Mortgage Software Solutions Blog

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.


Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.


Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

Solid Steps to Safeguard Against Meltdown and Spectre

ghjfj.jpgTwo defects threaten computers and devices released on the market since 1995.

Meltdown and Spectre are the names given to two newly-discovered bugs terrorizing computers around the world.

At the sound of such unnerving names, it’s hard for security folks at enterprise-level companies to control the panic.

While protocols for dealing with these threats are still on the drafting board, there are solid steps that companies can take to protect themselves.

What are Meltdown and Spectre?

In early January of 2018, the tech world was rocked by the discovery of two colossal security flaws that affect almost every computer and smart device on the market since 1995.

First announced on January 3rd, the bugs’ initial discoveries are being attributed to Jann Horn at Project Zero, a Google-based program for security analysis.

These two separate flaws were simultaneously being probed and announced by a handful of security experts from around the globe. As bits and pieces came out about the exposures, the gravity of the situation became clearer.

Both Meltdown and Spectre exploit weakness in the CPU of most current machines and all their predecessors dating back to 1995.

Since both faults affect major brand-name processors, it means that desktops, laptops, mobile devices, and servers all contain the defects.

The spooky truth is that they affect a majority of computers in use today.

How They Work

Often linked due to the widespread nature of both flaws and the fact that they were discovered around the same time, they do not work in the same way.

The first defect, Meltdown, is named for what it does to affected devices. It sort of ‘melts’ the wall between applications and the machine’s OS and makes it a devastating entryway for hackers.

The second issue, Spectre, is a named for the process from which hackers are able to steal information—namely ‘speculative execution’.

Speculative execution is the technique whereby your device records your computer activity in an attempt to predict future actions. This process helps your device execute tasks quickly, but the records contain sensitive usage information that shouldn’t fall into the wrong hands.

The name also refers to an apparition, which is fitting since companies don’t want intruders ghosting around their private information.

Meltdown affects Intel processors while Spectre affects three kinds of CPU chip: Intel, AMD, and ARM.

Using these newly discovered gateways, popular tech forum Bleeping Computer says, “Malicious program can steal passwords, account information, encryption keys, or theoretically anything stored in the memory of a process.”

Vendors React

In response to the potential devastation, the tech community has seen a wave of security advisories and patches to deal with the bugs.

At the pace that vendors are trying to get information out, some have produced conflicting stories: While AMD maintains that its CPUs have a near zero risk of vulnerability, Microsoft quickly pushed out a patch for AMD devices that has caused computers to stop working.

In the haste to calm the masses, it seems some solutions come with problems of their own.

Beyond the CPU

Browsers are also vulnerable due to these glitches.

Safari came out with a patch in December of 2017 while Microsoft just released patches for IE and Edge. Microsoft announced that Windows 10 is safer to use than older versions, but did not provide further details.

After other vendors bumbled, Google reneged on a patch that was promised for January 23rd. Google’s Chrome browser and OS patch came out Friday the 2nd of February, over a week late.

Adding yet another layer to this confusing frenzy, Anti-Virus programs may be incompatible with some systems (notably Microsoft) so don’t go AV-crazy just yet.

In order to be proactive, here are three solid steps you can take to make sure your company is protected.

  1. Assess Your Risk

Guidelines for action from patches to future fixes are available at each vendor’s site. Your company can build a customized response based on vendor-specific information.

  1. Follow Instructions

Take the recommended steps to mitigate any security risks that would leave your company vulnerable.

A smorgasbord of vendors, from Amazon to Cisco, has released advisories to protect their clients and business partners from dangerous activity.

It’s up to your company’s security team to follow instructions based on the software and hardware that your system uses.

  1. Hold Out for More Information

Unfortunately, these bugs were publicly announced recently. The scramble to provide permanent answers is on.

The best thing to do after the initial patch scare is to await further details and instruction from the tech security community.

Businesses protected by ABT’s monitoring service Network Guardian receive monthly reports detailing security threats. Contact us to learn more.


Topics: mortgage documents mortgage business mortgage industry cloud-based data Mortgage Lending disaster recovery malware network intel spectre meltdown network safety

Three Key Levels of Mortgage BI

3 Key Levels of Morgtgage BI


Managing mortgage data can be incredibly difficult as more and more information is linked to an ever-evolving market. Mortgage BI, a cloud-based business analytics service, can reduce stress involved with implementing a better information-organizing strategy, as it lowers overhead involved in business analysis. This is ideal because it helps increase team productivity by making the most useful information the most visible.

Why hire an outside team of analysts who will be using the mortgage software now available? This data serves an important role in highlighting a company's strengths and weaknesses and is accessible now.

The data is out there, however the tools for accessing it must present organized operational and market analytic metrics based on current market behavior. This is what effective use of Mortgage BI is all about - providing companies with a perspective on management capability and strategy. As each company objective is different, it is critical to know how to do this as it applies individually. While one organization may be in niche real estate markets, others might need mainstream commercial property live data.  Solutions that include an option for access through mobile devices are also essential, assuring that top-level data is always accessible and--more important--usable by CEOs and upper-level management. Management for cloud and hybrid cloud solutions is also a viable need for companies looking to maximize use of data.

Mortgage BI gives companies several essential powerful intelligence levels:

  1. Unique Data

All data that is unique to the specific individual using the software including lending history and other unique assets. Operational data will fall under this and the aggregate data classification. Appraisal volumes, vendor fees and vendor quality can be neatly organized here. Software that takes cognitive fit into consideration is especially important here. The better the fit, and more relevant the data, the more engaged staff will be.

  1. Aggregate Data

Mortgage BI, as it pertains to a lending groups, includes company spreadsheets and statistics. This market data needs to offer refined strategic insights at the aggregate and comparative level. Here the company as a whole is represented, with only the most applicable pieces of data brought together to form a big-picture view for decision makers.

  1. Comparative Analysis

This is a level of data that compares individual data to that of their peers, enabling mortgage companies to better position themselves with their competition. This can also be arranged to provide a view for the specific company's data in comparison to a larger market data set. This level of data was made available at a zip-code level in January 2008. Filters based on mortgage provider and sales performance are invaluable for crafting executive company decisions. Comparing performance across several different markets can also create more realistic or competitive KPIs. This is a CEO-level must for strategical planning.

Simply put, Mortgage BI should also put an emphasis on communication tools. This truly humanizes the process of effective decision making. How so? Individuals involved in brokering deals and reviewing mortgage measures are able to gauge progress and results of specific and ongoing projects. People will be able to visualize their contributions. The mortgage market is filled with information such as vendor performance metrics, production reports, foreclosure, and depreciation measures. There is no longer a need for stacks of notebooks and piles of printouts of these reports and spreadsheets. Mortgage BI organizes tasks for maximum accessibility, dividing tasks into functions like origination, servicing, and REO,all of which drive business decisions.

All data and communication tools are also designed according to compliance and regulation measures. In addition to providing mortgage management companies the option to review data by up-to-date market data, everyday management also becomes more streamlined, saving time and money.  

As the housing market becomes more complex to navigate it’s important to take advantage of the useful solutions out there. As with all Mortgage BI, businesses can focus on closing loans and increasing productivity while reducing the amount of troubleshooting inherent within data analysis. Access Business Technologies also uses technology to provide an extra layer of performance assessment to managers. We also specialize in integrating mortgage BI systems from the ground up.

To learn more about Mortage BI solutions, please contact us. We are your resource for cloud-based mortgaga data management.

Topics: Access Business Technologies mortgage data management cloud-based data