Encryption for Real Estate Professionals

If you think that encryption is something for computer geeks on television, you’ve got it all wrong. Real estate professionals handle a lot of personal and confidential information – their own, their family’s and clients’ – and encryption is an important tool for keeping that information safe.

Encryption is a process for transforming information that anyone can read into something that is unreadable by anyone who doesn’t have the right ‘key’.  There are lots of tools to make encryption easy for a non-technical person to use, and that’s important because using encryption is becoming an expectation or possibly a requirement. A new Massachusetts law even mandates that if you deal with a resident’s personal information – for example, a real estate file with a client’s name, social security number, driver’s license and/or financial account number (think cancelled check), then that information has to be encrypted in laptops, desktops, mobile devices, databases, servers, and when transmitted over wired or wireless networks. We’re going to see more and more laws like this, so it’s time to get ahead of the curve and learn what you should be doing to protect this confidential information using encryption.

First we’ll explore encrypting files “at rest” on your computer.

If you use a Mac, you can use the built-in FileVault feature to encrypt everything in your home directory. To set up FileVault on your computer: Choose Apple menu,  System Preferences, click Security, and then click FileVault, open the FileVault pane of Security preferences, if the Security preferences pane is locked, click the lock icon, and then type an administrator name and password, if the Security preferences pane shows that a master password hasn’t been set, click Set Master Password, and then type a password in the Master Password box, type the password again in the Verify box, type a hint in the Hint box to help you remember the password, click OK, click “Turn on FileVault.” If you want to be sure your deleted files can never be recovered, click “Use secure erase.” Click “Turn on FileVault.” You will be logged out of your account while files are encrypted. When you log back in, you will see that your home folder icon has been changed to show that FileVault is in use.

If you use a PC with an up to date operating system, there are two options to consider. The first is called Encrypting File System (EFS). Just browse to the folder or file you want to encrypt, right-click it, and then click Properties, on the General tab, click Advanced, under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK, then OK again. If you are encrypting a folder, choose Apply changes to this folder, subfolders and files, and then click OK. Now, even if someone has stolen your computer, they can’t un-encrypt the files to read them unless they are logged in as you! The second option is called BitLocker Drive Encryption (not available on some ‘Home’ versions of Windows), which encrypts all files stored on your computer When you add new files to a drive that is encrypted with BitLocker, BitLocker encrypts them automatically. Both of these encryption options require that you create a method to decrypt recover files if something goes wrong, and there are articles on the Microsoft web site about how to create a BitLocker recovery password and back up your encryption certificate.

For either of these options – PC or Mac – files remain encrypted only while they are stored in the encrypted drive. Files copied to other devices or computers are automatically decrypted.

So, how to encrypt a file in transit, that you want to carry on a flash drive or send in an email? For that you would need to create an encrypted file that doesn’t depend on your operating system, which means using third party software such as VeraCrypt (https://veracrypt.codeplex.com/) or Kryptel (http://www.kryptel.com). For files that you can send via email and someone can unlock without installing software, but with a password you give them (via phone or text message), Kryptel is the better bet. If you use Windows 7 or higher and want to encrypt a flash drive, you can also use “BitLocker to Go”. There are lots of other tools you can use – the ones I mentioned are just a starting point for your exploration.

On mobile platforms like the iPhone and Android, there are lots of encryption apps for encrypting voice, contacts, and different kinds of files – reviewing them all will have to be in a sequel article. Blackberry users have file encryption a bit easier – from the home screen, just click on the Options icon, and then Security, then Encryption and you’ll see all the options available.

There are two aspects of encrypting email messages – 1) encrypting the email login information and message in transit and 2) encrypting the text of the message itself so someone on the other end needs a password to decrypt it.  The first aspect of email encryption really depends on the software you are using for email and the server on the other end. If you only use online email such as Hotmail or Google, you know they are protecting the information in transit because you can see “https://” at the beginning of the address in your web browser’s address bar. Otherwise, assuming your email provider supports encryption:

  • Outlook users can check the setting “Encrypt data between Microsoft Office Outlook and Microsoft Exchange” or “This server requires an encrypted connection (SSL)”.
  • Mac Mail users will have a “Use Secure Sockets Layer (SSL)” checkbox.
  • Thunderbird users have a “Use secure connection (SSL)” checkbox.
  • Entourage users will have a “This POP service requires a secure connection (SSL)” or “This IMAP service requires a secure connection (SSL)” checkbox.
  • Eudora users can change the setting “Secure Sockets when Receiving” to “Required, Alternate Port”.

But you’re going to have to work with your email provider to figure out the email encryption options you have with them and the appropriate secure settings for your email server and client. Don’t just accept that there is no encryption option for email from your provider – if they don’t offer it, I would suggest looking for another provider.

The second aspect of email encryption – encrypting the text of the message itself – is much trickier and various methods depend on what email software and operating system you and your recipients are using, but most real estate professionals can keep sensitive information out of the body of email messages. If you absolutely need to send the body of your emails encrypted, search Google for “S/MIME” and the email clients (i.e. Outlook 2010, Gmail, Apple Mail, etc.) of both sender and recipients to find instructions for using that type of encryption. It’s not easy for a less technical person to get started, but it can be done.

Another layer of encryption is needed when you use a wireless network. If you set up your home for wireless use, hopefully you enabled the WPA2 encryption, so that people require a ‘key’ to get on the network. If all I have at my disposal is an unencrypted wireless, like at a coffee shop, hotel or on an airplane, I make sure not to visit websites where sensitive information isn’t encrypted (using https://) or otherwise transmit non-encrypted information.

Okay, I admit it, using encryption everywhere is a bit of a pain but you’ve got to start somewhere. Encrypting your sensitive files “at rest” on your computer or mobile device is a simple way to start protecting your information in the event your device is lost, stolen, or compromised. Then, the more places you learn to use encryption, the less vulnerable your personal and confidential data will be to unauthorized access.

Matt CohenAbout the author: Matt Cohen is Clareity Consulting’s Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops, and leadership retreats around the country on security-related topics, and is a well-regarded real estate industry expert on real estate technology and information security. Clareity Consulting (www.callclareity.com) was founded in 1996 to provide management and information technology consulting to the real estate industry.