CRMLS's Security Protocol
After the recent ransomware cyberattack on Rapattoni, CRMLS had two concerns – first, how can we help Rapattoni users locked out of their MLS and keep California markets strong (read more about those efforts here); and second, how do we make sure we are protected against a similar situation?
At CRMLS, cybersecurity is of the utmost importance. We have a dedicated Information Technology (IT) department that diligently works to protect all data that goes through CRMLS systems. But, given the recent ransomware attack, you might be wondering exactly how we do this and what are CRMLS’s specific security measures. In addition, you may be wondering what you can do yourself to safeguard your data. In this first part of our cybersecurity-focused blog series, we will explore CRMLS’s security measures, and, in the second part, we’ll share some useful things you can do to help ensure your data is safe and secure.
Below is the official description courtesy of our cybersecurity team. If you’re not fluent in tech terms, don’t worry — we’ll break it down for you
At CRMLS, we prioritize the security of our digital assets and customer data. Our comprehensive cybersecurity strategy is guided by modern security principles, including zero trust, and is reinforced by our longstanding integration of security controls rooted in Center for Internet Security (CIS) standards. It includes robust encryption measures, regular security assessments, continuous monitoring, and comprehensive employee training, along with the added layer of multi-factor authentication (MFA) for stronger access control. Additionally, our dedicated team of Infrastructure and Security personnel play a pivotal role in implementing and administering these advanced security systems. We maintain an ongoing collaboration with security industry experts to stay ahead of emerging threats and evolving best practices. These combined efforts reflect our commitment to safeguarding against cybercrime and ensuring a resilient digital environment for our stakeholders and users.
Okay, that sounds sufficiently complicated, so let’s simplify it for you…
“Zero Trust” might sound more like how you’d approach one of those carnival ring-toss games, but it actually refers to security frameworks that require all users to be authenticated, authorized, and continuously validated. When anyone tries to access CRMLS’s most sensitive data, even someone who has permission, they need to go through several security protocols – no matter who they are.
When every user must go through levels of security every time they log in, it’s much harder for bad actors to sneak in.
Center for Internet Security (CIS)?
CIS is a non-profit organization that works to create globally-recognized best practices for securing IT systems and data. They have been an industry standard for over 20 years and continue to evaluate and evolve these criteria. “…our longstanding integration of security controls rooted in Center for Internet Security (CIS) standards” simply means that we at CRMLS use their robust expertise to guide our own cybersecurity practices.
You hear a lot about “encryption” which is meant to protect sensitive data – your bank number, your MLS transactions, your Social Security Number (SSN) – but what is encryption, actually?
Encryption is defined as the process of converting information into a code. For example, you can create a code which changes each letter to its ordered number in the alphabet – “Hello” becomes “8 5 12 12 15.” Only those who know the key to the code could decrypt “8 5 12 12 15,” keeping that transmission of “hello” secret. Digital encryption goes much further and generates far more complicated codes and keys that are exponentially more difficult for outside parties to try and understand. The more complex the code, the harder it would be to hack.
When your data is transmitted, good encryption keeps any onlookers from knowing the actual sensitive information contained within it.
Multi-Factor Authentication (MFA)?
Multi-Factor Authentication is another popular term. Put simply, MFA requires users to present two or more credentials to verify their identity. For example, if someone steals your debit card number, they may not be able to fully use it if they don’t also have your PIN. In places where card use requires a PIN and a valid ID, a thief can’t use the card at all, and it becomes useless to them. MFA may include authentication apps, passwords, and other layers of verification – all of which pose difficult obstacles for malware, phishing, and other cyberattacks.
MFA is always safer than single-factor authentication – the more pieces of information required to access sensitive information, the more difficult it is for bad actors to gain access to it.
CRMLS uses all of these strategies, consults with outside experts, and employs a dedicated Infrastructure and Security Team, and uses many other layers of evolving security measures to ensure that your information and transactions remain safe and confidential. Cyberattacks on our industry remind us to be constantly vigilant to stay ahead of potential threats, and we will continue to do our utmost at CRMLS to keep your data secure.
For more about what you can do to keep your data safe, check out part two of our cybersecurity blog series.