Websites are essential for most businesses and the property sector is no exception.

Digital shop fronts allow prospective buyers to view videos and photos of property as well as sellers being able to see how their property might be marketed. They might be able to register on your site, make enquiries through your contact form or book viewings at properties they are interested in. But if this resource is lost through a cyber-attack, your firm’s reputation and ability to compete might be wiped out.

According to the 2022 Cyber Security Breaches Survey 47% of admin/real estate firms identified breaches or attacks in the past 12 months, making them the third most attacked industry. That’s not a place that any industry wants but everyone needs to be aware of.

And the survey also found that organisations are more likely to suffer a breach if they increase their digital footprint, use Managed Service Providers (MSPs), or allow employees to use personal devices, all of which is likely within the property sector.

If a website is essential, have you got it protected?

If you rely on using your website to generate interest and sales the worst thing would be for it to go offline, it being taken over, or the associated databases behind the site to be encrypted, all of which are a risk of a potential cyber-attack.

Thinking that this will never happen, is a bit like not locking your front door because no one will ever try and open it whilst you’re not there. We all close and lock our doors when we leave our businesses or homes, but do you do the same to your website.

So, what have you done to make sure a cybercriminal can’t use your site maliciously?

If you are honest with yourself, are any of these the answer?

• I have a website developer and I trust they wouldn’t have built something that wasn’t secure.
• I don’t think that my website would be targeted so it doesn’t really matter, does it?
• I wouldn’t know where to start with securing my site.

If they are, just consider the following:

WordPress is the biggest content management system in the world and, the biggest market share means a number of cyber criminals looking for exploits that they can use. Not updating your WordPress site can mean that there are vulnerabilities in your site, which can be exploited. This can also be the case for bespoke websites.

Whose ongoing responsibility is it to keep your site and plugins updated?

In one of the most common WordPress attacks, a cybercriminal may cause damage or gain access to your WordPress admin by injecting malicious SQL queries or statements to manipulate your MySQL database. Any user input section of your WordPress site such as a contact form or search box may be susceptible to a SQL Injection attack.

Have you checked to see if your site is susceptible to this attack?

What can you do?

There are a few free things which you can do, even if you are not technical.

• Make sure that you are updating your site, the plugins and themes whenever there is a new update. If there hasn’t been an update to a plugin in over 6 months, then that might mean that it is no longer being supported and you probably should avoid them.
• Only use reliable and trusted developers for your themes and plugins. These should be building secure components.
• Ensure your website is being backed up, so if the worst does happen, you can quickly restore a safe version

To actually test whether your site has weaknesses you should consider having a web application vulnerability assessment. This might take one business concern off your mind and allow you to sleep rather than worrying about it.

What is a web app vulnerability assessment?

A vulnerability assessment looks at the most common ways that a cybercriminal would attack your website and what the potential consequences could be, so that you can then take action to increase your resilience if required.

Isn’t it expensive?

Not with us.

The ECRC is a not-for-profit, policing led company, so we’re more interested in protecting you and your business than making money for shareholders.

We work with local university students, who are trained and mentored by experienced cyber professionals, meaning you get an excellent service at an affordable rate.

We offer two types of web app testing, a first step, fixed cost option at £350, and a full web app assessment, the cost of which is dependent on the services that you have, but we’d provide a fully scoped quote before you had to make a decision. Find out more here.

What else can the ECRC do for me?

You can join our business community for free, with no strings or sales pitches attached.

Our aim is to increase the cyber resilience of small and medium companies and third sector organisations within the East of England. We don’t re-sell any products, and if our affordable services aren’t right for you, we will tell you and help you to get what you do need through our range of policing and industry partners.

You get monthly newsletters, bite sized practical guidance, sign posting to free services and tools as well as access to affordable services, if you need them.

Join us today, the only thing it will cost you is the time to complete the form (less than 1 minute) and you can start building your resilience.

Of course, if you would like to have a chat before committing to spend £0, then why not drop us an email and we can have a chat before you decide whether free guidance is something you want.

Policing led – business focused.