Contact Us
Sponsored Content

Commercial Real Estate Is Underprepared For A Cybersecurity Breach


Trespassers and would-be thieves have always posed a threat to commercial real estate, but those threats have been on-site and on the ground. Now, a less visible but much more direct threat is emerging: wire fraud cyberattacks, which can cost a company tens of thousands to millions of dollars, all because of a single phishing email.

As more owners, developers and brokers migrate and expand their services, data and communication online, they are increasingly vulnerable to these types of attacks. Without a sustainable cybersecurity program and access to the right expertise, commercial real estate companies will find themselves suddenly unprepared in the face of a breach.

“As threats evolve, commercial real estate cybersecurity strategies need to evolve in response. They need to understand the threats and where to find the right expertise — both to prevent and to weather an attack,” Baker Tilly principal David Ross said. “Right now, commercial real estate companies may not realize the extent of their risk. To avoid falling victim to an attack, they must evaluate alternative models for building a sustainable cybersecurity management program.”

To create an effective cybersecurity program, companies must first analyze and define what risks they most likely face, Ross said. He suggested that working with a third-party team is the most practical way to verify what vulnerabilities are present and deploy a sustainable program.

“If you don’t start with the risk analysis, it’s impossible to see where you are now and what you need to do to attain your overall security goal,” Ross said.

The biggest risks facing commercial real estate companies center not on digital loopholes, but on human vulnerabilities. Malicious actors pretending to be legitimate entities can acquire confidential information and gain access to some of the most important transactions real estate businesses make: wire transfers.

“Phishers will buy a domain name and pose as a legitimate entity by changing a single letter in an email address,” Ross said. “They compose an email that appears to be from the company’s CEO in order to trick employees into compromising systems or data. This opens the door to financial information or confidential documents.” 


In order to build an effective security plan, Ross said a company not only needs new data infrastructure, but also access to cybersecurity professionals who understand the commercial real estate industry.

“Many organizations are realizing that protecting their information, assets and business in this changing landscape requires risk-based, executive-level consideration, responsibilities that go beyond their existing IT departments,” Ross said. “A Virtual Chief Information Security Officer can immediately bring the expertise needed to build a cybersecurity program and then sustain it, evolving along with new threats.” 

Ross said that a vCISO service designed by Baker Tilly can help organizations execute on a comprehensive cybersecurity program, even if the company does not have the resources to support an in-house, dedicated security team or chief information security officer.

“Investing in cybersecurity is different for every organization, but to successfully implement a program, companies need to consider their options holistically,” Ross said. “Understanding how these options will affect the company’s IT and business operations can help the organization make the right decision. It is also important to understand how the investment will fare for the business in the long term. We encourage clients to look at different models and find which one works best.” 

 This feature was produced in collaboration between Bisnow Branded Content and Baker Tilly. Bisnow news staff was not involved in the production of this content.