This seems to be a popular question lately, so we wanted to share PBI Group’s thoughts on the matter.  Residential real estate brokerages often have a website and email domain for their agency but not all or sometimes any real estate agents (1099 independent contractors who perform real estate services on behalf of the brokerage) use that email domain (often only a few W2 employees). This is somewhat unique to the residential real estate industry compared to other professional services e.g. lawyers, accountants, doctors, etc. who tend to have a private domain name email services and assign an email address to each person in their organization e.g. [email protected]

The cyber insurance policies that PBI Group offer does not have specific exclusions for coverage related to free email addresses. This is important since a majority of real estate agents use free email services such as Gmail or Yahoo.

We do agree that brokerage-owned private domain name email addresses are often more “safe” since they can’t be spoofed automatically /for free e.g. [email protected] is not the same email address as the spoofed email [email protected] (can you tell the difference? ). Given the business structure of real estate brokerages, it is often not practical or financially viable to require all agents to use a brokerage-owned private domain name email address since many of them have been using the same email address for decades regardless of which brokerage they hang their license under.

If you are one of the many real estate brokerages who have agents using free email services …what can you do to help improve cyber security for those email accounts?

  1. Require your agents to turn on MFA or 2FA. MFA (multi-factor authentication) and 2FA (two-factor authentication) are the same things and are free and easy to enable. Click here for more information.
  2. Only use your [email protected] email address for real estate business purposes. Do not also use the same email address for personal e-commerce transactions or other personal communication.
  3. Set up a strong email password that is unique. There are ways to improve your password security on your free email services by using a password manager program. We like LastPass, but there are others. Why use a password manager? Because it enables you to have unique and complicated passwords which are difficult to guess/reuse. When using only an email address and password, the bad guys often get into your email because your password is either a) really easy for them to guess using software or b) you have the same password on your email as you have on your Facebook account; once Facebook is breached, that password is available on the dark web for sale.
  4. Pay attention to your email filters. All email programs have inbound and outbound email filters, which are rules designed to automatically file emails out of your inbox into other subfolders based on logic (e.g. if an email arrives with the word “Urgent” in the subject, move the email to Folder X). If a bad guy gains access to your email account, they will set up email filters to direct emails into hard-to-find subfolders, so you don’t receive any reply to emails that could alert you of suspicious activity coming out of your email account.
  5. Bottom line…if you treat your free email address like a business email account by limiting it to business-only communications, pruning your emails every year so 10 years’ worth of deals are still not stored in your email, and limiting access via MFA and other security measures such as iPhone face ID and phone lock codes you can create a similarly safe email account compared to brokerage owned private domain name email services.

Interested in PBI Group generating a Cyber Liability or E&O insurance quote for your real estate agency? Click here.