Cybersecurity at Turner Real Estate

Turner Real Estate knows that cyber security is a major concern for our clients, and this has been a priority for our business for some time.  We have been happy to answer client’s questions over the past week with increased media focus on this issue and we are open in wanting to share the measures we have in place for cyber protection.

All our systems are protected by Multi-factor Authentication (known commonly as MFA) which means that our team are constantly verifying their identify on a biometric device before being able to access our systems.  This can occur several times daily as we have the security set to the highest level.

We store no information or data on site or on a server – all of our systems are all backed up and only to programs that force 2 factor authentication by users.  The devices approved for access to our network are protected by Crowdstrike software and our devices are monitored 24/7 by a South Australian IT solutions company.  Any patches which are recommended for updates are installed by the provider, to our network, within 2 hours (at any time of the day or night). Turner also leverage applications whitelisting that only allows approved software to run.

Our external IT provider audits our systems against the Essential 8 (a set of Govt recommended standards) and just this week, we voluntarily reported to the state govt on our cyber security.  Our provider externally rated us 3/3 on all 6 key areas that the Government are measuring.

As we have been developing our website, we have had to ensure that its cybersecurity needs are also met. We are happy to say that our website provider, Stepps, are a Cloudflare partner, making every connection secure, private, fast, and reliable. This means that whenever you visit our website, you know that you’re safe.

There are no guarantees with cyber issues, but we have taken this seriously for some years and have invested extremely heavily in resources and funding.  This extends to the monitored service agreement (which is 24/7), voluntarily auditing our systems against Government recommended standards and enforcing regular cyber training for all staff (conducted by a specialist in this area).

Our brilliant cybersecurity experts at Subnet, have helped provide some quick pieces of information around what makes a strong password, how hackers can get your information, what you can do to protect yourself, and what to do if you have been hacked, to help you stay protected against cybersecurity attacks.

 

What makes a strong password?

Not overcomplicating the process, think of a passphrase not a secure password. The length of the password is now more important than trying to make a complex password you can’t remember. Let’s break this down, put 4 or more words together. Pick a colour, pick a weather pattern, pick an animal, and use numbers, punctuation and special characters to make it more secure. Then mix it up. Here are some examples:

• 55 Dark Grey Raining Wolf Pack!
• 101 Blue Sky Frogs 8 Flies$
• 17 Cunning Foxes, 87 Yellow Ducklings#

NEVER use same password across multiple accounts, this is the easiest way to be compromised. Once they have one, they will try this password and email across all services.
Secure all accounts with multifactor authentication, this simple feature stops 90% of unauthorised access.

How do hackers get my information?

• Normally this is via some sort of data breach and is not necessarily your fault, (Think Optus/Medibank) but exposes some personal information.
• Or you might click on a link and then you could sign into a fake site that captures your email and password. This is then used to compromise other sites.

What can I do to protect myself?

• Make sure you have at a minimum antivirus installed, but it is recommended to have full endpoint detection and response, known as EDR.
• Don’t visit unknown sites
• Buy a better firewall for home, most residential routers are hackable and are prone to vulnerabilities.
• Don’t click links in emails, even the most normal email could be crafted to catch you.
• Install the Microsoft Edge browser and remove all others, this is being updated more frequently now with Windows Update. In settings, change the browser to STRICT for more protection.
• Actively check your programs and features in the Control Panel and remove anything that shouldn’t be there.
• Keep your computer up to date and restart regularly.

What do can I do if I get hacked?

• Make enquiries into who got compromised and what was information was exposed, they legally have to tell you now.
• Change your license number (Easily done on the MySAGov Website)
• Change any credit cards you had on file with the compromised company
• Cycle/Change all your passwords/passphrases especially if you shared passwords with multiple sites.

We are always happy to answer client questions regarding cybersecurity, so if you have concerns, please always feel free to reach out to your trusted Property Manager, or Sales Partner.