Mortgage Software Solutions Blog

Mortgage Companies Can Reduce Costs When Employees Work From Home


Higher mortgage rates and stagnant housing inventory pools may be the reason for a drop in the number of mortgage loan applications. As the country continues to struggle up from the depths of the Great Recession, housing starts and real-estate transactions remain at the back of the pack in terms of recovery pace. Although things have improved (in April 2014, loan application submissions were 11 percent lower), mortgage companies must still keep their eyes on the razor slim margins they now maintain.

Maintaining or growing that margin can be achieved through a balance of reducing costs and increasing productivity. Technological advances offer programs and services that can streamline and speed up mortgaging processes, allowing more work to be accomplished without extending the work day. The problem is that mortgage bankers are not technology gurus. The speed of technological evolution makes it almost impossible for anyone except technology specialists to know what software products and services are both effective and safe. 

The emergence of cloud computing may offer tantalizing options, but the development of regulations and standards around security issues are lagging. Fear of losing valuable information may be unnecessarily freezing mortgage companies out of the cloud market altogether.

The fears are understandable. In early 2014, the Cloud Security Alliance (CSA) issued a list of the nine most prevalent security threats in cloud computing. Of those, four are now well known because of recent hacks into retailers’ databanks. Data breaches (stealing data), data loss (server failure), account hacking or hijacking (stealing of identity and credentials), and malicious insiders (Edward Snowden) are legitimate concerns. Every industry contemplating cloud access needs to find cloud service providers that can adequately address those concerns.

Fortunately, just this spring, that same CSA issued a white paper on its “Best Practices for Mitigating Risks in Virtualized Environments” which provides guidance regarding managing security risks specific to cloud servers and services. At the same conference, CSA announced a new “Certified Cloud Security Professional” certification, which establishes an international standard for design, implementation, and management of cloud environments. The message to non-cloud participants: safety and security systems have been evolving along with the cloud itself. There are now cloud IT professionals and services that can provide excellent SaaS (Software as a Service) products and services that are secure, reliable, and ultimately, extremely cost effective.

Some cloud IT professionals have added yet another layer of cloud-based IT-security standards in response to heightened security requirements for banks. The federal government is working on standardizing protections against cyber crime in the banking industry. Because mortgage companies routinely deal with confidential client financial information, some mortgage-industry professionals have elected to bring their businesses into compliance with existing banking IT-security processes and regulations. The belief is that this will be required throughout the mortgage industry in the not-so-distant future.

So what can a mortgage broker expect to find when seeking cloud-based mortgage-support IT systems? Here are a few examples:

1. The opportunity to eliminate the rental cost of the brick-and-mortar office. Cloud-based mortgage programs can be accessed from anywhere, so bankers and their employees can work safely and securely from their homes.

2. A technology team committed to keeping cloud systems up and running, and that can coordinate cloud services with local IT support. This relieves the local technology staffer to focus on maintaining clear technological channels between clients and associates.

3. Flexibility to expand or adapt programs to accommodate shifting regulations and standards.

4. Flexibility to expand staff levels or offices across cities, counties, or even other countries, without the added expense of additional software or servers.

The evolution of cloud-computing security systems means it is now much safer and more economical to engage cloud technology and services for the management of highly confidential data. Mortgage bankers who want to improve their margins while reducing costs and keeping busy in today's challenging real-estate market can contact us at any time.


                                                      Contact us for a better way  to service loans

Topics: Cloud Mortgage Servicing

Mortgages Companies Urgently Need Information Security Protocols


In the wake of data breaches of major financial institutions like JPMorgan, it is increasingly obvious that comprehensive measures must be taken to protect sensitive client information at financial institutions. A 2014 study by HALOCK Security Labs reveals startling statistics about major deficits in security measures among mortgage lenders nationwide. Of those surveyed, the company found that 70 percent permitted applicants to send personal and financial information over unencrypted email as email attachments, including such sensitive documents as tax documentation, and even W-2s. Terry Kurzynski, senior partner at HALOCK Security Labs says:

"Any type of weak link in a system involving sensitive information exposes people to unnecessary risk. It takes months to recover from an identity theft and minutes to log into a secure portal--do the math!"

In the light of such statistics, information security for mortgage companies becomes a top priority. Mortgage companies are particularly vulnerable to data breach attempts because of the sensitive information gathered in the normal process of mortgage loan applications. The routine collection of social-security information, employment data, and credit-card information are a dream package for the identity thief, providing virtually everything needed to commit this type of cyber crime.

What can a mortgage company do to protect against data breach? A re-evaluation of your business process is a good first step. Are your processes compliant with current government regulations concerning client privacy? Do you have a clearly defined policy regarding the sharing of private client information internally as well as externally? Are all your employees aware of these policies and procedures by means of regular training in compliance issues? Is your training procedure evolving as new threats are exposed?

Who in your organization is responsible for the constant re-assessment of best practices? Is this the same person who is tasked with the implementation of new security measures as needed? What about cross-training? Are your systems redundant in case of a problem?

No longer can CEOs think of security merely as a business expense. A robust security protocol should be considered as an asset that must not be undervalued. A small business can be completely destroyed by a data breach, and even larger companies can not afford to fail to defend against these threats.

If these issues are of concern to you, examine how outsourcing security and compliance issues can come to the rescue of your business. When considering a move to a cloud-based hosting system, you will need to ascertain what security measures are in place with your provider to ensure compliance with privacy regulations. A solid software-hosting provider will have access to top-of-the-line security protocols. Such a provider will also ensure that your software is kept up-to-date, with security patches applied immediately upon their release. This is a bonus for mortgage companies, who may have in the past relied on a hit-or-miss approach to updating software systems.

And because your employees will all be using the hosted cloud services, there will be no problem with non-uniform download of security updates. Scalable to your unique circumstances, a cloud-based hosting solution will also be cost-effective. Since vigilance pertaining to security is a major hallmark of a good hosting provider, you can rest assured that your client information is safe in the cloud.

Cloud-based service solutions also allow for the coordination of security across several types of devices. So, your loan officers can be confident that their smart phones, tablets, laptops, and PCs are all secure when they log into your system in the course of any business day. Regarding the security of your email correspondence, MortgageWorkSpace allows you to send and receive sensitive financial documents via email securely and with ease.

If cloud-based hosting services, including MortgageWorkSpace, sound like an attractive option for your business, please contact us today for additional information about benefits of integrated-hosting services and how they can be configured for your particular needs.


                                                 Integrate Your LOS with Your Banking System. Free Consultation

Increase Your Data Security With The Right Email Service


In the mortgage industry, one of the often overlooked areas of data security is your email platform. Email gives your business the ability to communicate in real time with customers, realtors, and other financial institutions. With so much versatility and access, it makes sense that many data breaches happen via email systems.

Email Vulnerabilities

In the current political fracas surrounding Hillary Clinton's private email server, many people find themselves wondering about email security and information security in general. For mortgage companies, the security of your servers is vitally important to reduce the costs associated with fraud and to prevent access to your systems by undesired parties.

Data security in relation to email centers around technological and personal hacking techniques. When someone attempts to use technological means to access data, they will often do so through cloning a trusted site, embedding html viruses in emails, or other methods of deceiving people with information regarding your loan system. Personal means of hacking involve convincing someone to voluntarily give up information regarding their business. This often involves flattery, banking on empathy, or building a sophisticated relationship with the target.

Email provides opportunities for data breaches in both of these areas, and often malicious parties will use a combination of technical and personal means to access sensitive data. Because inbound emails are considered secure by many users of your system, many are fooled into a false sense of security. 

With many email systems, a simple click on an in text link can open malware, send you to a malicious site or notify a spammer that your account exists. Some of these events can be activated without clicking any link at all, simply through opening your email.

Many private servers are not equipped with the tools to scan emails for viruses, to scan links for potentially harmful websites, or to prevent unwanted spam.

Modern, Robust, Secure

Modern business email systems should enable your loan officers, franchise owners, or other mortgage professionals to communicate effectively and securely with customers, vendors, and other financial institutions. The right system will enable your business to build relationships and grow your business, no matter the costs.

A good email security plan integrates with your overall business security systems, including training for your mortgage professionals to prevent personal attacks and the most up-to-date IT security to prevent technological attacks.

A secure business email system will provide the following capabilities:

  • Real-Time Scanning: Links in your emails are one of the most dangerous parts of your email. A good system will actually rewrite the URL so that the security system can perform risk assessment before your computer actually goes to the website.
  • Continual Security: With redirects and clones, a link can be harmless one week and lead to a malware site the next week. Robust email-service providers scan the links each time they are clicked, preventing a bait and switch.
  • Blocking Access: When a website is found to be untrusted by your email service provider, it will provide warnings and even block user access to prevent downloading of unwanted materials.

Email is one of the most powerful tools that mortgage professionals use, and is also one of the most vulnerable, when it does not have proper security. For more information on the security of your mortgage company, or to start your secure email service, please contact Access Business Technology.


                                               What Should I Be Using?

Logjam Threat: MortgageWorkSpace Is Meeting The Challenge


For mortgage bankers, data security is a major concern. Most of the information with which mortgage companies work is sensitive and personal. Recently, a major threat has been identified that could significantly impact mortgage companies around the world.

A group of researchers and computer scientists has discovered a hole in the protection surrounding some websites, which were previously thought to be entirely secure. This vulnerability, called Logjam, allows cyber criminals and other hackers to attack websites that use https-security encryption. Logjam allows hackers the ability to access sensitive information, and it affects all web browsers. It is estimated that, worldwide, over 80,000 of the top one-million websites are vulnerable.

Computer scientists at Inria, a French public research institution, as well as computer scientists at Johns Hopkins University, Microsoft Research, the University of Michigan, and the University of Pennsylvania, discovered logjam several months ago, and have been working to mitigate the threat with various client and server software developers since that time.

How does Logjam work?

Encryption is a way of turning information into a sort of secret code, when it is sent over the web, to prevent cyber eavesdropping on your private computer communications. For example, when you are browsing, your address bar may have a padlock symbol and a web address that starts with "https." Normally, this means that the communication between your computer and the website you are viewing is encrypted and secure because of security software in place.

Logjam exploits a weakness in a part of the security process, internal to the software, called the Diffie-Hellman key exchange, which is a popular cryptographic algorithm. The Diffie-Hellman key exchange creates and sends a key that unlocks the encryption and allows you to read the information. Unfortunately, Logjam involves capturing the key data and cracking the code. Once hackers gain access to the code, it is possible not only to read the sensitive information sent over the web, but also to alter it for their own purposes.

The vulnerability to Logjam exists because websites and browsers still support weak 512-bit export ciphers. Often, this is because even though U.S.-based technology companies have upgraded to stronger, and harder-to-crack encryption technologies, their products include support for 512-bit export ciphers to maintain compatibility with products used in other countries.

Taking advantage of this weakness, the Logjam threat tricks web browsers and servers into using the weaker encryption standard when communicating with each other. That means that everything appears to be the same to the user, but in actuality, it is not the same at all. Logjam allows a man-in-the-middle attacker to snoop on communications. Cyber criminals can simply sit back and be privy to what others on the same network are doing.

What does Logjam affect?

Logjam affects all web users because it can be used to obtain information from secure websites, secure bank transactions, email communications, and VPN connections. Clients using any of these protocols will need patches that do not support the weak key exchange, and servers need patches that will not offer the weak key exchange. Since much of the work of a mortgage company is done via use of the internet for email, communication with clients, and communications with banks, working within a system such as MortgageWorkSpace is an attractive and safe solution.

What can be done to protect data from the Logjam vulnerability?

It is important to be sure that you are using the most recent version of your browser. Check for updates frequently. If you are unsure about whether your browser is affected by Logjam, you can test your browser here. All major browsers are in the process of creating patches to resolve the weakness. However, at present, Google Chrome has not yet done so. 

How does all of this affect mortgage companies? As much of the information gathered by your business is of an extremely sensitive nature, a robust system of security for your data is essential for your protection, as well as the protection of your clients. Regularly checking and updating web-browser versions is best practice for all mortgage companies. Check with your IT staff to ensure this is done, especially in light of threats such as Logjam.

While all of this seems to be scary stuff, there is no need for alarm for users of MortgageWorkSpace. All web servers and services at Access Business Technologies have already been updated and are not affected by the Logjam threat. Performing all your website transaction inside of MortgageWorkSpace will ensure protection of your sensitive data. Using the browser within MortgageWorkSpace is safe. However, using Google Chrome outside of MortgageWorkSpace is not yet safe.

If you would like more information about the Logjam vulnerability, or you would like help to ensure the safety of your data, please contact us. We stand ready to help you defend your data from cyber criminals today.


Tie Your Net Branches and Mortgage Software Together FREE for 30 Days

Topics: Logjam

Cloud-Based Security Is The Future For Mortgage Companies



As technology evolves, mortgage companies must change their systems, security plans, and business processes in order to meet current and future security challenges. Cloud-based information systems enable companies to manage employees in diverse locations and situations, increase locations with limited infrastructure, and aid in security and data recovery.

With so many data breaches in the news recently, mortgage companies are especially vigilant. A cloud-based information system is one of the most secure ways to manage employees: in the office, at home, and on the road.

Security vs Insecurity

Generally speaking, the more customized a system is, the more secure it is. Richard Feynman, in his autobiography, describes the fact that he was able to hack most safes in the Manhattan Project by entering in the factory default settings. When faced with an issue of security, many people will simply rely on someone else's expertise.

In modern information systems, this is seen in using default security settings, not creating unique passwords for each user, not requiring a certain standard (length, caps and lower case letters, numbers and symbols), or simply creating one password for all personal, business, financial, and other systems. 

As data become more and more valuable, mortgage companies become more and more of a target, and must use specialized software for the utmost protection. As an example, a mortgage company won't use Excel as their entire loan management system, likewise, they should not use default windows, Apple, or Droid OS security systems to manage their security.

Cloud-Based Security

Many businesses see the use of the cloud as introducing private data to a third party, and therefore highly suspect. While this is understandable, it is false on several levels. Cloud-based delivery systems are protected from anyone except the administrators and managers who set up the account. Additionally, mortgage companies and banks that deal with cash trust their hard assets to an independent security team every day, with limited risk.

Cloud-based data systems store servers apart from your main site, and your servers are housed in secure datacenters which have a dedicated team of IT and physical security experts to monitor, prevent, and correct any security problems which arise. Additionally, a cloud-based system limits the access which any one user or group of users will have to your systems. Each user you set up will only have access to the information required to do their job, preventing the type of data breach caused by a disgruntled employee walking off with all the servers.

Create Freedom With Cloud-Based Mortgage Software

With multiple password logins and software housed entirely on a server, you can set the security and access levels for every employee. This gives mortgage companies the opportunity to utilize freelance and work-from-home employees without taking on the risk of giving them full access to a software system.

A cloud-based mortgage-management system reduces costs in infrastructure and IT, increases security and user-specific functionality, and creates the opportunity to expand and find low-cost employees through telecommuting from home. For more information on the security benefits of a cloud-based mortgage-software solution, please contact us.


Host PointCentral with ABT. Get Started Today! Request a Quote  



Topics: Cloud Mortgage Servicing Cloud Computing