Finding the right tech partner can feel like a daunting task for real estate agents. When evaluating and selecting technology vendors, agents must ensure that the partnership will not only fulfill their immediate needs, but also uphold standards of security and reliability over the long haul.

In today’s rapidly evolving digital landscape, the stakes are higher than ever. Downtime can quickly cripple operations and a single vulnerability can expose sensitive information to cyber threats. When BoomTown was hacked this month, it resulted in a week-long outage for its users – that’s a week of lost leads, frustrated clients, and a major blow to their reputation.  Agents couldn’t access their websites or client data, leaving them scrambling to manage their businesses.  This kind of disruption can be devastating, especially in a competitive market.

This is just one example to show why the conversation with potential technology vendors should be more than an obligatory checkbox, but rather, a pivotal step in safeguarding their business. By asking the right questions, agents can peel back the layers of marketing gloss to reveal core competencies and potential risks. This not only ensures a wise investment, but also fortifies the technological backbone of an agent’s business against the unforeseen challenges of tomorrow.

While an extensive due diligence process may not always be practical (based on factors such as the absence of technology experts within the agent’s business, price point, or type of product), there are certain areas of focus and questions that can yield meaningful insights and informed decision-making for agents. These include:


How is your data, especially sensitive information such as financial data and client information going to be used and shared? In a world where user data is often a commodity for many technology providers, as opposed to the software itself, this question has become all the more important. Look for the vendor’s privacy policy (typically found in the footer of their website) and don’t be afraid to ask for a copy if needed. You’ll want to keep an eye out for clear definitions on things like:

1. What type of data is collected? 

2. What is the purpose of the data and who is it being shared with? Is it being used to render services, improve products, for the vendor’s own marketing purposes, and/or is it being sold to other parties? 

3. What happens to your data if you cancel or stop using the service? Can you request that your data be deleted or de-identified?


In a world of ever-increasing cyber threats, what measures is your vendor taking to safeguard your data and their systems? While the exact degree of security protocols and measures may vary based on the type of technology offering, industry in question, price point, etc., there are certain questions you can ask to better understand the vendor’s security baselines.

4. What type of security measures are in place to protect my data and prevent unauthorized access? Examples include: encryption, access controls, and firewalls

5. Is data encrypted in transit (when it is transmitted across the Internet) and at rest (when it is stored)? Encryption is the process of converting and scrambling data in such a way that only authorized parties can unscramble it. 

6. Are your documents encrypted and securely protected? 

Keep in mind that security is a shared responsibility, so as you evaluate the measures your vendor is taking, it’s important to implement protocols within your business to protect your data. 

For example:

  • Avoid password sharing
  • Mandate routine password changes
  • Mandate multi-factor authentication to be enabled whenever available
  • Educate your team on phishing scams


Beyond security breaches, there are measures your vendor should be taking to manage their own reliability and availability of systems. These measures help ensure there is little to no unplanned downtime, data loss, or other issues that can adversely impact your business. 

7. What type of redundancy and failover measures is the vendor taking? Is there redundancy at multiple levels (hardware, software, network, geographic)? For example: geographic redundancy means the vendor is using multiple data centers in varied geographic locations, so as to minimize the impact of natural disasters or other localized issues. 

8. Are there regular backups? Do they maintain offsite backups? 

9. Do they have a disaster recovery plan to ensure data and services can be restored quickly in the event of data loss, corruption, or system failures?  How long will it take them to restore their systems?

10. Do they have an incident response plan to handle security breaches and environmental issues?

11. What is their communication plan for disclosing and documenting security breaches and other incidents to customers?  Do they specify a notification time for security breaches and outages?

12. What is their uptime? If the service/vendor relationship is structured such that you are signing a contract (especially if it’s one with a longer term and/or high price point), this is something that should typically be included in the SLAs.

Take Steps to Protect Your Business

Even with vendors who employ the highest degrees of sophistication and volume of preventive measures, no system is perfect and there is always risk of incident – even companies like Microsoft have fallen victim. 

However, there are certain actions you can take to safeguard your business in the event your vendor experiences a security incident or downtime: 

  • Backup your files and contact information. The frequency and depth at which you do this may be, in some capacity, determined by your confidence level in your vendor and their answers to these questions; however, it can’t hurt to keep critical business information in a secondary location and periodically updated. 
  • Have a way to communicate with clients, team members and employees. If a key system goes down, ensure their contact information is accessible from another access point so you can keep them informed. 

As with everything, context is key. While you should not hesitate to vet your vendors before making key business and financial decisions, the exact measures a vendor may take can vary and may be influenced by industry, price point, contract structure (month-to-month vs. long-term agreements), customer type (do they serve individual agents or large enterprises), type of data they are storing for you, and more.

Keep in mind that you may not necessarily get the same answers from a lower price-point, single-solution vendor that you would from a vendor with whom you are signing a high-dollar, multi-year contract. However, it’s important that you feel comfortable with their answers and they are able to meet your baseline needs. This will also help you plan for the amount of work you need to do on your end, including how often you need to back up your data. 

By asking these key questions and considering the factors mentioned above, real estate agents can enter into tech partnerships with confidence, knowing they’ve taken steps to safeguard their data, ensure business continuity, and empower their success in the ever-evolving digital landscape.