Valuators vs. hackers: how to avoid being a victim?
Business or asset valuation procedures require that performers have access to very valuable and confidential company information. Despite this, valuators have never been victims of hackers. But everything is ahead, as RICS experts say. And they offer to be proactive. Below we give their recommendations and advices on this subject.
What is there to be afraid of?
Cyber threats for valuators are, in fact, exactly the same as for any other specialist using a computer and smartphone. This includes stealing personal data by gaining remote access to users’ devices.
Thefts are carried out in different ways, but malware and social engineering techniques are the most frequently used. The most common way to pick up a virus is to download a document sent to your computer by post. For example, this is how one of the most notorious encryption viruses, known as the WannaCry virus, spread between 2017 and 2018.
Social engineering techniques work more subtly. The most striking example is the dispatch of letters from supposedly the management of the company or, for example, its client. Such a letter looks very realistic and, as a rule, asks the user to enter his personal data under some quite natural and non-hazardous pretext. For example, in order to check the authorization system on corporate mail.
Cyber security strategy is must-have for valuation companies
There is a need for clear strategy that, in addition to conducting cyber security education programme for employees, will include continuous improvement of technical knowledge and internal communication. Introduction of current cyber security technologies is another important component of cyber security strategy. Software for filtering URLs, scanning content and blocking any suspicious email is not a luxury, but a necessity. The availability of such software will allow to additionally protect the company and reduce the probability of human errors.
Protecting the data obtained during the performance of valuation tasks is not only important in terms of preventing hacking and leakage risks. It is also a key indicator of the company’s professionalism and its ability to guarantee the confidentiality of its customers.
RICS is convinced that companies should conduct regular trainings and inform the staff about the rules of protection of their both corporate and personal data.