Mortgage Software Solutions Blog

5 Things You Should Do Now to Prevent a Data Breach


Mortgage providers are responsible for managing people's personal and financial information in relation to their most valuable asset: their homes.

For many businesses, this is cause for concern, as large corporations appear in the news every other day as a result of another significant data breach. This causes many mortgage companies to wonder (and worry about) how to prevent a data breach from happening to them.

The following are five tips that your mortgage company can implement today to begin securing your systems from a cyberattack. These tips will also help you provide better customer service by protecting personal identification information.

1. Implement Secure Passwords

There are many criteria to be met when creating a secure password, and it’s important that your entire team understands and adheres to these best practices.

Your first step should be to improve education for employees on how to handle password creation. Whether in the form of a company-wide memo, a formal training session, or an online tutorial, training should be thorough and easy to understand. Mortgage companies should make concerted efforts to inform employees on how to create a strong, secure password.

The right vulnerability management solution will require employees to create passwords that include more than just letters or numbers. Passwords should include a combination of letters (lowercase and uppercase), numbers, and characters, in order to create a password that can’t be cracked by hackers.

Multi-factor authentication should also be implemented throughout your business to ensure employees are protected if their login information falls into the wrong hands.

2. Insulate Database Information Depending Upon Needs

Underwriters require specific information that may not be relevant to customer service or sales team members. Although many businesses are tempted to keep as much information as possible in their CRM for more targeted marketing, mortgage companies have so much information on their customers that it is essential to separate customers’ sensitive information from the general contact information necessary for CRM systems.

3. Enact Employee Education Protocols

One of the greatest areas of vulnerability for a business is its employees. The Stuxnet virus, which targeted Iran's nuclear program, was downloaded onto thumb drives by engineers off-site and transported into the secure computer systems managing the centrifuges. In this example, no amount of internal security could protect them from the mistakes of their employees outside of the facility. The fact of the matter is that employees are the most uncontrollable aspect to your business.

Provide company-wide education, and enstate policies that ensure your employees use strong passwords, separate work and personal activities, do not subscribe work email addresses for marketing or political emails, and understand what to do when they are the target of a phishing email, "virus alert" pop-up, or any of the other tactics used by cyber criminals to target unwary computer users.

4. Educate Customers On Privacy, Identity, and CyberSecurity

For mortgage companies, customers are a vulnerability that are completely outside your business's work systems. A customer can be the target of mortgage cyber-attackers perpetrating fraud by mirroring your website, causing possible loss of services and capital.

Make your customers aware of the methods you use to contact them. If you have an outbound call department for customer service or sales, ensure that it follows industry practices, and teach customers how to identify if a call is from you. It is also a good idea to provide generally trusted phone communication information (never give out certain information to an untrusted number, ask for a call-back number and look it up, etc.).

Set up policies for predictable methods of managing customer accounts and inform customers of those policies. For example, make it a policy to never ask for any account information via email, only set appointments on the phone, or use multi-factor identity verification.

5. Outsource With a Trusted Mortgage Services Provider

Finally, it is important to understand that many small mortgage companies do not have the IT staff necessary to properly manage their internal security. With cloud-based mortgage systems like those from ABT, there are options for outsourcing IT and data management to experts in the industry who are able to provide high-quality and secure mobile management software.

Rather than facing all the risk internally—including vetting IT security team members, who are inherent risks for an organization—outsource it! Access Business Technologies, a leader in providing virtual workspaces for mortgage companies, has a leadership team with 15 years of success providing secure systems to mortgage businesses. We provide dedicated account executives to ensure that they understand your business processes and needs, and work with a network of local IT technicians so that on-premise IT problems can be solved in 24 hours or less.

Outsourcing means you will have professional IT services at your fingertips and ready to scale your business, whether you have ten branches or hundreds. A good IT outsourcing team will not be tied to any one software system, but will have the tools and experience necessary to manage any software and hardware. Contact us for more information on outsourcing IT.

Learn More

Topics: data security mortgage company security

How to Protect Your Mortgage Company From Viruses, Trojans, and Worms

What would happen to your mortgage company if it were hit with a serious computer virus or other malware? Could your company survive both the immediate and long-term financial impact of your critical data and client records being compromised or lost? More importantly, could your company weather the loss of customer confidence in your ability to protect their data?

Data security is essential for any mortgage business, and failure to adequately protect that data can be catastrophic.


At one time, computer security was very simple. Viruses were spread directly from computer to computer on floppy disks. The viruses could be hidden inside the files on the disk, or hidden in the very structure of the disk itself as a boot sector virus. Avoiding a computer virus was a simple as never accepting files or floppy disks from unknown sources.

Then came networks, which allowed computers within an organization to freely share files—and viruses. This was quickly followed by the development of the internet, which gave viruses access to computers not just on the local network, but anywhere in the world. This was followed by the introduction of email, which gave viruses an entirely new way to spread from machine to machine and network to network.

And then came the rise of viruses hidden within macros inside of common document files, such as Word or Excel. Suddenly, almost without warning, businesses and computer users found themselves in a losing war against a constantly evolving army of viruses and assorted malware. Computer security quickly became a battleground, and far too often, the virus creators were on the winning side.

But what exactly are computer viruses? And what differentiates a computer virus from other forms of malware (an umbrella term used to describe destructive, malicious computer code) such as worms or Trojans?

Let’s take a brief look at viruses, trojans, and worms, and the differences between each.


A virus is a malicious program that reproduces or replicates—just like a living virus—and creates copies of itself. These copies may be stand-alone files that mimic the names of real files or executables in an attempt to trick users into opening or running them. The viral payload may also copy itself into the file structure of a legitimate file or program. Once the file or the program is open or executed, the virus can do various things, depending on the intent of the virus creator. For instance, the virus may do something fairly benign, such as simply display a message, or it may do something far more destructive.

Destructive viruses may erase or encrypt critical system files or user data files, or reformat the computer hard drive. Regardless of the level of destructiveness of a virus, all viruses can cause considerable performance issues for computers by consuming system resources, such as memory, processor cycles, and hard drive space—all of which are needed for legitimate programs and user operations. There are five major recognized categories of viruses:

1. File Infector Viruses

File infector viruses inject their code into a legitimate executable (.exe) or command (.com) file and spread by infecting other files each time the infected file is run or accessed. This type of virus is often memory-resident. This means that if you run an infected file from a disc, USB drive, or other removable media, and then disconnect that media from your computer, the virus is still active in your computer’s memory and can still infect other files.

2. Boot Sector Viruses

Boot sector viruses infect hard drives on the structural level, in an area of the disk called the boot sector. When starting your computer from a hard drive, the boot sector is the very first part of the disk the computer looks at. This is the area of the disk where vital information needed to start or ‘boot’ the computer is stored. This means that a virus hidden in this part of the disk is loaded into memory before any operating system or antivirus software is loaded. Boot sector viruses are also memory-resident and can infect any disk inserted into the computer after it is booted.

3. Multipartite Viruses

The worst of both worlds, these viruses combine the traits of a file infector virus and a boot sector virus. Because of this, this type of virus can be both very destructive and very hard to remove from an infected computer.

4. Master Boot Record Viruses

These are similar to boot sector viruses but with one important difference; these viruses save a copy of the ‘clean’ or original boot records elsewhere on the disk, where it can usually be recovered using special software such as disk recovery tools.

5. Macro Viruses

Beginning with Microsoft Office 97, Microsoft introduced the ability to create custom functions and to automate tasks in common Office applications, such as Word and Excel, through user-created macros. Based on Visual Basic, macros opened an entirely new way for malicious coders to create harmful viruses. Macros are now one of the most common and destructive types of viruses in existence.

Trojan Horses

A Trojan horse is not technically a virus, since it does not reproduce or replicate like a true virus. Instead, a Trojan horse pretends to be something desirable to a user—an application, an email attachment, or a document—that conceals a malicious payload that, when triggered, can delete or damage user data or system files.

A large number of Trojans compromise computer security by downloading viruses or other threats, such as botnet clients. Botnet clients can enslave computers to work in tandem as an element in an illicit network. Such networks are often used to breach the security of other computers or computer networks. Botnets are also commonly used to take down websites or entire networks by flooding them with data requests in what is known as a distributed denial of service (DDOS) attack.


Worms are a form of malicious program that replicates itself from computer to computer. Unlike a virus, a worm does not rely on an infected file to spread. Instead, it is the infected file. Worms often exploit security holes to spread quickly from computer to computer within a network or across the internet. Worms can spread exponentially and can quickly bring a network to its knees by generating overwhelming network traffic as they spread from computer to computer.

Now that you are familiar with the most common forms of malware, the next question is simple: What can your business do to protect itself against these threats?

Proper security and data protection require a comprehensive plan. A properly managed and maintained antivirus program that protects against mortgage cyber attackers is a critical part of that plan, as is a firewall to protect against threats originating outside of your network.

However, antivirus software and a firewall are only two pieces of a total data security package. For true protection, you need a partner who is familiar with the special needs of mortgage companies and who has the experience to provide the protection you need.

ABT can be that partner.

Our unique cloud applications, DeviceGuardian™ and EmailGuardian™, can be added to any computer or mobile device to give you the peace of mind you need to know that your data is protected and secured from outside threats. DeviceGuardian™ technology offers full Consumer Financial Protection Bureau (CFPB) regulatory compliance for secure device management, with fully managed antivirus protection and secure data backup.

EmailGuardian™ uses sophisticated, multi-layered detection engines and intelligence to protect email data and employees from malware, spam, advanced threats, and zero-day attacks. With over 18,000 customers, EmailGuardian™'s threat intelligence and adaptive network are constantly improving defenses to eliminate new and advanced threats. It is also works to contain spear-phishing attempts by reviewing every URL for threats, and to ensure spam and malware don’t reach your network.

Contact us today to see what Access Business Technologies’ DeviceGuardian™ and EmailGuardian™ can do for your company.

Get Started

Topics: mortgage company security

Cloud-Based Mobility is The Desktop’s Demise in the Mortgage Business

Is it time to start preparing the obituary for the desktop computer? Even one of the designers of the original IBM PC 5150, Mark Dean, declared that this iconic technology is all but dead. Now that there are apps for smartphones and tablets that do everything a PC could do and more, you are no longer tied to one location. Cloud-based mobility and computing are the future. 

Some of the factors killing off the old-school PC include the rise of mobile computing, cellular data networks, improved battery life and power density, and the responsive format for web-to-mobile. The most dramatic result of this shift is the ability to run a complete business in the cloud. This has a profound impact on operating costs and the way that mortgage companies can meet with clients.


Now Your Computer Goes With You

Every new innovation in technology has been hailed as a major milestone for businesses. Having a desktop computer with a dial-up Internet connection, a browser, and a suite of tools for word-processing, spreadsheets, and desktop publishing, was a huge step forward in the late 90s. It didn't matter that the computer had to sit on your desk, within reach of an electric outlet and a phone jack; the new capabilities were a huge step forward for commerce and consumers. Now, however, it is time to move on.

The Backend Goes to the Cloud

Software as a Service (SaaS) makes it possible to run your business entirely in the cloud, which means you need no physical resources, apart from the device of your choice, to represent the face of your company. The exciting implication is the ability to work from wherever you want. SaaS is computing in the cloud; it does the work on the back-end, removing the need for on-site file servers and the facilities that support them.

The global market for SaaS was $49 billion in 2015 and is growing at a rate of 8.14% per annum, according to Forbes. There is a good reason for this; computing in the cloud reduces capital costs to the price of devices and a monthly subscription. It is available for smart mortgage business leaders to use to their competitive advantage.

The Front End Moves Into Browsers and Apps

Thanks to today’s technology, you can use the device of your choice to run your mortgage business completely from the cloud. When you can access all of your systems and documents from a tablet, smartphone, or laptop, there is no more need for either the desktop PC or the desk. With the right SaaS mortgage application management system, you will have secure access to everything that you need to keep your business running smoothly.

Best of all, you can focus on your business securely, without distractions, and with support when you need it. Mobile browsing makes a huge difference in how consumers and business users experience the internet. When the front end of your business process is on the device in your hand, you have full control of all your customer’s needs.

The Connection Goes Mobile

Mobile technology may seem incredibly futuristic, but it hasn’t reached its peak yet. 4G connections will double the average speed of data delivery by 2020 to 36,363 kbps, according to Mobile Future. For the time being, though, mobile connections are still pretty darn fast. You don't even need to work from home or the local coffeehouse to connect to a wi-fi hotspot; mobile can now connect wherever you are (assuming good network coverage).

At the beginning of 2016, the major mobile networks covered between 70 and 87 percent of the country, with the best coverage in the most urbanized areas and the poorest in the most rural. The result is that, unless you are working in a remote, rural community, you can meet with clients and coworkers, and share all of the documents you need to complete financing activities via mobile, without delays or interruptions.

Gone the Way of the Filing Cabinet

When your real estate financial services business uses mobile devices and SaaS connectivity, you do not need to let the technology dictate the way that you conduct your business. Access Business Technologies specializes in providing SaaS platforms and tools for productivity and documentation, all while supporting security and mortgage industry compliance standards.

As the front end dissolves into your browser, and the backend systems migrate to the cloud, there is not much reason left to hold on to those old desktop computers. If you have not yet moved to the cloud, the time to do so is now.

DeviceGuardian™ provides a holistic solution to controlling security and maintaining compliance across multiple devices. This powerful tool is easy to install on any new or existing device, and allows ABT to securely manage all of your mortgage software, data, and users, without driving up operating expenses or reducing efficiency. Best of all, the protection provided by DeviceGuardian™ makes all of your devices compliant with Consumer Financial Protection Bureau (CFPB) regulations.

We earned a 97% customer satisfaction rating for 2014 and 2015 by consistently delivering competitive, compliant, and secure IT support to our clients. To begin finding the right SaaS solution for your business, contact Access Business Technologies today.

Learn More

Topics: Cloud mobility

3 Ways the Cloud Bolsters Your Mortgage Company Security

Cyber thieves are amping up their attacks on major banks and the U.S. Federal Reserve. Recently, $81 million dollars was stolen from a Bank of Bangladesh account at the New York Fed. Cybersecurity officials are rapidly securing possible entry points for cyber thieves, finding that the most ordinary access points, such as email and social media accounts, can be all a thief needs to gain access to highly sensitive data. What does this mean for mid-sized lenders in the mortgage industry?

If large-scale organizations are strengthening their security measures, then mid-size organizations should do the same. Your organization is only as strong as your weakest partner. However, by placing your data in the cloud and securing access through a single, secure portal, your organization can better protect against a breach. This type of vulnerability management solution can be key to keeping your clients protected.


Here are three ways the cloud bolsters your mortgage company security:

1. Maintain Banking Standards and Compliance

Experts forecast that the mortgage industry is moving toward banking standard regulations, which is one way to avoid an increasing number of breaches within the mortgage industry. Jeff Bernstein of T&M Protection Resources, a New York City-based information security firm, told Scotsman Guide:

It is not just the mortgage company that comes into contact with the consumer data. It is also their business partners. A typical loan will include other parties. There will be attorneys involved, loan servicers, title companies, insurance companies, and a company that collects consumer data is only as secure as its weakest partner.

Loan officers accessing information via MortgageWorkSpace®’s single, secure web portal are able to aggregate information in a secure workspace, providing peace of mind to customers and maintaining above-standard compliance.

2. Integrate Software and Data Securely

Cloud-based dashboards, like those provided by MortgageWorkSpace®, provide users with an interface that accesses Encompass, office software, and email from any device, without the need to update software or security on individual computers. This is especially important given clients' wishes for fast service, as well as for meeting industry deadlines.

With everything a loan officer needs immediately at their disposal, even mid-scale lenders can stay competitive in an increasingly aggressive industry.

3. Eliminate the Need for Personal Files

Loan officers move on from an employer when they seek opportunities elsewhere, but the client lists and documentation they received during their tenure shouldn’t walk out with them. Regulatory privacy guidelines must be followed, even when an employee moves on.

While employees are still in the fold, keeping a separate company database for proprietary information and privacy-bound data is essential for mortgage lenders, credit unions, and small banks. This does not mean that former employees cannot have access to their curated client lists—many do—but those lists should not contain any proprietary information, as outlined in your organization’s employment contracts.

Brad Finkelstein of National Mortgage News quotes former mortgage originator, Karen Deis:

If the loan officer is going to maintain a dual database, they [should] not have any personal information, like social security numbers, date of birth and all of that . . .

Since secure cloud environments like MortgageWorkSpace® offer loan officers access to proprietary data in a secure environment, any information the officer keeps on Excel spreadsheets should not contain private information. Those spreadsheets and other documentation systems lack the security provided by the cloud.

Providing officers with a secure, cloud-based database protects clients from mortgage cyber-attackers. It also safeguards the company and the loan officer, ensuring loan officers do not have access to this information when they leave the organization, and that they do not take any information with them.

For more information on how cloud security, seamless updates, and cloud technologies can assist your mortgage company in maintaining compliance and increasing customer trust, please contact us.

Learn More

Topics: Mortgage Cloud Services mortgage company security