Current Market Insights
The Current Market Insights Podcast is brought to you by Harris Partners Real Estate.
Understanding the property market can be a challenging thing, with highs and lows, twists and turns. The media and agents tend to spread the news they want you to hear, with the advice they want you to follow.
Current Market Insights is an unbiased look into what is happening, what tips you can use to buy, sell, or rent, and that you wont find anywhere else.
Current Market Insights
Episode 96: Trusted Insider Threats – Data Security in Real Estate
Hosts Ciaran O'Brien and Peter O'Malley expose the hidden risk of insider threats in the real estate industry, where organised crime syndicates are placing moles inside agencies to access sensitive personal information. With data breaches costing consumers and businesses dearly, this episode highlights why protecting client data is now a frontline issue.
We also discuss:
- Criminals purchasing personal data through insiders for as little as $250
- Why real estate agencies are prime targets due to the volume of sensitive information they hold
- Underworld figures using clean associates to infiltrate legitimate businesses
- The need for both tech solutions and human vigilance in safeguarding data
- Harris Partners’ own security measures, including regular system checks and document shredding
- A real-world case of a departing agent downloading 6,000 client contacts, resulting in Supreme Court action
- The role of digital fingerprints in tracing potential breaches
- Ethical responsibility and self-interest driving better business protections
- Why consumers must be selective about the information they provide and regularly review what’s held about them
As always if there is a specific topic you would like for us to cover, please reach out and let us know!
All down, all silent, going, going, going, gone. So congratulations.
Speaker 2:Welcome to the Current Market Insights podcast brought to you by Harris Partners Real Estate. Each episode we chat with real estate author and industry leader, peter O'Malley, to discuss the current property market conditions and provide insights to assist you on your property journey.
Speaker 3:Hello and welcome to another edition of Current Market Insights. I'm your host, kieran O'Brien, and with me is Mr Peter O'Malley. Peter, hello G'day, kieran, great to see you. Great to see you again, peter.
Speaker 3:I want to talk this week about a topic that's a bit, you know, newish for us or a bit off-brand, I guess, compared to our usual market discussions, but there was an article published recently in the Herald that talked about something known as the trusted insider, and it relates heavily to data and data security, which is a topic we have talked a lot about before.
Speaker 3:But the crux of it is that, basically, the article says anyone can be gotten to, and they're referencing the idea that underworld figures and organised crime etc. Are gaining access to our personal data, and one of the avenues that they mention as being a regular source of information for these groups is real estate agencies. So I thought really great topic for us to talk about, given that you and I both proselytize about data security and integrity etc. Uh, on the podcast, you know, as the years have gone on, I'd really love to get your insights into this article, into this issue, uh, whether you have any first-hand experience with anything like this or have heard anything about this, uh, and really what it does kind of mean for the industry overall look, it was pretty concerning to read Kieran, but it's heavy duty, there's no doubt about it.
Speaker 1:So there's a quote here from a jailed crime boss, as they've described him, and he said people give out their information like free lollies to whoever when they sign up for 100 different services real estate listings, toll accounts, telcos, real estate listings, toll accounts, telcos, streamers, online shopping, loyalty programs it's held effing everywhere. Almost anyone can be gotten to. You just have to have the right connections. You can find them there around. So, basically what the article is saying the underworld have tapped into all of this sensitive information that's held on all of us in all of these vulnerable businesses, and by that I mean is that a you know a bank, for example, has the financial ability to insulate itself against leaks. Notwithstanding, we discussed, probably two or three months ago, the time that I had a legitimate call with ANZ, hung up the phone and then got a call from you know someone highly dubious, purporting to be from ANZ.
Speaker 1:Having no one, I just had a chat with ANZ and wanted to confirm my personal data and I was like man, this is well off, but this is also frightening, sophisticated.
Speaker 1:It's sophisticated because someone inside ANZ has just tipped you off that I've just had a critical chat and now you're, under the guise of just wanting to reconfirm personal data. That's frightening, and someone who's less unsuspecting in that moment could have quite easily volunteered information they shouldn't have. But when you get down to away from major corporations and you get down to humble businesses like family-owned real estate offices, the reality is is that they collect so much data personal sensitive data on tenants, landlords, vendors, property purchases and if they don't adequately protect that data, they're highly vulnerable to being hacked to an insider, which is what this article is talking about a trusted insider leaking information about people out there and selling personal and sensitive information which can have wide, widespread ramifications, which we all know about, if your credit card, your home address, your of date, your driver's licence is being leaked out there. So a phenomenal issue. The media are quite right in drawing attention to this and we should be talking about it a lot more.
Speaker 3:It's really interesting. I remember you talking to me about the ANZ thing and I don't think at the time I ever put together that there might be someone at the bank texting their buddy saying, hey, give this guy a call, here's his number because we've just dealt with them right. I think myself and many others would just assume that the real risk to our data is cyber hacks, because that's what we hear about. You know, there's so much money and, as you say, the banks can spend millions and millions of dollars securing their networks and their systems, but they're really other than you, other than key loggers. There are ways, but it's very challenging to mitigate someone's nefarious behaviour when they're on site with access and they're in a trusted position, where a real estate office is a good example where, theoretically, anyone that works in the agency could access data if they wanted to.
Speaker 1:Well, let's go there. We'll read some lines from this article to give the listeners exactly what's going on. Yeah, Sure, Organised crime gangs have been placing moles inside companies to gain protected information that is used to commit serious and violent crimes, including extortion, drug trafficking and attempted murder. The infiltration of these organisations via workers such as customer service and call centre staff, real estate agents and lawyers has been flagged as a significant threat by federal and state law enforcement agencies. The underworld has access to compromised workers who sell personal information for as little as $250 or have been deliberately embedded inside companies specifically to leak to criminal syndicates.
Speaker 3:Yeah.
Speaker 1:The information's been used to set up attempted hits and bashings, run extortions and to create fake identities used in a host of crimes. And then you know the police go on to say in this that the brass ring, according to law enforcement and underworld sources, is to infiltrate a business or department using an associate, often a relative, who has a clean criminal record and is therefore above suspicion. Land ownership and residential addresses can be accessed through multiple different commercial information service providers and government land titles departments.
Speaker 3:Yeah, it's amazing the depth of infiltration. You know you would think it's maybe relatively easy to infiltrate like a smaller business or you know a family-owned operation where they get access to data, but it's also not as rigorous as I say. But you're talking about, like the land title office and senior government departments. Like it's amazing that, uh, they're organized well, not that they're organized enough, but you know that's a long game, right, that's a long play to get someone into a position where they can access this data and then utilize that down the line yeah, but if you go to the local real, to the local lawyer's office, some of these other smaller businesses that just don't have the scale to have this sort of protection and regulation you know, self-regulation in place, they're highly susceptible to this so I mean, ultimately, this is a really important topic, but what I mean, what, what gets done about this as an?
Speaker 3:okay. So a question for you as an agency owner what are the steps that you could? You know, what do you do to kind of make sure that your, your client, starter is protected?
Speaker 1:well, as you know, from a from a digital point of view, we we had a chat earlier in the year that we needed to beef up in that space. It was late one night when we you know I just finished our compulsory development course and it was highlighting where data goes and whether it be at an open house or someone inquiring through domain or someone buying a house from you is that we needed to stress test how we managed our data, and we've come up with an internal game plan there about managing passwords, changing passwords every time someone leaves the business, wi-fi codes. You know getting best practice, having our IT provider run tests and stress testing our systems is all part of it. I don't pretend to be an expert in that space, by the way, but certainly IT security is the next big frontier for many, many businesses. There's no doubt In terms of what we deal with in a tangible manner.
Speaker 1:As you know, kieran, there's shredders right through this office. I want all sensitive documents and have for the last 25 years, sensitive documents shredded. I don't want them put in a recycling bin. So, for example, we do have a recycling bin and we have a sensitive document bin, but we also have shredders and anything that's highly sensitive is shredded here and then taken away. So you just can't be too safe.
Speaker 1:And you know I got onto shredders when I read frank abagnale's book yeah, right because frank, frank frank said if you're looking he just asked the question you asked if you're looking to protect yourself from people like who I was back in the day, get yourself a shredder and shred everything. Put nothing in the bin. Put nothing in the bin and don't rely on document destroying companies, because, with respect to whoever we use, whoever the next company uses, the person that comes to pick up the bin Could be involved. Yeah, who said they're clean? So if it's highly, highly sensitive, as Frank Abagnale said, the world's, you know, most prolific con man, let's say I won't say greatest con man, for fear I'm venerating him, but the world's most prolific con man is.
Speaker 3:He said the only way to protect yourself when it comes to documentation is to shred, shred or burn so do you think then, just from an industry perspective and I you know I asked that question somewhat loaded because obviously I'm very well aware of what you guys do here and I've been involved in making sure there's a lot of data security in your business but do you think that there is a reasonable argument to be made that agencies like real estate agencies could probably move forward operating with less data on clients that don't necessarily engage in a full-fledged transaction?
Speaker 1:well look. Um, yeah, possibly, but data is the value that runs a modern real estate office. Yeah, so you know, we again in previous podcasts have spoken about agents that move firms and just put the their database on a usb stick and put it in their pocket and walk out the door and think that's normal yeah, yeah now.
Speaker 1:Could you imagine the uproar if your anz bank manager uh, quit anz. And said, no, I've got a better offer at National Australia Bank, downloaded the database and then went across to the road to the National Australia Bank and started calling the ANZ customers. The ANZ customers would be in uproar that their data had been abused that way. But that happens in the real estate industry every single day of the week.
Speaker 2:Yeah.
Speaker 1:And with this new model that exists in the real estate industry, where you've got what would you call it a pack of salespeople working under a mothership brand, but the pack of salespeople are all individual companies that operate independently from the agent next door to them or the next desk to them. They think it's their right to build this data up, which they're entitled to do, and then, when it doesn't suit them working under brand ABC and they move across to brand XYZ, they just download the data and take it to the next company on them. Now, a few years ago, we had a rogue salesperson leaving the company and I said to the general manager he is going to steal the database. He said no, he won't. I've spoken to him about it and I said he is going to steal the database. You were here then.
Speaker 3:Yeah.
Speaker 1:Yeah. And he said no, mate, he gave me his word, he wouldn't. I said okay. So I rang the marketing manager and I said has there been a abnormal download on agent box, which is our crm? And she said let me investigate, I'll come back to you. The call came back 6 000 contacts were downloaded yesterday, which was the day this salesperson left the company yeah so we went.
Speaker 1:We took him to the supreme court and got an injunction and made him sign a stat deck admitting to taking the data and giving us the usb back and undertaking that that was the only copy of that data and that he would not use any of it again. Now he was leaving Harris Partners to go and work at a firm in Leichhardt. Yeah, the firm in Leichhardt said to the general manager why are you going so hard on this young kid who's just trying to get started on his real estate career? He's not going to have much success with his starter anyway. So there's a couple of things here. The young kid didn't put the 6,000 people in the database. Salespeople and staff before him at Harris Partners did. That was Harris Partners' intellectual property. He had no right to take it. It was flat-out theft, which is why, after putting up a feeble fight, he folded like a tent because he realized that the judge was going to, you know, hammer him, spear, tackle him.
Speaker 1:Basically for what? For what he'd done? He didn't. He didn't unsurprisingly, didn't last didn't succeed at the leichhardt office. Yeah, yeah. So he's moved on again. Yeah, but if we had allowed our data to go into their office? Suddenly a competitor's got our data that did nothing to deserve it in a different marketplace, and he's moved on. So the principle of the firm ultimately has to be vigilant and aware of the risks, not just in the systems but in the people. It's not nice to say that, but, as this article in the media says, here it's humans that are accessing the database and extracting the information out. So when you say, what are you doing to protect yourself? Um, what are you uh doing to make sure that this doesn't happen? Well, one one of the ways is that when you start touching things digitally, you leave fingerprints behind you.
Speaker 2:Yeah.
Speaker 1:And I will periodically do a check in our database to make sure that sensitive information hasn't been accessed and downloaded, and that's one thing that all agency principals should be doing with regularity.
Speaker 3:Yeah, look, I'm really glad, just before we wrap up, you answered that question and I ask it again. I'm intimately aware of what goes on in your agency, having been involved in a lot of this. But I ask because I, you know, for all of my time with you was constantly running spot checks on the data, making sure that it was secure, making sure, you know, penetration testing, doing whatever we could to make sure it was safe. But this article really highlights that the occasions where you've had me check for data breaches or any concerns have been a gut feeling right and it's picking up that human element that the system. You know, whilst there might be a fingerprint, there might be some digital footprint somewhere hidden in the mass. At the end of the day, we may never have checked had you not just had a gut feeling about it.
Speaker 3:And I think that's the important thing is that you know client. You know clients, consumers they have a right to request what data is being held and, and you know, ensure that they're happy with that. But at the end of the day, businesses have a responsibility to not just assume that their little, you know, glorified excel spreadsheet in a crm or whatever they use is completely infallible and that that data is secure. That, at the end of the day, the owners have to be willing to keep an eye on everything that goes on in the business and take that data seriously for their own business, but also the fact that that's someone's private information I think.
Speaker 1:I think the principle you're 100 correct here and the principle has a duty of care and responsibility to the consumer if they're taking sensitive information to protect it. Yeah, that's half of it. The second half, which is less noble but equally wise, is who wants to be involved in a PR disaster like the big corporates have, where they're hacked, and you know, we know some of the big companies that have been named in recent years. I guess Optus was the bigger one where they're hacked and you know, we know some of the big companies that have been named in recent years. I guess Optus was the bigger one where they're hacked in personal data.
Speaker 3:Oh, medibank I mean iCloud was hacked, like companies that would seem infallible from a digital security perspective are completely fallible.
Speaker 1:So it makes. It's no surprise, and it makes sense, that criminals are now going to smaller businesses that have got equally nuanced and sensitive data but nowhere near the protections in place, because the big corporates are building the brick wall higher, so to speak.
Speaker 2:Yeah, it does make sense.
Speaker 1:Yes, I do it too as an act of good faith and good management to protect people's data that we take. But secondly, god, god willing, touch wood. I don't want to be involved in a phenomenal pr disaster where we're hacked and that data is used in a way that no one would be happy with. Ultimately, the consumer's got a role to play here, which is what it goes on to say, which is you know, stop being so free with the information that you pass out look, I I acknowledge that sentiment, but I think it is challenging.
Speaker 3:Right, there are some services where you have to provide, uh, what seems like an excessive information if you do want to access services.
Speaker 3:Uh, but at the same time, you know they mentioned streaming services and other things uh, there is a whole range of places where you don't need to give them your date of birth and your address and your passport number and, you know, verify your identity with three forms of ID and a bank statement, like it's. I think there could be a generational shift. You know, those that maybe were born after the advent of the internet age and just use it are less aware of the risk, but I feel like you know anyone in our age bracket anyway, who was there for the not the invention, necessarily, but the dawn of the internet age has always been a little bit dubious. You know, we were the first to question online shopping and things like. You know, not to say that we don't engage in it, because of course we do, but I think we're entering a phase now where there is a whole generation that don't see any risk. We're just living their life online in all facets and that is dangerous.
Speaker 1:The risks are going up, not being more contained 100% they're going up not being more contained.
Speaker 3:They're going up A hundred percent. Yeah, look really great chat, peter. And, as you know, a final reminder to any consumers out there you do have a right to check on your data and you should do it frequently and make sure that you're happy with what's out there and if there's bits that don't need to be there, certainly request they come down, because you know companies in Australia will do that for you, talking about an important topic. Thanks, kieran, all the best, all the best, and thanks to everyone for listening to Current Market Insights. We look forward to speaking with you next time.
Speaker 2:Thanks for joining us on the Current Market Insights podcast brought to you by Harris Partners Real Estate, the podcast providing real estate insights you won't find anywhere else.
