Future Innovations

The Challenge:  Finding a quick, easy, yet accurate, way to check local broker Web sites for compliance with NAR Internet display policies. 

The CRT Solution: PolicyPage, a new software program designed to capture Internet display and IDX rule sets and automatically inspect Web sites for compliance. The “plug-in” architecture of rule sets makes extension easy so you can quickly modify rules to reflect local regulations. The software also generates and automatically sends e-mails identifying problem areas to site operators.

To run the software, you’ll need a Web server that supports the PHP scripting language. PolicyPage documentation gives installation instructions for Microsoft IIS, Apache, and OMNIHttpd. To use the automatic e-mail features, you’ll need an SMTP e-mail server. PolicyPage can make SSL connections and supports authenticated e-mail sessions.

After an initial development time of only three months, CRT will be demonstrating PolicyPage during the NAR Midyear Meetings this May in Washington, D.C. Demos will take place at the NAR booth (#1020) on the Expo floor and at the WiFi hot spot in the Marriott Wardman Park.

The first version of this free software will be available for download in June. This initial release will test only for text-based compliance issues such as disclosure, copyright, and links to the association site. Version 2.0 of PolicyPage (scheduled for September 2005 release) will use RETS-based data feeds from your MLS to check listings. Version 2.5 (scheduled for release before year end) will include a spidering capability to find listing data on nonmember sites.

Learn More:

Current Solutions

The Challenge: Creating a comprehensive information security program for your organization—today!

The CRT Solution: Expert tips and guidelines on information security best practices that will help you and your IT staff create a top-quality program—from CRT and REALTOR®  Secure.   

In an era where weekly data security breaches top the headlines, “I’ve been meaning to get to that,” or “We have a firewall in place. What more do we need?” are no longer acceptable responses. Laws, regulations, and court cases underline your duty of care for customers’ and employees’ information. Today, information security is as critical as sound accounting practices and regular ethics training to protect a company’s reputation.

Yet only 45 percent of respondents in CRT’s 2005 MLS Technology Survey indicated that their MLSs had any type of information security program. And only 21 percent of respondents had a security education program in place.

The first step to create a comprehensive, organization-wide security program is a well-thought-out security policy. This policy provides a security program baseline. Formulating a policy also helps you identify what security areas your company needs to address.

Your policy should be scalable enough to be easily implemented company wide. Policies should be flexible to allow for changes in system architecture and company needs. Your policy should also include an education component so that workers can be trained on how to keep data safe. Most importantly, every information security policy should have the backing of top management.

Your policy should be based on industry standards such as the International Organization for Standardization and the National Institute of Standards and Technology. Another source for sample data security policies is The Sans Institute. This nonprofit organization offers the most comprehensive source of security training and certification in the world. To review sample data security policies from SANS, go to: http://www.sans.org/resources/policies.

The good news is that you don’t have to start from scratch. CRT, in conjunction with NAR’s Leadership Program and Planning group, has developed educational tools to help you assess your organization’s current security situation. These tools will also show you what your next steps should be. The program includes a security survey, a site scan, an overview of current threats to information security, and an analysis of the impact added security needs will have on your organization. It also describes how CRT’s REALTOR Secure program can bring your procedures in line with industry best practices. This program was initially designed for association executives and local leadership but may eventually be available more widely.

You can jump-start your security program efforts by attending the CRT-sponsored session, Information Security—It’s Everybody’s Business, at the NAR Midyear Meeting in Washington, D.C. Speakers will explain best practices in policies and procedure for every size organization, from one person to 1,000. Bring your questions and get advice from CRT and industry experts on Thurs., May 12 from 1:00 to 3:00 p.m.

Don’t wait for a security breach to implement a data protection program. Let CRT help you safeguard your organization’s most valuable business asset—your data.

 
Learn More:
For more on CRT’s security assessment and educational tools, email info@crt.realtors.org.
Get details on how the REALTOR® Secure can help you assess and improve your security.
Read about CRT-sponsored programs at the Midyear Meetings.
View the 2005 MLS Technology Survey.

Current Solutions

The Challenge: Preventing unwanted spam from clogging your server without blocking legitimate business e-mails.

A Solution: Greylisting. White lists let e-mails from specified sources in. Blacklisting keeps persistent spammers out. Greylisting is somewhere in between.

Greylisting works on the principle of that e-mail servers make several attempts to deliver each e-mail. If an e-mail is rejected by the receiving ISP or company mail server on the initial delivery attempt, that receiving server sends a message that it is having a temporary server failure. At the same time, the receiving server stores the combination of to, from, and sending e-mail server in its database. When the sending server resends the message, the receiving server looks for a match. If it finds one, it delivers the message.

Since most spam is not sent out using RFC-compliant mail servers, this simple strategy effectively stops most spam. One e-mail server was receiving 11,000 e-mails a week. After adding greylisting, that number dropped to 4,000; the remaining 7,000 were rejected as spam. Reducing the number of e-mails helps free up server resources. It also means a longer life for your next generation of hardware since memory and CPU won’t be consumed by running antispam and antivirus software on the e-mails rejected by greylisting.

There are some downsides to greylisting. While properly configured servers will queue and retry the message, greylisting can delay the time a message is received—sometimes by several hours. In addition, some large ISPs such as Yahoo and AOL have complicated configurations that make it appear as though messages are coming from different servers. If the second e-mail appears to be sent by a different server than the first, it could also be rejected temporarily.

If you want to try greylisting in your IT shop, there are a variety of applications available. The first criterion is determining what works with your current e-mail server. You’ll also need to set up a database to store the contact information, and then configure your mail server to use it. Because there are so many server and database options, setting up a greylist may require some investigation.

But even with its drawbacks, greylisting is a valuable tool for reducing the flood of spam that clogs your company’s or association’s e-mailboxes and bogs down your mail servers. Give it a try.

Learn More: To learn more about greylisting or to download copies of a free, open-source implementations such as smtpwrap or SpamCage, go to: http://greylisting.org

Current Solutions

The Challenge: Protecting sensitive listing information when it’s transferred using the Real Estate Transaction Standard.

The CRT Solution: Business rules and other security features from RETS software vendors that can help you protect your listings. 

With privacy disasters like ChoicePoint making headlines, brokerage companies and MLSs are understandably concerned about the safety of client information included in the listing. In some cases these fears have centered on the Real Estate Transaction Standard. But with proper installation, RETS is not a spigot that just lets information flow unrestrained and insecure.

RETS server vendors can safeguard confidential information by implementing business rules in their RETS software.  For example, rules may allow you to define per-user field access that limits access to specified fields within the data record. Rules can also be established so that per-user field access can be defined for many different groups receiving feeds—from newspapers, to agent Web sites, to consumers.  

RETS is very flexible, but the specification does not directly cover per-field access. Different RETS servers may not provide the same information protection features. Check with your MLS’s software vendors to be sure that their RETS-compliant software offers adequate protection. Without it, confidential listing information may be at risk.

Learn More: For a complete overview of RETS, go to: www.rets.org

Best Practices

The Challenge: Safeguarding valuable client and company data from hackers and identity thieves.

The CRT Solution: Seven ways to keep your information safe—courtesy of CRT. This piece will make a great training tool or handout for your company’s agents to take home and use with their own computers.

1. Keep your antivirus software up to date. With new viruses appearing almost weekly, installed antivirus software loses its value if you don’t keep it current. Download updates from your software vendor’s site at least once a week, and encourage users to do the same on their at-home computers. Or make it easy by configuring the software on users’ computers to update automatically.

2. Use an Internet firewall. Firewall software and hardware help block malicious users and viruses from your files and programs. Some operating systems such as Windows ™ XP come with firewall software, but you need to enable it to protect your system. For more information on the value of firewalls and how to enable the firewall in Windows XP™, go to:

http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx.

3. Keep your operating system updated. Keeping operating systems updated and download patches to fix bugs. Operating systems such as Microsoft Windows XP can be configured to download and install patches automatically. To download updates for Windows operating systems, go to: http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us.

4. Keep your antispyware software updated. Like antivirus software, antispyware software requires regular updates to stay current. Download updates monthly from your software vendor’s Web site, and encourage users to do the same. Or configure the antispyware software to update automatically. Scan for spyware weekly.

5. Use strong passwords. Passwords that are hard for malicious users to crack are one of the top ways you can protect sensitive data. Encourage users not to select personal information such as birthdays or children’s names. The best passwords are at least eight characters long and consist of a combination of letters and numbers. Read more about how to create strong passwords.

6. Turn off wireless devices. Computers, PDAs, and other devices with WiFi or Bluetooth wireless connectivity can pose a data security risk if used improperly. To reduce your risk, train your users to disable all wireless connection devices when not in use.

7. Use secure wireless networks to connect to the Web. Secure wireless networks use a combination of security measures to keep malicious users from intercepting data. These include wireless encryption protocol, SSID masking, and MAC filtering. Most SOHO wireless devices such as wireless routers or access points come with these security measures out of the box. Employ security measures when configuring these devices. For more information on securing your wireless network, go to: http://www.practicallynetworked.com/support/wireless_secure.htm.

Look for CRT at the Midyear Meeting in Washington DC from May 9-14. In addition to the wireless hot spot you can find CRT at:

REALTORS Trade Expo  May 11 9:00 am - 6:00 pm and May 12,  9:00 am - 12:00 pm

Multiple Listing Issues & Policies Forum & Committee  May 12, 9:00 am

Information Security - Its Everyones Business  May 12, 1:00 pm

Business Technology Forum  May 12, 3:00 pm

Large Firm Directors  May 12, 3:00 pm

AEC State EO Forum  May 13, 9:00 am

Two new CRT surveys are now available.

The 2005 MLS Technology Survey reviews MLS technologies and the Realtor® business practices they support.

The 2005 REALTOR®  Technology Effiiciency Survey reveals areas where technology can be used to improve real estate processes.

Take advantage of personalized technology consulting, courtesy of CRT. Let CRT help you find the best solution to your toughest tech challenge. If there are technology issues or products you’d like CRT to investigate or just a question you’d like answered, please e-mail info@crt.realtors.org

Let the Center for REALTOR^® Technology help you explain the business benefits of emerging technologies to your organization’s leadership. Suggest that your company’s or association’s top executives sign up for a free, quarterly CRT e-mail newsletter describing the value of new technologies in straightforward business language. Encourage them to subscribe at http://www.crt.REALTORS.org/newsletter-broker 

To unsubscribe go to http://www.crt.REALTORS.org/newsletter-tech

The CRT Report is published by

Center for REALTOR®  Technology
National Association of REALTORS®
430 N Michigan Avenue
Chicago, IL 60611

312/329 8646
info@crt.realtors.org
http://www.realtors.org/CRT