Rapattoni hack illustrates the need for this 13-step contingency plan

Publish Date: August 22, 2023

Written by Leslie Guiley

- Originally published at Inman News - Leslie Guiley

The recent (and currently ongoing) cyberattack on Rapattoni Corporation has impacted 12 MLSs. Affected agents could not schedule showings, enter new listings, update status changes or run searches for their buyers.

Real estate agents and brokerages are frequent targets for cybercriminals because we sell high-value products and, as independent business owners who work from home or on the road, we can lack the cybersecurity tools employed by larger companies.


4 cybersecurity basics

  • Minimize use of public Wi-Fi. Use your own hotspot or VPN whenever possible.
  • Use complex passwords and change them frequently.
  • Don’t click on suspicious links or open emails from unknown senders.
  • Don’t store client personal data like financial info, mortgage statements, bank statements or Social Security Numbers.

9 systems to have in place so your business stays up and running

In the event of an MLS cyberattack, have the following in place:

  • Keep a secure backup client list in case you need to rebuild your database. Most CRMs allow an export to Google Docs or an Excel .csv spreadsheet file that can be updated regularly.
  • Keep a contact list of other agents who work the area so if you need to market a listing or open house via email instead of MLS, you have an up-to-date list. Brokers, keep a list of fellow designated brokers who can send out your listing info to their agents as you will do for yours.
  • Keep active transactions in a secure cloud or folder, so you have access if the brokerage software is unavailable.
  • Make sure you have a backup source for transaction forms so you are always ready to take a new listing or write an offer. The MLS provides access to forms and your brokerage likely provides an alternate (ex. Brokermint transaction desk). Know how to access and use both.  If you save forms on your own server, don’t forget to update them annually to have the latest versions.
  • Build your social media presence. Connect with clients and agents as these platforms double as a marketing source if the MLS is ever unavailable. Check with your MLS and join their Facebook or social media group to communicate with other agents on seller listings and buyer wants and needs until the situation is resolved.
  • Door knock the neighborhood when doing open houses; don’t rely on MLS or portals to advertise your open houses. The neighbors are a great source for knowing people who want to move close by.  Do open houses with a partner whenever possible for physical safety.
  • Agents in non-impacted MLSs were inputting listings outside the area for free so that listings would populate to national real estate portals like Zillow.com, Realtor.com and HomeSnap and Showing Time.
  • Use encrypted email or cybersecurity platforms that protect businesses from cybersecurity attacks.  A brokerage can even add a cybersecurity rider to their business insurance which can minimize liability in the event of a successful attack.

The FBI typically encourages companies to not pay the ransom in cases where access and data are held hostage for a price. Companies need to be prepared to rebuild their databases and, as agents, we are all independent business owners. 

Leslie Guiley is a designated broker-owner of Real Estate Advisors, LLC in Arizona and a certified coach with Workman Success. You can find and follow Leslie on LinkedIn.

You may also like…