Property valuation firm Landmark White has achieved ISO 27001 certification, the company announced this week.
The ASX-listed LMW achieved external certification under the information security standard earlier this month, the firm said in a market announcement.
The certification covers the technology and infrastructure supporting residential, commercial and insurance valuations, government services, and property advice and research.
LMW this year revealed it had suffered two data breaches, with the company forced to twice suspend trading in its shares while it assessed the cost to its business. Major clients of the firm suspended their use of its services in the aftermath of the breaches.
In June, LMW said that the data breaches, detected on 4 February and 29 May, cost it around $6 million-$7 million in revenue for the financial year ended 30 June, and it also incurred significant costs improving its IT security.
In August LMW said that as part of a business optimisation strategy it intended to use its “newly advanced IT infrastructure” and improved cyber security as selling points for its services as it recovers from the impact of the breaches.
“Following the criminal cyber-attacks targeting LMW earlier this year, LMW comprehensively reviewed all of its IT, software and privacy systems and undertook to further enhance these to provide its clients with arguably the most secure service in the industry,” the company said in its ISO 27001 announcement.
LMW said it had implemented the ‘Essential Eight’ list of mitigation strategies developed by the Australian Signals Directorate.
“The third-party certification of LMW’s security platforms provides our clients with the confidence to continue to utilise LMW’s services and supports the Company’s focus to provide unrivalled independent property advice,” the statement from LMW said.
In its annual report LMW said security measures included the roll out of multi-factor authentication, de-identification of personal information within its databases, white-listing external domains, restricting employee access to ‘need to know’ applications and data, implementing data loss prevention measures for USB drives and email accounts, and implementing “real time monitoring of all interactions across all of our IT devices”.
Earlier this month an IT contractor, Stephen Grant, was arrested and charged for his alleged role in the data breaches.
The charges follow an investigation by Strike Force Vide, which was established by the Cybercrime Squad of NSW Police’s State Crime Command.
“With the assistance of company staff, investigations identified that unauthorised access was gained into the company’s database and more than 170,000 data records including personal information and valuation documents were uploaded to the dark web and the internet,” a statement issued by NSW Police said.
“Further investigation revealed the unauthorised access to the database allegedly occurred between September 2017 and May 2019.”