Cyber Protection for Agent Owned Software / Hardware

Cyber Liability policies designed to provide 1st party coverage as well as 3rd party protection have numerous definitions which can make it complicated to figure out what is addressed by the policy and what is not. One specific area of concern for our real estate agency clients is whether their agent’s hardware e.g. phones and laptops and their software e.g. CRMs and email accounts, etc. are included in the definition of a “Computer System” and hence addressed under the policy once a breach occurs.  

PBI Group’s newly created Arch Cyber Liability policy includes a broader definition of “Computer System”. This definition now explicitly defines employee or independent contractor software used for the benefit of the Insured Entity to be included in the “Computer System” definition. This affirmative coverage position is an innovative feature for our policy because real estate agents often use their own phones/ laptops as well as a free email address from Gmail or Yahoo, etc to conduct their business. All that said, PBI Group recommends using a private domain email provider (e.g. janedoe@companyxyz.com ) instead of free email services because it is harder for bad actors to create a similar looking email address and start emailing as one of your agents.

Definition from the Arch Cyber policy:

“Computer System” means any computer hardware, electronic mobile device, software or firmware, and components thereof including data stored thereon, that is owned or leased by an Insured Entity, and is under the direct operational control of an Insured Entity or any mobile device or software owned and under the direct operational control of an employee or natural person independent contractor of an Insured Entity if such mobile device or software is used for the benefit of an Insured Entity. “Computer System” also includes cloud computing and other hosted resources operated by a third party for the purpose of providing hosted computer resources to a Named Insured as provided in a written contract between the Named Insured and such third party.”

Interested in PBI Group generating a Cyber Liability or E&O insurance quote for your real estate agency? Click here.

* Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy.

A good example of a Cyber Fraud Warning for your Clients

Many of our real estate agency clients are concerned about wire fraud which can negatively impact their business and clients.  All real estate agencies are at risk but it is a common misconception that some are not.. “We are not at risk because we never wire any money”. Just because you are not the entity in the transaction who is responsible for the wiring of funds doesn’t mean you are not a risk.

The bad guys are praying on the fact that your clients have not been explicitly told that you are NOT involved. There are 2 ways to help reduce your risk..#1 is educate your agents and your clients so they know what do look for and what to do when it comes time to transfer funds for closing. #2 is investing in a cyber liability policy which often costs less than $20 per agent per year. For this post, we are focusing on #1 .. educate your agents and clients.

One of our clients, who have already purchased a cyber liability policy, also created what we consider to be a good example of a warning document that is shared by their agents and signed by all their clients. They breakdown it down to 5 basic steps:

  1. Call, don’t email: Confirm all wiring instructions by phone before transferring funds. Use the phone number from the title company’s website or a business card.
  2. Be suspicious: It’s not common for title companies to change wiring instructions and payment info
  3. Confirm it all: Ask your bank to confirm not just the account number but also the name on the account before sending a wire.
  4. Verify immediately: You should call the title company to validate that the funds were received. The sooner it is detected that money has been sent to a wrong account, the better chance you have of recovering the money.
  5. Forward, don’t reply: When responding to an email, hit forward instead of reply and then start typing in the person’s email address. Criminals use email addresses that are very similar to the real one. By typing in email addresses you will make it easier to discover if a fraudster is after you.

Here is a link to the complete document.

Interested in PBI Group generating a Cyber Liability or E&O insurance quote for your real estate agency? Click here.