Cybercrime grows as a threat
for property managers

NYC firms employ software, third-party companies to protect vital tenant information

Feb.February 02, 2015 07:00 AM
1 Chase Manhattan Plaza, 75 Rockefeller Plaza

1 Chase Manhattan Plaza and 75 Rockefeller Plaza

Large multi-national corporations like Target, Home Depot and JPMorgan Chase were the recent victims of highly publicized data breaches aimed at lifting consumer information, but the threat is not limited to the retail and financial services industries.

The real estate industry is also at risk. 

Rental applications, credit reports and leasing agreements are just a few of the types of documents stored and shared by property managers, brokers, developers and appraisers that contain the sort of information cyber criminals crave. 

Access to this sensitive data, coupled with the industry’s increasing reliance on technology, such as landlords making portals available for rent payments, makes real estate players prime targets for hackers. 

In September, for example, Essex Property Trust, a Palo Alto, California-based real estate investment trust that owns and operates multifamily properties on the West Coast, reported that its computer networks, containing personal and proprietary information, were compromised by a cyber intrusion.

And the security breach at Essex is just the tip of the iceberg, industry observers said. “It’s no longer a matter of if a company gets hacked, it’s only a matter of when,” said Mark Stamford, founder and CEO of OccamSec, a Manhattan-based company that specializes in computer and Internet security. 

Cyber criminals can compromise an organization’s information in multiple ways, including loading spyware, crashing servers to cause data loss, hacking email accounts and hijacking business websites.

Companies are employing a number of strategies to try to ward off attacks.

“There’s no single solution,” said Ian Marlow, CEO of FITECH, a Manhattan real estate technology and consulting firm that counts Rudin Management Company, the LeFrak Organization, and the Silverman Group among its clients. “Each company will need to find its own configuration.”


Neil Rubler’s Candlebrook Properties hired technology consultants to create an encrypted cloud that could store the firm’s email and corporate data. Rubler says the hundreds of thousands of dollars it costs each year is money well spent. 

“The lessons of 9/11 and the recent wave of hacking indicate that we need to be proactive in securing the confidential information we maintain,” said Rubler, whose firm, formerly known as Vantage Properties, manages seven residential properties in New York and New Jersey.

Some firms are trying to minimize the likelihood of data breaches by installing two types of protective software: a firewall that prevents outsiders from gaining access to private networks, and antivirus software to protect personal computers from malicious infections.

Daryle LaMonica, IT director for the Manhattan-based residential and commercial property firm TF Cornerstone, said viruses are his firm’s biggest concern, and in fact several have infected their computer systems in the past. “We caught them before any real damage was done, but now we are continually upgrading our software and all employees are warned against opening questionable emails,” said LaMonica. To reduce potential exposure, TF Cornerstone also contracts a third-party company with its own security system to collect online rent payments from tenants.

The effort to ward off cyber intruders has other firms going on the offensive, actually employing companies to hack into their systems and identify weaknesses before criminals can exploit them.

“Knowing your ‘black swans’ keeps you one step ahead of the attackers,” said Stamford, whose company has tested the systems of a number of property management companies using the same techniques he claims “the bad guys” would use.

Of course, nothing is foolproof and should a breach occur, the focus must shift to limiting liability and repairing damage. “Real estate companies can mitigate financial loss with cyber liability insurance coverage,” said Tim Plunkett, counsel with McKenna, Long & Aldridge, an international law firm with a number of real estate clients.

The fallout of a single data breach costs businesses an average of $5.4 million, according to a 2013 report by the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy. Included in this figure are the cost outlays for detection, notification and after-the-fact responses. New York State law requires all businesses to contact customers in the event of a breach. Insurance policies can defray these costs, along with legal fees should the company be sued.

Related Articles

(Image by Wolfgang & Hite via Dezeen)

Hudson Yards megadevelopment inspires a new line of sex toys

Cammeby's International Group founder Rubin Schron and, from top: 194-05 67th Avenue, 189-15 73rd Avenue and 64-05 186th Lane (Credit: Google Maps)

Ruby Schron lands $500M refi for sprawling Queens apartment portfolio

Wendy Silverstein (Credit: Getty Images)

Wendy Silverstein, co-head of WeWork’s real-estate fund, is out

Cristiano Moura (Credit: Christie’s Real Estate and iStock)

Viral Instagram post leads to arrest, assault charge for former Christie’s agent

Amazon CEO Jeff Bezos and Hudson Yards (Credit: Getty Images and Wikipedia)

Amazon takes big new office space near Hudson Yards

A&E Real Estate Holdings principal Douglas Eisenberg and the properties (Credit: The Rego Park 18 Portfolio)

Deutsche Bank provided A&E $97M in financing for big Rego Park buy

Billy Macklowe and Key Food at 120 Fifth Avenue in Brooklyn (Credit: Getty Images and Google Maps)

Billy Macklowe looking to break into Brooklyn

From left: Daniel Shirazi, and Robert Khodadadian, with 530 West 25th Street

Feil Organization buys Chelsea office building for $72M