that sneaks into your system to compromise your data. They take many forms, from computer viruses, to self-replicating worms, to ransomware. At best, they can be used to deface your website; at worst, they can siphon sensitive data from your real estate website.
How to protect yourself
To begin with, make sure that your computer has a reliable antivirus program that regularly scans your system. If you're using the Windows or macOS operating systems, install their updates as these often have security patches. You can also drastically minimize the likelihood of a malware attack by steering clear of suspicious websites, email attachments, and software downloads.
DDoS Attacks
High traffic is usually a win for real estate websites. Unless you’re experiencing a DDoS attack, that is.
This security threat floods your website with traffic using a legion of compromised computers, slowing down your website or causing it to crash. A useful metaphor is an intentional traffic jam caused by ne’er do wells who want to lock out legitimate prospects from your website.
How to protect yourself
Unless you manage your own website, the best people to approach about DDoS protection is your web services provider. Agent Image, for example, includes DDoS mitigation strategies to thwart attacks before they happen, including traffic analysis and filtering. We also implement redundancy measures so your website remains accessible even if hackers attempt a DDoS attack.
SQL Injections
Search bars are a handy feature in real estate websites as they make finding a dream home easy. Anything a user inputs into the search is essentially a query to the website’s database.
Unfortunately, hackers can use search bars to uncover more than just listings in a certain neighborhood. By inputting malicious search strings (which effectively act as programming scripts), they can trick portals into returning highly sensitive information or even compromise your entire database — an attack called an SQL injection.
How to protect yourself
Again, this is a case where your web services provider can offer help. Reputable ones will ensure that your website uses parameterized queries that won’t be mistaken by your database as executable codes. Likewise, they will do input validation and sanitization so users' queries can’t be used in malicious ways.
Brute Force Attacks
Real estate websites may have come a long way, but they still rely on usernames and passwords to grant access to the content management system (CMS).
Brute force attacks happen when a hacker attempts to guess what those admin credentials are. They utilize special software to quickly generate username and password permutations, an otherwise time-consuming task if done manually.
How to protect yourself
For starters, create a strong password for your website, one that’s at least eight characters long and includes unique characters. Struggling to think up a password? Password generators may come in handy.
Another strategy is to limit the number of times a user can attempt to log into your website before being locked out. Two-factor authentication (2FA) is a vital layer of protection, too. Whenever someone tries to access your website, a unique verification code will be sent via SMS or email.
Unpatched Vulnerabilities
The best real estate websites offer a coherent browsing experience. Look under the hood, though, and you’ll discover interconnected systems that power the site, like the CMS, plug-ins, chatbots, server software, etc. If any of these moving parts have an unpatched vulnerability, hackers will only be too happy to exploit them.
How to protect yourself
Luckily, the makers of the abovementioned software and tools also appreciate the importance of website security, so they regularly release patches to stamp out chinks in their armor. It’s a different story, though, if your website still uses old software that’s no longer being supported. In this scenario, it’s smarter and safer to simply find another third-party vendor that offers the same service.
Don’t leave yourself exposed
The internet can be a hazardous place if you’re not wary of the many bad actors out there. While the list above may not include all the dangers that lurk in the World Wide Web, we hope we’ve inspired you to be more alert when it comes to website security.
Of course, you can rely on Agent Image to create a website that’s loved by visitors and hated by hackers. To learn more about our world-class website security offerings, just talk to our Web Marketing Consultants.
For a FREE consultation, call 1.800.979.5799
or send a message here.
