Mortgage Software Solutions Blog

Know Your Cyber Security Reporting Obligations

Know Your Cyber Security Reporting Obligations

New laws dictate how finance companies report security issues.

New York’s recent crackdown in state cybersecurity laws marks true reformation in the finance industry.

14 pages of detailed regulations fully outline the new accountability measures at Wall Street’s epicenter.

The regulations compel close to 10,000 financial institutions and 300,000 insurance licensees to put consumer protection before their corporate reputation for the first time in US history.

From a minor system access attempt by hackers all the way up to a full data breach, the new law saddles financial institutes with direct accountability to the state and implements a new standard in reporting for all mortgage loan servicers, banks, credit unions, and insurance companies.

For finance companies wondering how to conduct business in this new reality, here is a guide to the reporting obligations of New York’s new cybersecurity law

Governing Bodies

The first step of understanding the new obligations is to get familiar with the regulatory bodies of New York’s finance world.

The main authority on the new regulation is the New York State Department of Financial Services (DFS).

In the past, financial institutions were regulated via voluntary frameworks and reported externally to DFS in few situations with undefined parameters.

Under the new law, DFS established immediate authority by requiring a DFS-issued cyber security Certificate of Compliance as a basic prerequisite for operating a financial company. This gives DFS the ability to discipline non-compliant companies by revoking their certificate.

Beyond DFS, the regulation stipulates the creation of internal positions for officers to interface with DFS on behalf of the company. This requirement pushes aside ineffective industry-based governing bodies in favor of a direct link.

Mortgage companies must designate a Chief Information Security Officer (CISO) for in-house enforcement of company security procedures. The CISO reports in writing annually to the company’s board and will be held personally, legally responsible in the event of a breach at the agency.

Reporting Obligations

The final piece of accountability addressed in the new law is a reexamination of security reporting.

A “cybersecurity event” is any attempt of unauthorized access private consumer information. In order to mitigate the effects of a security event, financial institutions need to disclose data loss when it happens. This gives consumers sufficient time to take protective action such as changing passwords or putting a hold on a compromised credit card.

In practice though, finance companies endeavor keep data hacks under wraps. They prefer to save face and avoid losing consumer confidence.

In September of 2017, the Equifax data breach made international headlines. Though not the largest, it is considered the worst data breach in US history due to the sensitive nature of personal data that was accessed.

Despite being aware of the situation, Equifax spent five weeks running corporate damage control before disclosing the leak. The company initially underreported the number of affected consumers as 2.5 million instead of the actual 145.5 million people whose private data was stolen.

This failure to disclose the full extent of the damage infuriated the public.

Lawmakers vowed to protect consumers against this type of cover-up. With Sen. Elizabeth Warren (D-Mass.) at the helm, this is how the new regulations were written into law.

No More Cover-Ups

Now, the superintendent’s office places a strict time cap on security breach announcements. A company has no more than 72 hours to report any event that has a “reasonable likelihood of materially harming the normal operations” of the company. 

Since Equifax’s disregard for public safety, the law now stipulates that a data breach report is no longer the jurisdiction of the local supervisory body. Instead, reports of data loss go up the chain of command straight to the New York Superintendent’s office.

With a quicker turnaround time, consumers can be alerted quickly and efficiently through official channels about the breach.

Though basic requirements of the law have already gone into effect, the state of New York did allow time for mortgage companies to learn the law and implement it piece by piece.

According to the roll-out dates of the law, companies are required to be legally compliant with specific sections of the law on March 1 and September 3, 2018. The end of the full two-year transitional period and full compliance will be enforced by March 1, 2019.

For comprehensive compliance guidance and other cybersecurity solutions and, contact us.

Image: Visual Hunt

Topics: cyber security mobile security mobile device security email security cybersecurity security mortgage industry Trump Administration Housing Market Mortgage Lending 23 NYCRR Part 500 NYSDFS

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Image: VisualHunt.com

Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

Cyber Security Trends Put You, Your Company, and Your Devices at Risk

 

Lock on keyboard

Staying on top of cyber security is one of the most critical aspects of protecting your business. That includes knowing about the latest scams and threats on the horizon. Whether you're protecting yourself, protecting your company, or protecting your devices, you need to know about the latest concerns in cyber security. 

Pop-ups and Scam Calls

Instead of sending out viruses that are likely to be caught by your firewall, many hackers are attempting to catch your team unaware. Pop-ups claiming they are able to "fix" computer problems that don't really exist are one of the most common cyber threats--and unfortunately, they're becoming increasingly savvy. Some are clones of your antivirus software, while others are specifically designed to look like Windows error messages.

Scam calls are also an increasingly common form of social engineering. In order to protect your business, your staff must have the tools to recognize scam calls and react to them appropriately. Without that knowledge, unknowing employees could accidentally release confidential client data or provide system passwords to individuals masquerading as employees. Protecting your company means ensuring that every employee is familiar with the potential for scam calls and knows how to react appropriately. 

IRS Taxpayer Scams

The recent tax season has seen a substantial rise in the number of IRS taxpayer scams. Even the most law-abiding citizen reacts to contact from the IRS with stress and tension. As a result, they're more likely to respond quickly and instinctively to threats rather than taking the time to think their responses through. Today's scammers demand information immediately, insisting that they're going to arrest the victim if they don't respond as soon as possible. They're offer refunds if the victim will simply provide them with necessary bank account information. Scammers frequently insist that payment be made immediately, rather than allowing individuals to set up payment arrangements or take the time to ensure the validity of the communication. 

Note that the IRS never contacts people over the phone. Instead, they'll use certified mail for their initial contact. They also allow citizens to take the time to ensure the validity of their claims and to set up payment arrangements for outstanding debts, rather than putting pressure on citizens for immediate payment. By remaining aware of these circumstances, you can help protect yourself and your employees against this common scam.

Petya Ransomware

Many business owners, managers, and directors are terrified by the rise of ransomware--and with good reason. Ransomware encrypts every file in your system, making it unusable until you either break the encryption and pay the ransom--and in some cases, even if you pay the ransom, hackers may not be able to deliver a "fix." The Petya ransomware attack, which is one of the latest waves of ransomware attacking businesses, encrypts the master boot records of Windows machines. This makes the machines completely unusable until the $300 ransom is paid or a solution is found.

In order to protect against Petya, it's critical that your antivirus software remain updated, as many companies have already released patches that claim to protect against it. You can also protect against ransomware breaches by ensuring that your computer has been updated through at least March 2017, when a critical patch was released that defended against the EternalBlue vulnerability. Petya, in particular, will not impact your computer if you have the read-only file C:\Windows\perfc.dat installed on your computer; however, this will not prevent your computer from impacting others on the network. 

Protecting yourself, your company, and your devices is a full-time job. If you need additional help with this critical process, contact us today to learn how we can help keep your protections updated and your company safer.



 

Topics: ransomware Petya ransomware cybersecurity

10 Reasons Why Cloud Storage Is Safer

why-cloud-storage-is-safer.jpgWhere is the safest place to store a valuable item: in a locked box in your home, or in a safe deposit box at a bank? It should be obvious that something of value will be better protected at a bank, even though it's out of your immediate possession. Banks have better security procedures, trained staff, and less penetrable physical structures.

The same concept applies to your data storage. Storing loan application information on a desktop computer at your office exposes it to significantly more risk than entrusting it to a reputable cloud service. Breaches in security, mostly caused by haste or lack of experience, have caused numerous compromises of mortgage data.

Let's look at some of the reasons why cloud storage can offer better security to a mortgage business:

  • Cloud facilities are physically secure; your building is not. Anyone who walks into your office can see what machines you’re using. Even with normal building security, someone might be able to sneak in after hours and tamper with a computer or steal a hard drive. Even someone surreptitiously plugging in a malicious USB stick during business hours might be enough. Cloud facilities are in locked buildings that allow few visitors and have careful check-in procedures at all times.
  • Data on a cloud server is always backed up. Your data will be stored in more than one location at all times, so a disk failure or even a disaster in one place won't wipe out your information.
  • Your data is isolated from other software. On a desktop system, the general rule is that any of your software can access any of your files. A weakness anywhere in your system can compromise confidential customer data. On a cloud system, only authorized software has access to your data; there is no risk of email downloads or malicious web pages accessing your system.
  • Data transfer between branches is secure. If you use ordinary email to send a document to a co-worker at another location, it passes through one or more mail servers without encryption and is vulnerable to interception. When you transfer data through a cloud service, it is encrypted both going in and coming out.
  • Cloud service software is always up to date. Keeping your operating system and software up to date all the time is a lot of work, especially when you have other work to do. But old software tends to have known security defects. Because a cloud business must provide the most reliable servers possible, it updates its software promptly and regularly.
  • A cloud service monitors its computers. Cloud service providers are always monitoring their hardware; if anything goes wrong, the problem is caught and remedied quickly. This same level of monitoring is nearly impossible to maintain at a busy mortgage office.

Aside from these technical factors, "people factors" also make the cloud more secure for mortgage companies than their own desktop machines:

  • Security is at the core of a cloud business. At a mortgage business, the first concern is mortgages. It's easy to neglect security for the sake of getting work done. For a cloud service provider, keeping data safe is the work they do.
  • Cloud servers don't engage in risky behavior. Unlike the average employee, cloud servers never accidentally open a spam email or browse websites out of curiosity. Even the most innocent click of a mouse can endanger your data.
  • A full-time staff is always ready to deal with problems. A cloud service utilizes monitoring software, which is always watching for breaches and suspicious activity. If the monitoring software detects something has gone wrong, trained staff members will deal with it quickly. On your local computer, if a breach occurs outside business hours, the attacker might have hours to exploit it before anyone notices.
  • A specialized cloud service provider has security expertise tailored to your industry. When you choose a cloud service that specializes in your area of business (e.g. finance), it employs experts who understand the risks and requirements that are specific to handling your type of data.

Of course, everything we have listed here assumes that you're dealing with a reputable, competent cloud service provider. Anyone can claim to provide "cloud computing," but you have to know what you're really getting. Using insecure cloud services to transfer loan documents is actually the riskiest way to transfer them—even worse than email. Consumer-quality file sharing systems and cloud systems specifically designed for security are two completely different things.

You need a service with a strong reputation for security and privacy. Even your own access to the service should entail strong security protocols. You need a written guarantee that the service will protect your data from unauthorized access. And for finance-related businesses, the service needs to satisfy all applicable regulations and guarantee security compliance.

At Access Business Technologies, we understand the mortgage business. ABT provides a cloud-based platform called MortgageWorkSpace®, which meets all of a mortgage company's storage and security needs. MortgageWorkSpace® meets SSAE 16 Type II standards and meets or exceeds all regulatory requirements, while still granting secure access to authorized users from any location. Contact us to learn more.

Learn More

Topics: cybersecurity cloud storage

October is National Cybersecurity Awareness Month

National_Cybersecurity_Awareness_Month.jpgEvery October since 2004, the United States has observed National Cybersecurity Awareness Month. Computer security is always important, but the month when spooks, zombies, and demons are on display is a fitting time for the mortgage business to give it focused attention.

In last year's proclamation, President Obama said, "I urge all Americans to take measures to decrease their susceptibility to malicious cyber activity, including by choosing stronger passwords, updating software, and practicing responsible online behavior."

The Department of Homeland Security and the National Cyber Security Alliance are major forces behind the month's events. Weekly themes will include:

  • October 3–7: Every Day Steps Towards Online Safety with Stop.Think.Connect.™
  • October 10–14: Cyber from the Break Room to the Board Room
  • October 17–21: Recognizing and Combating Cybercrime
  • October 24–28: Our Continuously Connected Lives: What’s Your ‘App’-titude?
  • October 31: Building Resilience in Critical Infrastructure

The theme for this year is "Our Shared Responsibility." Security isn't a zero-sum game where stopping attackers means they'll just go somewhere else. When more businesses prevent breaches, there's less reward for criminals and therefore less incentive for them to keep trying. On the other hand, losing valuable data or paying ransomware demands doesn't just cost an institution—it gives the thieves more resources to fund their next exploit.

The mortgage business is a popular target for cybercrime because of the opportunity for financial gain. Security expert Jeff Bernstein warns of the increasing threat to mortgage companies, with damage already in the billions of dollars, and offers some simple advice: "Most security compromises happen because somebody is doing something that they shouldn’t do." Awareness of the right practices can greatly reduce risks.

Individuals and organizations, including businesses of all sizes, can become NCSAM Champions simply by registering online and pledging to take some constructive action to raise public or internal awareness.

Access Business Technologies is constantly at work promoting the best security practices for the mortgage business. Several areas are especially important in this field:

  • Authentication. Properly identifying customers prevents fraud through impersonation and identity theft. It is possible to do this without causing serious inconvenience.
  • Confidentiality. Guarding your clients’ personal information is vital. Submission of documents, storage on the company's data systems, transfer between employees, and storage on employee computers are all potential risk areas. Protecting confidentiality requires making sure that even the weakest points are strong.
  • Personal security practices. Each employee needs to be aware of security issues. Employees should avoid opening suspicious emails, and they should be even more cautious about opening unexpected attachments and following questionable links. They should take extreme care with which devices they plug into their computers and which applications they download.
  • Protection of portable devices. It is important to secure data on employees’ personal devices. Losing a laptop, phone, or tablet can lead to big trouble if the device holds unencrypted sensitive information. Any portable device that's authorized for sensitive customer data needs to be encrypted with a strong password, and portable devices that aren't encrypted should never hold such data.
  • Intrusion prevention. Mortgage businesses have to keep intruders out of computers and networks that hold sensitive data. Malware and spyware can get into a network through many paths and then steal information or damage data.
  • Protection against insider breaches. Theft by trusted employees is especially hard to stop, since they need to have access to data in order to do their jobs. In March of 2016, employees of Mount Olympus Mortgage Company allegedly stole loan files and took them to a competitor, Guaranteed Rate. Limitations on access and routine audits can reduce this kind of risk.
  • Breach detection. Monitoring systems are necessary to catch any breach as quickly as possible. Quick detection can limit the extent of the damage and allow a quicker recovery.
  • Remediation procedures. A mortgage business needs a plan of action to prepare for the possibility of sensitive information being compromised. Affected parties need to be notified without any cover-up or delay.

Last year, the Office of the Comptroller of the Currency issued a press release reminding everyone of the "risks that cyber threats pose to individual banks and thrifts, as well as the financial system as a whole."

Access Business Technology's software tools, including DeviceGuardian, DocumentGuardian, and EmailGuardian enable mortgage businesses to handle all aspects of the lending process in keeping with strict security compliance, without compromising convenience for customers. Contact us to learn how these tools can aid your business.

National Cybersecurity Awareness Month is an excellent time for mortgage businesses to review and tighten their procedures and to remind their customers of the importance of data security. Promoting general awareness with the hashtag #CyberAware and using the Stop.Think.Connect. Toolkit will encourage employees to do their part. Be a Champion and help to promote and institute best practices for protecting customer data.

Learn More

Topics: ABT MortgageWorkSpace cybersecurity

FFIEC Cybersecurity Assessment Tool: What You Should Know

FFIEC_Cybersecurity_Assessment_Tool.jpgBy now, you may have heard the hype surrounding the new assessment tool from the Federal Financial Institutions Examination Council (FFIEC). This powerful new tool is critically important to mortgage businesses of all sizes, enabling them to better evaluate the health and maturity of their cybersecurity systems. We’ve provided a comprehensive guide of the most important things you should know about the new FFIEC Cybersecurity Assessment Tool.

Is the Cyber Assessment Tool Required?

The Commonwealth of Massachusetts apparently takes the FFIEC tool very seriously. We understand that it sent notices to mortgage companies informing them that they must complete the audit this year (by the end of June, actually). Other states, however, have yet to require financial institutions to implement the tool.

Are there resources available to assist small businesses with using FFIEC tools?

Unfortunately, the truth is there's not a lot of help out there. The audit with an annual completion deadline clearly addresses larger organizations that have staff dedicated to cybersecurity. Even MBA conferences dealing with this issue generally focus on larger mortgage companies. When questioned about providing guidance for small shops, the panelists from one such conference said they had not worked with groups smaller than 75-100 employees. So, the devil is in the details for smaller companies.

Initial Takeaways

The audit required by the Cybersecurity Assessment Tool provides a baseline that tells you where your cybersecurity efforts stand at the moment. It is not a pass/fail test. It's meant to help you improve from year to year.

The FFIEC intended for the tool to help financial institutions understand their cybersecurity risks and how prepared they are to prevent attacks. The assessment tool can also inform the path you follow with respect to risk management.

The tool has two parts to it: the first is to assess risk inherent in the organization, and the second looks at your organization's maturity in addressing cyber controls. That should ease your mind, at least for the first year. To help you prepare, here are some commonly asked questions for first-time users.

  • What if an assessment question doesn't seem applicable to our office? How do we answer it?

    Do the best you can to answer questions as they apply to you. If something seems completely irrelevant to your operations, skip it, noting that it is not applicable to your business.
  • Doesn't skipping a question hurt your score?

    Don't worry about scores, at least for this year. Just answer the questions that seem relevant as truthfully as you can. By next year, we hope there will be more guidance from FFIEC (or those conference gurus). In the meantime, we learn as we go.

  • We are small. We do not have IT personnel on staff. What can we do?

    Stop going it alone. The answers to the assessment questions may open up an opportunity to reevaluate whether your business could gain by using mortgage cloud hosting services. Cloud  IT services let your employees concentrate on using their service strengths, while IT professionals help you stay abreast of the ever-evolving cybersecurity scene with vulnerability management solutions.

  • If you find yourself stumped, reach out for help.

    One Massachusetts client reached out for help understanding how the assessment questions applied to them. We were able to guide them through the process, and in the end, they provided answers to their auditor to obtain the certification Massachusetts required.

To talk more about the FFIEC assessment tool, mortgage IT services in the cloud, or other cybersecurity issues, please contact us.

Learn More

Topics: cybersecurity FFIEC