Real Estate Attorneys

ALTA Compliance and PII Protection. We make it easy

Advocating on behalf of your clients. Reviewing documents. Attending closings. You’re working hard to ensure contracts are signed when they need to be, and money is wired to the right place at the right time. When managing real estate transactions, you have a lot more to think about than cybersecurity and compliance.


Your clients trust that your IT infrastructure is working just as hard as you to secure their data. The American Land Trust Association (ALTA) has established and regularly updates its Best Practices Framework to provide the latest guidance on how to do exactly that, protecting you and your clients from cyber fraud.

While many of these Best Practices are financial and internal controls, there are technical components to ALTA compliance:

  • Disaster management and recovery planning
  • Managing access controls and security of the parts of your network that contain PII kept by your organization
  • Monitoring for intrusions into your systems that contain PII and responding appropriately to these breaches should they occur
  • Maintaining a Written Information Security Policy and training your employees on this policy.

Some firms take these requirements seriously and routinely update their policies, training, and security technology to fully protect themselves and their clients. But the reality is that many do not and are compliant with ALTA on paper only.

What does that mean for you and your firm? 

Ask yourself some important questions:

Has your firm undergone a risk assessment recently to determine gaps in policies and technology controls?

Many organizations have moved most, if not all, of their services and data to the cloud, making firms more dynamic, but are you exposing yourself to additional risk?

Has your antivirus protection been reviewed to determine if it will adequately protect you against modern-day attacks? 

Legacy endpoint protection can defend against known threats, but advanced solutions such as Endpoint Detection and Response (EDR) can monitor your systems for anomalous behavior and stop zero-day attacks, an area where traditional solutions often fail.

Have you confirmed that access logs are actually being reviewed? With so many systems to keep track of, is your IT staff actually able to effectively monitor each one to ensure no malicious logins are occurring?

Many cyberattacks in the US happen overnight when no one is at work. Is your protection 24-7?

Have you conducted a recent review of your cyber insurance policy to ensure adequate coverage?

Cyber insurance policies are increasing in popularity, but have you read the fine print? If an insurance company decides that your company was negligent or that human error was the cause of a breach, they can refuse to pay out on your claim.


What clients say


We’re not in the business of trading in fear, but the truth is, cyber fraud is very real and the best way to mitigate risk is to put safeguards in place. This is what we do at Ihloom; help lawyers just like you proactively protect their clients’ title and real estate transactions from cyber risks.