What steps is a Remax franchisee required to take to secure their computer system and protect it from social engineering attacks?
Remax Franchise · 2025 FDDAnswer from 2025 FDD Document
You are solely responsible for securing your Computer System and protecting it from viruses, malware, spyware, malicious code, communication disruptions, Internet access and content failures, and attacks by hackers and other unauthorized parties and you must comply with privacy and data security laws and regulations. (See Subsection 8.C.) We require that you take steps to secure your Computer System and to protect it from social engineering attacks that would compromise user passwords, and that you establish best practices for password management as you are responsible for any losses or damages. We also require that you install and continually update Microsoft Windows (patches, service packs, and upgrades), macOS (patches and upgrades), web browser and application updates, as well as anti-virus systems, firewalls and application updates. In the interest of protecting the RE/MAX brand, the RE/MAX Marks and the RE/MAX System, you must notify us and/or REMAX, LLC immediately of any data or security incident or breach related to your Office, including any unauthorized access to your Computer System, and specify the extent to which personal information may have been compromised. You must also, at your expense, retain a qualified and independent data security expert ("remediation expert") to assess the nature and scope of the breach. If we request, you agree to provide us with a written report detailing the remediation expert's findings. You agree to fully cooperate with us and REMAX, LLC with respect to any media statements and other items related to managing any such incident, including fact finding or mitigation/defense actions we deem advisable (see also Crisis Communications, Subsection 8.P.). In addition, you agree to keep us informed about the status of the incident or breach, including identifying all steps you take to remedy or resolve the matter.
Source: Item 22 — Contracts (FDD pages 108–334)
What This Means (2025 FDD)
According to Remax's 2025 Franchise Disclosure Document, franchisees are responsible for securing their computer systems and protecting them from various threats, including social engineering attacks. To this end, Remax requires franchisees to take specific steps to safeguard user passwords and implement best practices for password management. Franchisees bear the responsibility for any resulting losses or damages if these security measures are not properly implemented.
Remax mandates that franchisees install and continuously update their systems with the latest versions of Microsoft Windows (including patches, service packs, and upgrades), macOS (patches and upgrades), web browsers, and application updates. Additionally, franchisees must maintain up-to-date anti-virus systems, firewalls, and application updates to provide comprehensive protection against potential threats.
In the event of a data or security incident or breach affecting a Remax office, franchisees are obligated to immediately notify Remax, LLC. This notification must include details about any unauthorized access to the computer system and the extent to which personal information may have been compromised. Furthermore, franchisees are required to engage a qualified and independent data security expert to assess the nature and scope of the breach at their own expense. Franchisees must also fully cooperate with Remax, LLC, in managing any such incident, including media statements and mitigation efforts, and keep them informed about the status of the incident and the steps taken to resolve it.