Mortgage providers are responsible for managing people's personal and financial information in relation to their most valuable asset: their homes.
For many businesses, this is cause for concern, as large corporations appear in the news every other day as a result of another significant data breach. This causes many mortgage companies to wonder (and worry about) how to prevent a data breach from happening to them.
The following are five tips that your mortgage company can implement today to begin securing your systems from a cyberattack. These tips will also help you provide better customer service by protecting personal identification information.
There are many criteria to be met when creating a secure password, and it’s important that your entire team understands and adheres to these best practices.
Your first step should be to improve education for employees on how to handle password creation. Whether in the form of a company-wide memo, a formal training session, or an online tutorial, training should be thorough and easy to understand. Mortgage companies should make concerted efforts to inform employees on how to create a strong, secure password.
The right vulnerability management solution will require employees to create passwords that include more than just letters or numbers. Passwords should include a combination of letters (lowercase and uppercase), numbers, and characters, in order to create a password that can’t be cracked by hackers.
Multi-factor authentication should also be implemented throughout your business to ensure employees are protected if their login information falls into the wrong hands.
Underwriters require specific information that may not be relevant to customer service or sales team members. Although many businesses are tempted to keep as much information as possible in their CRM for more targeted marketing, mortgage companies have so much information on their customers that it is essential to separate customers’ sensitive information from the general contact information necessary for CRM systems.
One of the greatest areas of vulnerability for a business is its employees. The Stuxnet virus, which targeted Iran's nuclear program, was downloaded onto thumb drives by engineers off-site and transported into the secure computer systems managing the centrifuges. In this example, no amount of internal security could protect them from the mistakes of their employees outside of the facility. The fact of the matter is that employees are the most uncontrollable aspect to your business.
Provide company-wide education, and enstate policies that ensure your employees use strong passwords, separate work and personal activities, do not subscribe work email addresses for marketing or political emails, and understand what to do when they are the target of a phishing email, "virus alert" pop-up, or any of the other tactics used by cyber criminals to target unwary computer users.
For mortgage companies, customers are a vulnerability that are completely outside your business's work systems. A customer can be the target of mortgage cyber-attackers perpetrating fraud by mirroring your website, causing possible loss of services and capital.
Make your customers aware of the methods you use to contact them. If you have an outbound call department for customer service or sales, ensure that it follows industry practices, and teach customers how to identify if a call is from you. It is also a good idea to provide generally trusted phone communication information (never give out certain information to an untrusted number, ask for a call-back number and look it up, etc.).
Set up policies for predictable methods of managing customer accounts and inform customers of those policies. For example, make it a policy to never ask for any account information via email, only set appointments on the phone, or use multi-factor identity verification.
Finally, it is important to understand that many small mortgage companies do not have the IT staff necessary to properly manage their internal security. With cloud-based mortgage systems like those from ABT, there are options for outsourcing IT and data management to experts in the industry who are able to provide high-quality and secure mobile management software.
Rather than facing all the risk internally—including vetting IT security team members, who are inherent risks for an organization—outsource it! Access Business Technologies, a leader in providing virtual workspaces for mortgage companies, has a leadership team with 15 years of success providing secure systems to mortgage businesses. We provide dedicated account executives to ensure that they understand your business processes and needs, and work with a network of local IT technicians so that on-premise IT problems can be solved in 24 hours or less.
Outsourcing means you will have professional IT services at your fingertips and ready to scale your business, whether you have ten branches or hundreds. A good IT outsourcing team will not be tied to any one software system, but will have the tools and experience necessary to manage any software and hardware. Contact us for more information on outsourcing IT.