Back in 2005, Clareity reviewed security at the top 25 MLSs by membership size, looking at key DNS settings, secure logins (at least using TLS or other secure encryption) and protection against data scraping. Clareity did NOT port-scan any networks, attempt network penetration, or look for software vulnerabilities – things we do only with permission and coordination when performing a security audit.
Here’s a comparison, 2005 to 2011
While there have been significant gains, especially in the areas of DNS configuration and password risks, there’s still room for improvement. How can MLSs enforce VOW rules regarding ‘anti-scraping’ when their own website issues haven’t been addressed? I fear that when there are issues like these that can be seen with a casual glance, there is more beneath the surface to find.
Many MLSs take information security very seriously these days – but as an industry we still have work to do, to consistently do the right thing. Don’t get complacent – keep fighting the good fight!
Share this post: