Friday, March 4, 2016

How secure is your online real estate management system?

You'd be surprised in how unsecure most online real estate management systems are...we've done some checks on the top online systems used in South Africa and also looked at logins to franchise billing and other systems. Unlike Entegral's OMS, most don't provide a secure login by default, which is quite alarming.

To check if your management system provides a secure, encrypted connection between your PC and your service provider's systems, go to your system's login page. The URL should start with 'HTTPS...' and should display a lock icon. If you click on this lock icon it should display something similar to the following screenshot where it states that the connection is private. This indicates a secure system where all data from the browser is encrypted:

If it doesn't display that, bad luck! Your system is not as secure as you think and clicking on the icon will reveal something like this:

This secure, encrypted connection is provided through an SSL certificate and is the same technology used by banks to make sure your password and other sensitive information is not stolen.

Stealing data over WIFI, especially a public wifi connection (e.g. you are connecting in a coffee shop) is easier than you think. Just read this post, quite scary on how easy it is:

The sensitivity of data entered varies from system to system, but at its most basic level, your username and password can be stolen and the culprit will then have full access to your system.

At Entegral we are passionate about providing a highly secure environment for managing your properties. To do this (with our OMS) we follow a multi-layer security approach:

1) For a start, ensure that all traffic between your PC and our systems are encrypted. This is done through an SSL certificate as explained above.
2) Ensure proper firewalls are in place to prevent various forms of attacks including the well known  denial-of-service (DDoS) attacks.
3) On the application layer provide protection on common SQL injection and other attacks. Also assist users in choosing secure passwords as indicated in the OMS screenshot below. Further provide users with multiple access levels (e.g. configure your agents to only edit their own stock):

Keep an audit trail of users events, we capture the IP address, date and time as a minimum:

4) On the database layer enforce industry best standards for data access and encryption from the application layer.
5) Have a tried and tested disaster recovery plan. This includes ensuring continuous backups of all data, making offsite backups of data, have standby servers/services, auto alerting engineers on failures 24/7 and doing regular and random data consistency checks.

Find out more about the benefits of implementing the OMS for your real estate business:

A few service providers do have an SSL certificate but fail to default users to the secure HTTPS login. It therefore makes the assumptions that users will retype the URL for a secure connection.

No comments:

Post a Comment