A comprehensive defence strategy is vital

Cybersecurity in the real estate industry took centre stage at this year’s PayProp Academy road show.

Group photo of PayProp Academy 2019 presenters at Spier in Stellenbosch

From left, Louw Liebenberg, Bernard Chadenga, Laurent Peretti-Poix, Jan Davel, Chantelle Nieuwendyk, Vilje Visser, and Handre van der Merwe at the PayProp Academy presentation at Spier Wine Farm in Stellenbosch on the 16th of May 2019.

If you’re involved in South Africa’s real estate industry, then there’s a good chance you’ve heard of PayProp, the leading processor of rental payments for the property management sector. The company’s eponymous payment and reconciliation platform is used by several local real estate brands, including Pam Golding Properties, Jawitz Properties, Seeff, Harcourts, and REMAX.

In recent years, PayProp has gathered experts from diverse fields for its PayProp Academy presentations. These annual road shows are designed to give property managers an inside look at the latest developments in the property sector, and to showcase the technologies available to help them maximise their own business performance.

In 2017, the PayProp Academy events covered rental trends, risk management, profitability, and the legal landscape. In 2018, speakers demystified property tech and discussed some of the tools available to help attendees streamline their processes and empower their staff. This year, the focus shifted to cybersecurity, the importance of data protection, and the need for vigilance.

PayProp South Africa’s chief executive officer, Louw Liebenberg, and general manager, Jan Davel, were joined by Laurent Peretti-Poix (chief technology officer at Humanstate), Bernard Chadenga (senior cybersecurity manager at PricewaterhouseCoopers), and Handre van der Merwe (our own CISSP and head of marketing here at BUI) for a series of talks in Durban, Johannesburg, Port Elizabeth, and Stellenbosch.

Cybercrime is a growing problem. South Africa’s economy loses more than R2-billion a year to criminal activities conducted in cyberspace. The country also has the third-highest number of cybercrime victims in the world. And if you think hackers are only targeting big businesses, think again: it’s often the smaller organisations that unwittingly provide gateways for cyber villains to exploit.

Real estate companies, rental agencies and property managers handle vast amounts of personal and financial information. From names and ID numbers to home addresses and bank accounts, data is being collected, processed, and stored every day. Private data. Sensitive data. Valuable data. What can you do to help safeguard the information in your care? Here are five people-centric pointers from this year’s PayProp Academy presenters…

#1 | Be vigilant and ask questions

“We cannot throw the dice and depend on luck (for protection),” warns Jan Davel, highlighting the meticulous, methodical treachery of Bernie Madoff as a prime example of deception. “Sometimes, we don’t even know what we don’t know,” he adds. That’s why it’s important to be aware of the risks, to query anything that looks suspicious, and to stay informed about the latest industry-specific scams. “We’re all busy. We all get tired and frustrated. But we’ve got to focus on the finer details.” So, check that payment authorisation form one more time. Call that client with the strange email address. Stop, think, evaluate, and then act responsibly.

#2 | Understand the threat landscape

Getting to grips with the current playing field is essential. “What we used to see in the movies and think was impossible, today is possible,” says Bernard Chadenga, explaining how cybercriminals search for access points in our personal and professional lives. “They hack our businesses. They hack our homes. They hack us.” So, be careful what you share, and with whom. Be careful how and where you connect your devices to the Internet. Realise that there are hackers who could create havoc with just your username and password. “You’re a piece of the puzzle, a link in the chain. And the bad guys will try to manipulate you.”

#3 | Diversify your defences

In an increasingly connected digital world, cybersecurity should not be delegated to your IT staff alone, cautions Handre van der Merwe. Every single employee has a role to play when it comes to data defence. “Hackers need to be right one time, but defenders need to be right 100% of the time.” Technical safeguards (like multi-factor authentication for user logins) create barriers to entry, but Van der Merwe believes company-wide watchfulness is important, too. “Have a few more things in your arsenal,” he says, because it pays to know what’s happening on your machines, who’s accessing them, and why.

#4 | Protect your devices

Our smartphones, tablets and laptops are never far from us. And it’s not an exaggeration to say we use them every day – in private, in public, and even on the go. These devices are so ubiquitous and so entrenched in our routines that we often take them for granted – and that needs to change immediately, says Laurent Peretti-Poix. When it comes to cybersecurity, there’s no room for complacency. So, turn on automatic updates, use reputable anti-virus and security software, and be sensible when connecting to external networks. “You send a postcard if you’re happy for everyone to read it, but you put a love letter inside an envelope,” he says in reference to HTTP and HTTPS.

#5 | Expect to be targeted

South African real estate businesses operate within the confines of the Finance Intelligence Centre Act (FICA) and the Protection of Personal Information Act (POPIA), among other laws. Certain international legislation, like the European Union’s General Data Protection Regulation, may also apply to local companies in certain circumstances. Hackers have no regard for such boundaries – and that means they can target anybody, anywhere, at any time. “It’s tempting to think that a hack is all about you, the victim,” says Louw Liebenberg. “But it’s not about you; it’s about what you hold in your hands.”

This year’s PayProp Academy events were held at the following locations:

  • The Oyster Box in Durban (13 May 2019)
  • The Venue in Johannesburg (14 May 2019)
  • The Radisson Blu in Port Elizabeth (15 May 2019)
  • Spier Wine Farm in Stellenbosch (16 May 2019)

View our Facebook photo album.

BUI is an official Microsoft Partner in South Africa, and an award-winning leader in identity and security solutions.

Five Cybersecurity Tips For The Real Estate Industry

Our commitment to ensuring business continuity – even in the face of disruption – has been recognised by the British Standards Institution.

We’re proud to announce that we have earned ISO 22301 certification after a rigorous independent evaluation by the British Standards Institution last month. The ISO 22301 badge is recognised internationally and sets the standard for Business Continuity Management Systems.

“This certification highlights the strength of our company’s business continuity strategy,” says Gayle Roseveare, our Chief Operating Officer (COO) here at BUI. “It proves to our staff, partners and customers that we’re prepared for any eventuality – and that we’re able to serve and support the people who rely on us, no matter what. Our ISO 22301 badge represents our commitment to effective risk management, organisational resilience, and reliability – even in the face of disruption,” notes Roseveare.

What is ISO 22301?

Developed by the International Organisation for Standardisation, ISO 22301 lays out a framework to help companies like ours create, implement, and maintain a comprehensive business continuity management system (BCMS). The main aim is to ensure that companies are protected against unforeseen business challenges and equipped to respond and recover when such events do occur.

“BUI is a global company with offices in East Africa, South Africa, the United Kingdom and the United States,” says Roseveare. “On any given day, our teams are provisioning cloud infrastructure, monitoring and securing digital environments, and delivering a wide range of IT services to customers. We operate around the world and around the clock – and we have to be able to do so continuously. Whether there are power outages in South Africa or internet connectivity issues in Europe, we need to ensure we can deliver uninterrupted services to our customers. Our ISO 22301 certificate validates our planning for disruptive incidents and disasters.”

Why is ISO 22301 certification important?

“In an unpredictable business climate, it pays to be prepared,” explains Dhiren Boodhia, our Group Governance and Compliance Manager. “And that goes double for service providers like us. To earn our ISO 22301 certificate, we had to demonstrate that we have a thorough BCMS in place; that the staff in our various offices understand the BCMS and the processes required to sustain it; and that we are focused on maintaining business continuity and sustainability regardless of market uncertainties and challenges. I think the ISO 22301 badge is an important differentiator – especially when customers are looking for a steadfast technology ally that is as dedicated to legal and regulatory compliance as it is to protecting the business resources of the organisations it works with,” he says.

For customers who choose to partner with BUI, there are five key benefits, adds Boodhia.

  1. Consistency. ISO 22301 emphasises the importance of consistency when it comes to best practices and business processes. “We’ve been assessed on our capabilities around risk assessment and impact analysis as well as our strategies for mitigating disruptions. Our teams excelled in every area – and that means our customers can expect the highest standards of service and care from everyone at BUI,” says Boodhia.
  2. Data protection. With the cyber threat landscape evolving so quickly, data privacy and data security are critical considerations for customers. “ISO 22301 includes extensive conditions for data protection and data recovery,” notes Boodhia. “Our ISO 22301 badge, together with the ISO 27001 certification we achieved for our commitment to information security management, should give our customers even greater confidence: we handle all data respectfully and safely.
  3. Faster recovery. “ISO 22301 requires us to have a holistic strategy in place to deal with disruptions and disasters. It also mandates a detailed recovery plan to ensure that downtime is minimised – for our company and for the business organisations we serve,” says Boodhia. “BUI customers can be assured that, in the event of an issue, our teams will follow a step-by-step framework to resolve the problem as quickly as possible.”
  4. Greater compliance. By achieving ISO 22301 certification, BUI has met the global benchmark for business continuity management, adds Boodhia. “Many of our customers operate in highly regulated industries, like financial services and healthcare, and they must adhere to their own standards in terms of the services they provide to their clients. BUI is committed to maintaining essential functions during adverse circumstances – and that’s a big plus for customers who have strict compliance obligations.”
  5. Peace of mind. ISO 22301 calls for certified organisations to update and improve their business continuity processes to ensure that their strategies remain current, relevant, and effective. “We’re obligated to adapt and enhance our BCMS plan as our company grows,” explains Boodhia. “It’s good news for our customers because it means we’re always prepared. Whatever happens, the BUI services and solutions that so many businesses utilise every day will be available.”

Our commitment to your success

ISO 22301 may be our newest certification, but it’s also a testament to our unwavering focus on our customers, notes our COO. “To be a dependable, reliable technology partner, you need to anticipate the challenges you’re going to face and then take the necessary steps to ensure that you can address those challenges as soon as they arise. We’re being proactive today so that we’re ready for tomorrow – and always on hand to help our customers be productive, secure, and resilient,” Roseveare concludes.

Do you have a disaster recovery plan in place?

Our experts can help you craft a comprehensive backup strategy aligned with your business structure, your IT resources, your budget, and your goals.

Contact our team to arrange a discussion today.

share this article