Mortgage Software Solutions Blog

2018 Changes in Banking Technology Part II

blog pic 3Finance customers turn to mobile banking technology.

New technology continues to change the banking landscape.

For mortgage lenders, finance technology or “fintech” startups are competing to attract lending clients.

Smartphone-obsessed customers are more mobile than ever and the number of banking platforms has exploded. With 46% of consumers using only digital channels for their banking, the way that customers handle their finances is taking a huge shift.

Here are 3 more ways that new technology is changing the banking industry in 2018.

  1. Cybersecurity

Cybersecurity in the financial industry is experiencing a worldwide crackdown in response to infamous missteps in 2017.

Last year was rough. Large businesses from Uber to Equifax came clean with the public about record-breaking customer data breaches.

As a result, new regulations concerning finance-related cybersecurity have made it onto the books in the United States, Europe, and the United Kingdom. Stricter regulations even include naming and shaming in the public forum. For example, starting in 2018 the Financial Conduct Authority requires UK banks to publish data on how many complaints and security breaches they have encountered throughout the year.

Formerly held accountable by regulatory bodies within the banking industry, now financial institutions will be facing not only federal law but public opinion. With leaders like the EU, the UK, and the US taking the lead, other world markets are sure to follow.

High-tech options in identification and recognition are hitting the market as a way to shore up security. Biometric security and voice verification software are in development and beta testing. The new measuring stick for basic security begins at multi-factor authentication.

Mortgage lenders at any level would be smart to take notice and sort out their cybersecurity issues. The only other option is to risk having their name added to the growing list of internationally untrustworthy companies in the eyes of consumers.

  1. Mobile Investing

Another new technology on the market takes investment consultations out of the local branch and drops it right into the investor’s pocket.

A full 82% of 18 to 24-year-old smartphone owners say they use mobile banking exclusively. 

Feeding the demand for putting banking applications onto mobile devices like smartphones and tablets, fintech is making lending and investing more accessible than ever.

This new wave of mobile finance is letting millennial do-it-yourselfers have all the control by using plain language and visuals to explain financial terms. Bankers are replaced by explanatory screens and animations. Investment apps even let new customers dip their toes in the investing game by allowing customers to have a “practice run” before dealing with actual money.

Small-scale investment companies are reshaping the barriers to entry by allowing new investors to get in the game for as little as £250 in the UK. These game changers are coming about due to aims of open banking legislation strategies for reducing monopolies.

This new family of mobile investing apps offers greater control than traditional banks over their mobile-based portfolios, even allowing customers to pick and choose investment baskets based on trending labels like “socially responsible tech”.

  1. New Technologies

Beyond cybersecurity and innovation in mobile investing technology, there is a host of newly-developed niche finance technologies hitting the market.

Robo investing automates the risk appetite assessment process.

Full integration of voice assistants are popping up. Capital One partner Alexa can now tell customers their account balances and spending habits after a night out.

Though historically skeptical towards bitcoin and cryptocurrency, credit giant Mastercard changed their tune in 2018 and announced open support for virtual currency in the Asian-Pacific market.

It’s too early to predict which of these new technologies will have staying power and which ones just won’t stick, but they all have one thing in common. They all work on the basis of a hybrid platform that combines human and computer-based tools to carry out financial services.

These new integrations of technology into the banking world are already changing the way that consumers approach banking.

With 2018 is primed to be the year that tech saturates the finance industry, mortgage lenders and other traditional finance institutions have no choice but to take notice.

Join us at the cutting edge of technology with regulation-compliant cyber security, remote device access, and more. ABT equips mortgage lenders with the tools for success in a digital world.

Image: Unsplash

Topics: mortgage regulations mobile technology mortgage industry partnerships Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit job opportunity Trump Administration Mortgage Lending

What Technology Is Changing In Banking For 2018

blog pic 4In the future, financial information and programming will be increasingly available on-the-go.

The old days of purely brick-and-mortar banks are over.

Mobile banking is the preferred platform as global smartphone use skyrockets and our preference for handheld interaction grows.

In 2011 only 10% of the world’s population used a smartphone. By 2018, that number has reached over 36% penetration.

From traditional commercial banks to finance technology or “fintech” startups, the banking industry is competing in an all-out sprint towards digital progress.

Here are 4 ways that technology is changing the banking industry in 2018.

  1. Open Banking

Open banking is a phenomenon being pushed by regulatory bodies around the world.

Lawmakers in the EU, UK, and the US have all passed legislation that takes personal financial data out of the hands of the banks and returns control to consumers.

The EU’s Payment Services Directives (PSD 2007 and PSD2 2015) will be fully implemented this year.

Together the PSDs regulate financial service providers by requiring transparency about consumer rights and the banks’ obligations to the public. They also require banks to free up customer data for third party access, limiting the power of the bank that gathered it.

The EU regulations coincide with the “Open Banking revolution” in the United Kingdom that intends to make banking more competitive for increased consumer protection. The UK also made it mandatory for all banks to provide third-party access to customer financial data using open API technology at the start of 2018.

In the wake of the Equifax data breach on the other side of the Atlantic, the United States made their move towards stricter regulations beginning in 2017 with the state of New York. US laws are focused on cybersecurity and consumer protection via speedy cyber attack reporting and increased government oversight of consumer data mishandling.

The proximity of these launch dates mean that traditional banks around the world face new technology-based limitations. Open banking and cyber security requirements leave the door open for tech-savvy challengers with a spotless reputation for safeguarding the public.

  1. RegTech

Another technology changing global banking in 2018 is regulation technology or “RegTech”.

RegTech is the umbrella term for software tools specifically designed to streamline regulatory compliance.

In the EU, RegTech has been using guidelines from the 2004 and 2011 Markets in Financial Instruments Directives (MiFID) as well as the General Data Protection Regulation (GDPR) of 2014.

Newly developed RegTech takes new 2018 regulations into account and eliminates duplication issues and insufficient data storage signposting.

Due to increased regulation, the adoption of these programs across the industry will determine which finance organizations move ahead and which ones get stuck hitting every legal bump in the road.

If implemented well, RegTech has the potential to significantly reduce risk, speed up compliance management, and control bank costs despite increased accountability.

  1. Robo Advice

“Robo advice” is the term for technology that does traditionally human jobs in investment banking.

In the past, investment managers evaluated a customer’s financial situation, communicated investment options, assessed risk appetite, handled portfolios according to client preferences, and relayed information about performance back to the investor.

Robo advice is the software and algorithms that provide these services digitally and accessibly on mobile devices like smartphones and tablets.

Millennials aged 22-37 prefer to work with apps and digital information over commercial banks. The demographic has a do-it-yourself attitude and shows an aversion to traditional banking institutions that have steered them into crushing student debt.

In fact, 75% of American millennials report trusting a financial product from a fintech company. Almost half of millennials in the US with investments report being aware of robo-advisors, while a full 11% currently use a robo-advisor exclusively.

With a frictionless user experience, robo advice may become the new norm.

  1. New Technology

In the UK, financial services newcomers are edging out traditional banks. Startup lenders like Iwoca in the UK are touted as the “future of small business lending” by using software algorithms to make credit decisions and having quick loan turnaround thanks to fintech.

By using all-digital or hybrid platforms combining human and algorithmic tools to reach customers, other digitally-native finance startups are slated to follow their lead.

Whether it’s anti-monopoly Open Banking APIs, intelligent RegTech software to handle compliance, or the growing preference for robo advice over human interaction, technology is making huge waves in the global banking industry this year.

As the digitally-native generations grow, traditional financial institutions scramble to expand their digital offerings while fintech startups flourish and join the market.

Join us at the cutting edge of technology with regulation-compliant cyber security, remote device access, and more. ABT equips mortgage lenders with the tools for success in a digital world.

Image: Visual Hunt

Topics: millennials cloud storage mortgage business mortgage regulations mobile technology mortgage industry Consumer Finance Protection Bureau Compliance Audit job opportunity cloud-based data Trump Administration Housing Market Mortgage Lending

Know Your Cyber Security Reporting Obligations

Know Your Cyber Security Reporting Obligations

New laws dictate how finance companies report security issues.

New York’s recent crackdown in state cybersecurity laws marks true reformation in the finance industry.

14 pages of detailed regulations fully outline the new accountability measures at Wall Street’s epicenter.

The regulations compel close to 10,000 financial institutions and 300,000 insurance licensees to put consumer protection before their corporate reputation for the first time in US history.

From a minor system access attempt by hackers all the way up to a full data breach, the new law saddles financial institutes with direct accountability to the state and implements a new standard in reporting for all mortgage loan servicers, banks, credit unions, and insurance companies.

For finance companies wondering how to conduct business in this new reality, here is a guide to the reporting obligations of New York’s new cybersecurity law

Governing Bodies

The first step of understanding the new obligations is to get familiar with the regulatory bodies of New York’s finance world.

The main authority on the new regulation is the New York State Department of Financial Services (DFS).

In the past, financial institutions were regulated via voluntary frameworks and reported externally to DFS in few situations with undefined parameters.

Under the new law, DFS established immediate authority by requiring a DFS-issued cyber security Certificate of Compliance as a basic prerequisite for operating a financial company. This gives DFS the ability to discipline non-compliant companies by revoking their certificate.

Beyond DFS, the regulation stipulates the creation of internal positions for officers to interface with DFS on behalf of the company. This requirement pushes aside ineffective industry-based governing bodies in favor of a direct link.

Mortgage companies must designate a Chief Information Security Officer (CISO) for in-house enforcement of company security procedures. The CISO reports in writing annually to the company’s board and will be held personally, legally responsible in the event of a breach at the agency.

Reporting Obligations

The final piece of accountability addressed in the new law is a reexamination of security reporting.

A “cybersecurity event” is any attempt of unauthorized access private consumer information. In order to mitigate the effects of a security event, financial institutions need to disclose data loss when it happens. This gives consumers sufficient time to take protective action such as changing passwords or putting a hold on a compromised credit card.

In practice though, finance companies endeavor keep data hacks under wraps. They prefer to save face and avoid losing consumer confidence.

In September of 2017, the Equifax data breach made international headlines. Though not the largest, it is considered the worst data breach in US history due to the sensitive nature of personal data that was accessed.

Despite being aware of the situation, Equifax spent five weeks running corporate damage control before disclosing the leak. The company initially underreported the number of affected consumers as 2.5 million instead of the actual 145.5 million people whose private data was stolen.

This failure to disclose the full extent of the damage infuriated the public.

Lawmakers vowed to protect consumers against this type of cover-up. With Sen. Elizabeth Warren (D-Mass.) at the helm, this is how the new regulations were written into law.

No More Cover-Ups

Now, the superintendent’s office places a strict time cap on security breach announcements. A company has no more than 72 hours to report any event that has a “reasonable likelihood of materially harming the normal operations” of the company. 

Since Equifax’s disregard for public safety, the law now stipulates that a data breach report is no longer the jurisdiction of the local supervisory body. Instead, reports of data loss go up the chain of command straight to the New York Superintendent’s office.

With a quicker turnaround time, consumers can be alerted quickly and efficiently through official channels about the breach.

Though basic requirements of the law have already gone into effect, the state of New York did allow time for mortgage companies to learn the law and implement it piece by piece.

According to the roll-out dates of the law, companies are required to be legally compliant with specific sections of the law on March 1 and September 3, 2018. The end of the full two-year transitional period and full compliance will be enforced by March 1, 2019.

For comprehensive compliance guidance and other cybersecurity solutions and, contact us.

Image: Visual Hunt

Topics: cyber security mobile security mobile device security email security cybersecurity security mortgage industry Trump Administration Housing Market Mortgage Lending 23 NYCRR Part 500 NYSDFS

Time for Lenders to Take Responsibility for Data Security

sharky

Lenders and customers face the dangers lurking in the finance world.

Since when do finance organizations rely on customers for security advice?

An investigation into US mortgage lending practices found that 70% of lenders regularly put sensitive financial data at risk by prioritizing customer convenience over security.

While customers often choose to send personal information via quick and familiar technology such as fax or unencrypted personal email, lenders continue to look the other way rather than correct these dangerous habits.

Something has gone awry in the lending industry and customers are taking notice.

It’s the responsibility of the lender to uphold security measures. Lenders have security tools at their disposal. Instead of leaving the doors open to data thieves, they should be insisting on secure email portals and other measures that protect the consumer.

As technology advances for both financial institutions and the data thieves that seek to attack them, it’s time for lenders to take the reins when it comes to customer security.

Financial Services are at High Risk

The two main dangers facing the finance industry are data breaches and security incidents.

A security incident describes any occurrence that has the potential to compromise consumer information. This can be an attempted data theft or an attempted hack into a computer system that stores sensitive information.

A data breach is more serious. Breaches are confirmed disclosures to an unauthorized party. Breaches represent a complete failure of the security system to keep the wrong people out.

An investigation of data breaches across industries finds that Financial Service organizations like mortgage lenders fall into the top three industries affected by successful hacks. In fact 2016 saw 1,368 security incidents and 795 confirmed data loss cases in the finance industry.

Given the value of the data that mortgage lenders collect, mortgage companies remain among the most vulnerable to cyber attacks.

Cyber Security Issues to Watch For

As mentioned, one security vulnerability is with lending staff. Sophisticated cybersecurity standards don’t mean anything if your employees are side-stepping official procedure. Documents with any sort of consumer data should only be shared within secured environments.

Round up the staff and reiterate how the company (and perhaps their job) relies on following the rules. Employee negligence and unsafe information disposal are not to be tolerated.

It’s also a good idea to get coordinated with your IT department. Are staff members using mobile devices like smart phones and tablets to handle sensitive information? Your IT department can install security measures like password protection and encryption so that these devices are cleared for proper company use.

Besides training and an IT device round-up, make sure your software access is secure. Multi-factor authentication or MFA is another way to seriously step up your security game.

After you’ve cleaned house, check your neighbors. Third-party services and their software tools cannot be overlooked. Anything handled by another organization that concerns your company’s customers should meet the same stringent security standards that you enforce in-house.

The Financial Cost of Cyber Attacks

Though financial institutions may have always had customer security in mind, the industry has felt the backlash in recent years.

Historically respected companies are losing consumer confidence. Beyond topping lists for riskiest industry, some of the big names have taken very public falls.

Equifax, a national name in credit scoring, experienced a hack in late 2017. The breach resulted in unsavory national headlines, a PR crisis, the involvement of the FTC, and a resulting push for never-before-seen legislation that regulates the whole industry.

Beyond reputations, there is money at stake. The financial cost of cyber attacks has been on the rise in recent years.

The average cost per capita of a Financial Services data breach in the US has increased by 10% in three years. In 2016 it reached $221 per person as a shared cost that consumers are burdened with thanks to lenders being devil-may-care with their information.

With consumers taking the hit and their financial institutions being degraded by cyber attacks, the industry is set to lose a lot of money.

Clearly, it’s time for a serious turn towards cyber security in order to prop the industry up in the eyes of consumers.

For mortgage lenders, it’s time to turn away from business as usual and make a serious effort to put cybersecurity at the top of the priority list. Not only will this protect valued customers, but it will save the reputation of an industry that has taken enough hits.

Businesses protected by a cloud-based portal with access secured by MFA are leading the industry in the push for cyber security. To find out about security-focused programs like Document Guardian contact ABT.

Image: Laura College on Unsplash

Topics: phishing security mortgage industry Compliance Audit DFS 23 NYCRR Part 500 NYSDFS network safety

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

4 Reasons to Implement a Mortgage Business Intelligence Strategy

bim.jpgBI visuals help employees in the company get on the same page.

Business Intelligence (BI) has come a long way since its first implementation.

At its most basic, BI has always involved analyzing reports and performance information to allow companies to make decisions based on past activity.

At the complex level of present-day information gathering, BI handles large amounts of unstructured, seeming unrelated data and then makes utilitarian connections between data points.

Using modern BI, a company can turn information sets into successful business strategies that give them the edge on the market and long-term stability over their competitors. Nowadays companies even have access to industry-specific BI tools.

Can you imagine why the mortgage industry should harness this ability? Here are 4 reasons to implement a Business Intelligence Strategy in your mortgage company.

  1. Integrated BI for Complete Data

By integrating business intelligence, a mortgage company has the ability to gather data on their activity via an existing mortgage enterprise management system (EMS) and then work with that data using the BI module.

With two or more applications communicating seamlessly, administrators have all the company information at their fingertips.

Integrating BI with existing tools like EMS and CRM platforms makes the data sets more ample and complete.

  1. Improved Strategic Awareness

Integrated Mortgage BI goes beyond just connecting platforms. It develops a rich business intelligence data warehouse (BIDW) that forms the basis for future decisions.

The BI module has the capacity of building data model visuals that are easy to understand. Using the full range of information available, this feature processes information to make it actionable. Pulling information from all sources means providing the company with rich prescriptive and predictive analytics output.

The strategy of information awareness and fact-based decisions produces a positive influence on the bottom line.

  1. BI Accessibility Breeds Positive Change

It used to be that companies needed IT analysts to interface with the data and come up with insight. It was a management level activity shared between tech folks and decision makers in the company.

With an industry-specific BI strategy in place, everyday users in a mortgage company can view easy-to-understand level-specific data related to their work. Placing BI in employee dashboards empowers them to make informed decisions. It goes beyond IT data and links up with HR, employee metrics, customized dashboards, and more to give the power of data to employees at every level of the company.

Smart decisions go from being seen as top-down directives to using real information as the basis for decisions company-wide. This change in company culture has the benefit of increasing employee job satisfaction and efficiency, which also affects the bottom line.

  1. Industry-Specific Bi is Affordable

There are plenty of BI applications on the market. From Tableau to Microsoft, the tech industry has developed a plethora of BI platforms with a range of executions.

There are also visionary platforms like Salesforce that are extremely flexible but require in-house IT customization. They come with bells and whistles that aren’t meant for the mortgage industry.

Mortgage companies without the resources to create their own fit have a better option. Industry-specific software with ample performance ability is the sweet spot. A mortgage-specific BI tool like this is the most affordable choice.

Mortgage companies who implement this type of “goldilocks” platform will be able to harness the power of BI quickly and easily.

Mortgage BI, developed by the same Northern California-based company that produces the data-sharing software MortgageExchange™, is a perfect example of this type of “goldilocks” platform.

ABT’s takes Microsoft’s Power BI software and their own MortgageExchange and combines them for a leading example of how companies can harness the big-brand power of BI without being oversized or overpriced. Not too expensive, no surplus of addons, and customized to be just right for the finance industry.

BI offers huge improvements to every modern mortgage company’s business strategy. The improved strategic awareness will save your company from financial missteps and BI-generated visual representations of performance data will put employees on the same page across the company.

With BI implementation, companies can efficiently put their data to work and move forward with clear direction.

Contact ABT directly to learn about Mortgage BI business analytics for your bank, credit union, or mortgage company.

Image: VisualHunt.com

Topics: Cloud Services information security for mortgage companies data interface solution data security mortgage software integration Business Intelligence Mortgage BI security productivity mortgage business mortgage regulations mobile technology mortgage industry

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Image: VisualHunt.com

Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.

Conclusion

Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

Solid Steps to Safeguard Against Meltdown and Spectre

ghjfj.jpgTwo defects threaten computers and devices released on the market since 1995.

Meltdown and Spectre are the names given to two newly-discovered bugs terrorizing computers around the world.

At the sound of such unnerving names, it’s hard for security folks at enterprise-level companies to control the panic.

While protocols for dealing with these threats are still on the drafting board, there are solid steps that companies can take to protect themselves.

What are Meltdown and Spectre?

In early January of 2018, the tech world was rocked by the discovery of two colossal security flaws that affect almost every computer and smart device on the market since 1995.

First announced on January 3rd, the bugs’ initial discoveries are being attributed to Jann Horn at Project Zero, a Google-based program for security analysis.

These two separate flaws were simultaneously being probed and announced by a handful of security experts from around the globe. As bits and pieces came out about the exposures, the gravity of the situation became clearer.

Both Meltdown and Spectre exploit weakness in the CPU of most current machines and all their predecessors dating back to 1995.

Since both faults affect major brand-name processors, it means that desktops, laptops, mobile devices, and servers all contain the defects.

The spooky truth is that they affect a majority of computers in use today.

How They Work

Often linked due to the widespread nature of both flaws and the fact that they were discovered around the same time, they do not work in the same way.

The first defect, Meltdown, is named for what it does to affected devices. It sort of ‘melts’ the wall between applications and the machine’s OS and makes it a devastating entryway for hackers.

The second issue, Spectre, is a named for the process from which hackers are able to steal information—namely ‘speculative execution’.

Speculative execution is the technique whereby your device records your computer activity in an attempt to predict future actions. This process helps your device execute tasks quickly, but the records contain sensitive usage information that shouldn’t fall into the wrong hands.

The name also refers to an apparition, which is fitting since companies don’t want intruders ghosting around their private information.

Meltdown affects Intel processors while Spectre affects three kinds of CPU chip: Intel, AMD, and ARM.

Using these newly discovered gateways, popular tech forum Bleeping Computer says, “Malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.”

Vendors React

In response to the potential devastation, the tech community has seen a wave of security advisories and patches to deal with the bugs.

At the pace that vendors are trying to get information out, some have produced conflicting stories: While AMD maintains that its CPUs have a near zero risk of vulnerability, Microsoft quickly pushed out a patch for AMD devices that has caused computers to stop working.

In the haste to calm the masses, it seems some solutions come with problems of their own.

Beyond the CPU

Browsers are also vulnerable due to these glitches.

Safari came out with a patch in December of 2017 while Microsoft just released patches for IE and Edge. Microsoft announced that Windows 10 is safer to use than older versions, but did not provide further details.

After other vendors bumbled, Google reneged on a patch that was promised for January 23rd. Google’s Chrome browser and OS patch came out Friday the 2nd of February, over a week late.

Adding yet another layer to this confusing frenzy, Anti-Virus programs may be incompatible with some systems (notably Microsoft) so don’t go AV-crazy just yet.

In order to be proactive, here are three solid steps you can take to make sure your company is protected.

  1. Assess Your Risk

Guidelines for action from patches to future fixes are available at each vendor’s site. Your company can build a customized response based on vendor-specific information.

  1. Follow Instructions

Take the recommended steps to mitigate any security risks that would leave your company vulnerable.

A smorgasbord of vendors, from Amazon to Cisco, has released advisories to protect their clients and business partners from dangerous activity.

It’s up to your company’s security team to follow instructions based on the software and hardware that your system uses.

  1. Hold Out for More Information

Unfortunately, these bugs were publicly announced recently. The scramble to provide permanent answers is on.

The best thing to do after the initial patch scare is to await further details and instruction from the tech security community.

Businesses protected by ABT’s monitoring service Network Guardian receive monthly reports detailing security threats. Contact us to learn more.

Image: VisualHunt.com

Topics: mortgage documents mortgage business mortgage industry cloud-based data Mortgage Lending disaster recovery malware network intel spectre meltdown network safety

Lawmakers Crack Down on Consumer Data Breaches

240_F_94311685_iKW2Fu9b135lRf2BuprLfXCICgbYLEUt.jpg

New bill to increase cybersecurity oversight in the United States.

Guns are blazing in the US Congress.

In the wake of the major Equifax data breach that lasted from mid-May through July of 2017, US Senator Elizabeth Warren leads the charge in attempts to hold credit reporting agencies responsible for their own cybersecurity.

With a bill proposing to rope the Federal Trade Commission (FTC) into oversight and calling for investigation of the Equifax breach, Warren introduced the Data Breach Prevention and Compensation Act of 2018 to Congress on January 10, 2018.

What Prompted the Bill?

According to Equifax, hackers gained access to sensitive consumer data and maintained access over the course of two months in 2018.

The data that was compromised included names, Social Security numbers, birth dates, addresses, and driver’s license numbers. Victims of the data theft are US citizens as well as people in the UK and Canada. The hackers also stole credit card numbers for 209,000 people.

Though the breach is a significant blunder for the credit reporting agency, Equifax responded by suggesting that the public find out if their information was exposed and allowing victims open enrollment in one year of free credit monitoring services.

Victims and consumer protection agencies alike saw the Equifax response as lackluster and tone deaf.

With identity theft and credit scores hanging in the balance, the public was outraged.

Calling Out the Big Guns

Senator Warren responded on behalf of consumers with a flurry of letters to potential oversight agencies, the United States Government Accountability Office (GAO), and to the three major credit reporting agencies themselves.

In the letter to the GAO, Senator Warren notes that consumers have no control over how their information is collected and used by companies like Equifax. Though credit reporting agencies hold unique power over the management of consumer data, nobody is sure who oversees their mishandling of this sensitive information. Even more shocking is that Equifax seemed to experience no official repercussions due to the hack.

In the letters and the resulting bill, Warren requests clarification of supervisory bodies and demands accountability for the credit agencies in order to protect consumers from future breaches.

In her letters, Senator Warren calls on the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) to consider whether they have authority over credit agencies and could enforce stricter cybersecurity guidelines.

The bill also calls for a significant increase in oversight by the formation of a new oversight body in the FTC. An Office of Cybersecurity is proposed to establish standards for data security, supervise consumer information handling, enforce guidelines, and impose punishment against agencies that don’t comply.

At the heart of the legislation is the protection of data in an industry headed towards more computer- and web-based storage than ever before.

Real Penalties for Serious Breaches

Senator Warren is not alone. Senator Mark Warner from Virginia co-signed the resulting bill. The goal is that with official government oversight, future breaches would be avoided as a result of financial penalties.

Under the terms of the proposed bill, agencies would suffer a $100 fine for each consumer whose private information is compromised plus $50 for each secondary piece of information belonging to that person.

Equifax would have faced $1.5 billion in fines in this case.

In an industry where money talks, this kind of legislation should convince agencies who manage consumer data to get their act together preemptively before letting consumer data fall into the wrong hands.

Inadequate security and a response the equivalent of a company-wide shrug will no longer be tolerated.

Response by Financial Institutions

The push for legislation and further oversight by lawmakers means that banks, credit agencies, and other financial institutions will need to up their cybersecurity game.

To avoid getting hit with major fines and extensive media blowback, the finance industry will be forced to plan ahead and protect sensitive consumer data from hackers like the group that hit Equifax.

Has your banking institution taken steps towards increased security? Is your board of directors aware or concerned about this legislation? Is your company addressing cybersecurity weaknesses in your systems?

Reaching out to software security experts is the obvious ways to avoid getting hit with major fines or extensive media blowback. With help from tech folks, the finance industry can plan ahead and protect sensitive data from hackers like the group that hit Equifax.

 ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Topics: cyber security financial data security multi-factor authentication Business Intelligence disaster recovery