|
Holiday: Closed for Labor Day – September 4th
The Columbus REALTORS association headquarters will be closed on Monday, September 4th in observance of Labor Day. The association will open for normal business hours on Tuesday at 8:30am.
Schedule:
Monday, September 4, 2023 – Closed
Tuesday, September 5, 2023 – Open at 8:30am
|
|
MLS Cyber Security
Below is a message from FBS, Makers of Flexmls regarding cybersecurity measures they have in place to protect Columbus and Central Ohio Regional MLS’ data.
With the recent, unfortunate ransomware attacks on real estate software, you’re likely wondering what FBS does to protect and prevent malware/ransomware attacks on our software and systems. While cyber attacks and attackers are constantly evolving and becoming more sophisticated, we want to assure you that system security and proactive attack-prevention are utmost priorities. This email is intended to review with you both the general security practices FBS follows and to provide details regarding the software and services we use to provide protection of our server and cloud network against attacks.
General Security Practices:
Most malware/ransomware attacks are the result of unpatched or outdated software or from employees clicking on untrusted links or attachments. In general, to mitigate these elements:
- FBS performs scheduled updates on server operating systems to keep them up to date. Installed package versions are monitored and cross referenced with databases of known vulnerabilities. Critical security updates are performed quickly (usually within 24 hours) for systems that might be impacted by a critical bug.
- All FBS employees are trained and tested on various approaches used in inbound email attacks using a service called KnowBe4.
- Inbound emails are scanned for malware to prevent them appearing in inboxes.
- All employees run Endpoint Detection and Response software by SentinelOne. This software combines static and behavioral detections to neutralize known and unknown threats.
- There is a firewall at the edge of the network filtering in and out traffic. This ensures that the outside world can only send traffic to servers specifically intended to handle that traffic.
- Traffic that is allowed through the firewall is analyzed by an intrusion prevention filter that looks for common attack methods and filters them out.
- FBS has a service that monitors traffic patterns and will mitigate traffic that corresponds to a denial of service event related to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
FBS Uses CrowdStrike to Protect, Prevent, and Remediate Attacks:
Regular antivirus software doesn’t offer protection against “unknown threats,” it usually has a database of virus signatures and it scans the hard drive for known viruses, quarantining them when detected or executed. That will only protect against what is known or has been seen before. For more proactive protection, all FBS servers run CrowdStrike’s Endpoint Detection and Response software and service. Similar to the SentinelOne product used on workstations, CrowdStrike protects our server network using a combination of known signatures and behavioral data (e.g., snooping the network, phoning home, encrypting files, etc.) to identify threats on the server endpoints. This software detects, understands, and ejects malicious intrusions in under 60 minutes (less than the average ransomware breakout time of 84 minutes). If a threat or suspicious activity is detected, CrowdStrike has 24/7/365 security experts to immediately investigate and remediate the threat.
In the Event of A Successful Attack, What Would Happen?
With the ever-changing nature of cybercrime, there is no 100% protection or guarantee available and it isn’t possible to predict solution times without context of the specific threat. What we can say is that FBS’s contracts all promise 99.9% uptime, which only allows less than 45 minutes of downtime per month. To meet this obligation, FBS has all customer data backed-up locally and to the Cloud. Depending on the severity of the threat, customer traffic may be routed to the cloud or restored from backup to provide continued service to our customers. If the solution is to failover to the backup site, capacity can be increased in the cloud in minutes to accommodate the increased workload of handling production traffic. If the type of threat requires restoring from backup, that likely would take hours but not days.
In sum, the key to avoiding long downtimes from a security incident is preventing an attack in the first place and FBS follows security best practices and uses best-of-breed security software and services to do that. FBS knows how critical our software and service is to you and your members and we take that responsibility very seriously. Though no system can be made 100% secure, FBS is confident in the solutions and services we’ve deployed to protect your MLS system. We hope this email answers your questions but please let us know if any remain.
The FBS Team
|
|
Holiday: Closed for Independence Day – July 3rd/4th
The Columbus REALTORS association headquarters will be closed on Monday and Tuesday, July 3rd and 4th in observance of Independence Day. The association will open for normal business hours on Wednesday at 8:30am.
Schedule:
Monday, July 3, 2023 – Closed
Tuesday, July 4, 2023 – Closed
Wednesday, July 5, 2023 – Open at 8:30am
|
