Data protection should never be an afterthought in choosing a prop-tech solution – Here’s why

18 Jul 2022
Indonesia , Malaysia , Singapore , Thailand

Is the real estate industry safe from cyber-attacks?

As the number of cyber criminals grows in tandem with technological advancements, so do their attempts to infiltrate security networks or gain access to data banks that can provide them with both money and information.

As with any industry undergoing digital transformation, real estate is increasingly reliant on digital data, making it a perfect target for hackers looking to obtain personal information to sell or use maliciously.

With a myriad of sensitive personal information found in real estate transactions from financial data, government issued identification numbers, driver’s license numbers, passport numbers, insurance information, and passwords, the real estate industry is an attractive target for many cyberattacks. To top it off, cloud-based solutions have become increasingly popular for its convenience and accessibility, on the downside, it also makes this data a few clicks away for bad actors if not protected adequately.

The value of real estate companies’ intellectual property could soon surpass that of its physical assets. Real estate organisations engage with a wide range of vendors, and each transaction involves multiple parties, creating abundant opportunities of which internal or external bad actors can take advantage. A survey done by KPMG found that 30% of real estate organisations experience cyber security attacks. Data breaches are a real threat, with potentially disastrous financial, reputational, and legal ramifications.

How breaches occur

Cyber criminals may pose as someone trustworthy in order to gain access to sensitive data – more commonly known as phishing”. This information is subsequently passed on to hackers, who use them for harmful purposes like gaining unauthorised access to databases and stealing personally identifiable information (PII). The goal of these attacks is not just financial gain, but also disruption, leading businesses to waste time and money trying to restore any harm produced by phishing attempts.

Bad actors may also plant malware in an organisation’s network, and these can cause service disruptions and data loss in real estate organisations’ systems, resulting in a loss of revenue for the entities involved. Malware can also be used to monitor real estate agents’ and customers’ online activities, such as what they look at and who they contact.

This can provide cyber criminals with information about a company’s operations, such as which clients are interested in purchasing real estate. They can use this information to launch other phishing attacks against these clients.

Real estate organisations across the globe are falling prey to these cyber-attacks due to the storage of large amounts of employee data, large sums of money in bank accounts, and confidential information that can be exploited, and is commonly targeted by ransomware attacks.

The consequences of client information breach are severe across Southeast Asia

Singapore’s Personal Data Protection Act (PDPA) obliges you to securely collect, store, use or share data in order to protect the public (your clients) from personal data compromises. If there is any sign of a data breach your clients can file a complaint with the Personal Data Protection Commission (PDPC). In the event of a data security breach, organisations are obligated to notify the PDPC if the breach was perpetrated by individuals outside of the organisation, caused significant harm to an affected individual, or occurred on a large scale.

Organisations who fail to meet their obligations under the PDPA may face consequences as dire as a financial penalty of up to S$1 million imposed on the business. PDPC has already imposed financial fines on a number of high-profile firms, for breaking the PDPA and financial penalties have ranged from high four-figure sums to low five-figure sums.

Looking elsewhere in the region, Thailand’s new data protection act is expected to be enacted on June 1, 2022. Under this act, data breach notifications must be sent to the National Cybersecurity Agency as soon as possible, failing which parties will be fined 200,000 baht ($5,939). A breach of any of the data protection principles is also an infraction under Malaysia’s PDPA as well, according to section 5 of the Act, and is punishable by a fine of up to RM 300,000 ($71,225) and/or up to 2 years in prison.

Meanwhile, even though Indonesia still has no specific data protection law, it is in the works of being implemented in the near future.

Organisations are legally required to demonstrate that they have taken all necessary precautions to secure personal data under data protection regulations. Individuals might initiate legal action to demand compensation if their data is compromised, whether intentionally or unintentionally. This would lead to a loss of credibility or irreversible reputation damage for the organisation.

Even with the best customer service, sales & marketing team in the world won’t matter for a brand with a damaged reputation.

Incidents like these severely undermine the trust property seekers have in the organisation. Ultimately, without this bedrock of confidence, real estate developers will find it extremely challenging to market their projects in a crowded industry.

Data breaches are still making news all around the world. Despite the increased focus on data security, fraudsters continue to develop new ways to get around defences and obtain access to sensitive corporate data. As the consequences are great, it is important that data protection is at the helm of your business strategy.

Why is a secure, cloud-based end to end digital solution important?


In a data driven society, storing anything locally on a smartphone, tablet, or computer hard drive, can easily lead to your personal data being lost or worse, being breached. This is why a cloud-based solution can be extremely efficient. To begin with, it implies that your data is constantly accessible, regardless of your location. Second, it ensures that your files are safe regardless of what happens to your device.

However, it’s crucial to remember that just because you have a password for your cloud storage doesn’t mean it’s safe. Your data could be read by a third party or hacker unless sound security measures are in place.

No two businesses have the same exact cybersecurity risks and threats. Assessing those risks first allows a business to address its most critical vulnerabilities — and keep existing systems as efficient as possible — rather than attempting to prioritise all cybersecurity efforts at once.

This is why at PropertyGuru FastKey, security is driven by design.  FastKey is committed to achieving and maintaining the trust of our customers and Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our suite of services. As an automated ecosystem with over hundreds of top developers using it across Southeast Asia, we follow the best industry best practices on data security and comply with information security guidelines from PDPA in Singapore along with other local regulations in the markets that we operate in and are GDPR ready.

Our server is hosted on a world-class platform with limited port, and access is available only to certain users. Beyond hardware measures, there is also a robust Threat Management and Incident response plan in place to respond quickly and pre-emptively to security incidents should they happen.

We’ve thought about the future and it’s here

As the digital era has reached the Real Estate sector, the future of PropTech is becoming a growing issue. Investors are increasingly looking for tech-enabled third parties to bring more dynamism into the traditionally conservative Real Estate business models. Many real estate stakeholders expected widespread technology adoption to have a big influence on residential and commercial real estate. However,  the most frequently claimed impediments to technology adoption in Real Estate have been a lack of knowledge and training, associated expenses, and uncertainty or lack of clarity on investment returns and advantages.

That is one of the many gaps which FastKey can bridge for our property developers across Southeast Asia.

A robust and secure prop-tech solution will provide peace of mind to your organisation, protect business-critical information and most importantly safeguard your reputation, so that you can focus on showcasing the best of what your project has to offer to property seekers.

Find out more about FastKey and what we have to offer, and do not hesitate to reach out to your Account Manager to discuss your requirements today.