10 Strategies for CRE Risk Management

Commercial real estate is beginning to embrace big data, and the industry is reaping all the benefits that come with it. Yet with more data — and more value at stake — comes more risk.

Data security in commercial real estate (CRE) is essential to deliver the enterprise risk management that modern institutional investors require. Use these 10 strategies to mitigate risk and secure you data and digital assets:

1. Establish appropriate access rights

To benefit from collaboration without sacrificing security, make your access rights clear. Ensure that privileges are never granted beyond the purview of an employee’s specific responsibilities.

2. Enforce authentication protocols

When it comes to authentication protocols, follow best practices at all times. In particular, implement two-factor authentication, strong passwords, and single sign-on (SSO). These protocols act as the crucial first line of defense against malicious actors, and they help ensure that corporate access is always up to date.

3. Maintain an audit log

When it comes to your network, you have to know who did what, and when. An audit log will enable better identification of system changes and it will improve remediation protocols. Never underestimate the role of an accurate and up-to-date audit log in CRE risk management.

4. Keep diligent records

Data storage is cheap and historical information is often incredibly valuable. Moreover, a data retention policy will help protect you from hefty fines, disciplinary actions, and lost value. Data retention is crucial to remain compliant with FINRA and other regulatory agencies.

5. Have a disaster recovery plan

Take a proactive stance to data security by having a data recovery plan and an incident response protocol, well before they’re needed. In the event of a network breach or critical data loss, a recovery plan will be invaluable.

6. Leverage redundancy in data centers

By distributing data centers across multiple regions, you can remain resilient in the face of system failures, natural disasters, or other worst-case scenarios. Outsource to professional data centers to protect data without worrying about the logistics, like system maintenance and compliance with location-specific requirements.

7. Secure physical locations

Take advantage of secure data centers instead of on-premise server rooms. Ensure physical access to these data centers are strictly controlled with a professional security staff, video surveillance, and intrusion detection systems.

8. Encrypt data at rest

A secure data storage provider should be SOC compliant and meet industry standards with 256-bit encryption. Strong encryption is a cornerstone of CRE risk management.

9. Encrypt data in transit

Encrypt data in motion via SHA2 TLS certificates, and encrypt connections via HTTPS, SSL, or FTPS. Ensure network security controls like firewalls and endpoint solutions are in place as well.

10. Conduct regular reviews of data services and security policies

Data security is never static. Review, update, and modify your data services and security policies as your company grows and your data evolves.

One of the best ways to incorporate these strategies into an overarching CRE risk management solution is by adopting a cloud-based Deal Management platform. With strong built-in security, centralized data, and bank-grade encryption protocols, Deal Management secures data while fostering collaboration. To learn more about the benefits of Deal Management solutions, download the white paper, ‘Why It’s Time for a Deal
Management Solution’