Cyber security tips for BondsOnline: Real estate industry bulletin issue 184

Last updated: 14 August 2024

30 October 2018

Cyber security threats are a persistent issue for businesses of all kinds. Real estate agencies have proven to be an attractive target for hackers, as they often handle large amounts of money and personal information. While Consumer Protection continually monitors and updates its system security, agency staff have a responsibility to keep their access to BondsOnline secure.

Do your part to protect tenant data and bond money by following these guidelines.

Individual user accounts

Real estate agents should review who has access to the BondsOnline system on a regular basis.

To prevent unauthorised access, delete any accounts belonging to former employees or staff that no longer need access. Note that users of BondsOnline with the administrator level of access will have the ‘Maintain eTransaction Users’ tab available to them from which to create and delete individual user accounts.

All BondsOnline users should have their own individual login and should never share passwords with other staff members in their agency.

Tips for good password management

Passwords should be complex, regularly changed and never shared.

A complex password should be at least eight characters long and include at least three of the following:

  • Uppercase;
  • Lowercase;
  • Digits (0-9); and
  • Non-alphanumeric characters (e.g.: punctuation).

Even complex passwords might be easily guessed or cracked if they include personal information, common word combinations like P@ssword1 or August2018, or if you’ve used that password before. To protect your business, you should have separate passwords for each application.

Passwords should be changed on a regular basis, and you should change your password right away if you think someone else might know it.

In order to encourage good password management, we will soon require all users to update their password when they log in.

All BondsOnline users are encouraged to be vigilant and immediately report suspicious account activity by emailing the BondsOnline team.