<img src="http://www.mon-com-net.com/58465.png" style="display:none;">

Mortgage Software Solutions Blog

Ransomware Alert: Don't Become a Victim of WannaCry Malware!

 

Ransomware Alert: Don't Become a Victim of WannaCry Malware!

You may have heard by now about the huge--global in scope--ransomware attack that happened May 12th and endured for three days into the following week. It's the largest ransomware attack to date, and has caused quite an uproar in the business world, disrupting and even dismantling some operations. What determines the severity of this attack, and others, for individual organizations? Vulnerabilities. If you don't want to become a victim of WannaCry malware--and nobody should--you need to learn more about the malware itself, and prevention methods. Let's start with a bit of background on WannaCry.

What gave birth to WannaCry Ransomware?

Cyber security experts point the finger at the National Security Agency (NSA). The NSA apparently discovered the vulnerability in Microsoft Windows operating systems some time ago and kept the information secret so it could exploit the vulnerability for its own intelligence activities. Earlier this year, a group calling itself ShadowBrokers leaked the code for NSA cyber spy tools, including NSA's hacking tool called EternalBlue, online. It didn't take long before cybercriminals were at work creating WannaCry ransomware. Once the infection got started, the trojan virus infected a certain number of computers and then began to spread like wildfire using the vulnerability in the Windows Server Message Block to infect other computers on the same networks and then to connected networks.

Are all Windows operating systems at risk?

When Microsoft learned of the vulnerability, the company created security patches for all the updated operating systems which it released this past March. For those computers who update their operating systems through Windows Update automatic feature, the vulnerability no longer is an issue. Users can also manually update the security patch. Consider yourself fortunate if you did this.

Before the attack, the problem still was an issue with respect to legacy-operating systems Windows XP, Windows 8, and Windows Server 2003, which are no longer supported by the Microsoft security patches. However, after the attacks were discovered, Microsoft made security patches available to those legacy systems. Users who run one of these legacy systems and have not installed the security patches, should do so immediately, and of course, from a secure server.

A Serious Global Issue

How many computers are we talking about? Within a few hours of the attack the virus affected more than 100 countries and infected more than 200,000 computers. Unlike most viruses, WannaCry did not seem to rely on emails for the initial contact. It does appear that the virus propagated itself once it invaded a certain number of computers and did not rely on users to click on an email.

Where was the attack centered?

Russia and China were hardest hit. Russia's infection spread to 1,000 computers in its Interior Ministry as well as banks and mobile phone systems. In China, however, the virus infected more than 30,000 computers, many of them universities. China is vulnerable to cyber attacks because it encourages the use of pirated software.

The virus infected Federal Express here in the United States in the initial attack but the virus does not appear to have affected any U.S. government systems. The virus attacked telecommunications systems and gas utilities in Spain and France's Renault automobiles had to stop production.

What was the ransomware demand?

The demand and payment make this attack interesting. The virus encrypted files and then sent a screen message demanding $300 worth of Bitcoin. If the ransom remained unpaid after three days, it increased to $600 worth of Bitcoin. After seven days without payment, the ransomware threatened to destroy the encrypted files and all data would disappear forever. Researchers found only three Bitcoin wallets with a total of only about $50,000 in payments. For such a widespread attack, these numbers are quite low. Security experts say the attackers were not set up very well for Bitcoin payments.

Protecting yourself against ransomware

You've heard most of this advice before but it still holds true, and more so when attacks like this occur. Know that they will continue to happen, so just because you weren’t attacked this time, doesn’t mean you won’t be vulnerable in the future. Cybercriminals are often intelligent and quite sophisticated with their attacks, often upping the ante from any previous large-scale ones. You might be familiar with the following, but all across the world people still do these:

  • Don't click on emails if you don't recognize the sender. It’s simple. Just don’t do it.
  • Do not click on unknown attachments. Curiosity gets the best of us, but don’t let it dismantle your entire organization.
  • The same is true for links in emails. They aren’t harmless, and even when they are in an email from a familiar email address, check it!
  • Enable your Windows Update function so that all security patches update when released. This way you won't forget to do it.
  • Perhaps most important of all is to back up files on a separate server from the main computer. Consider backing up to the cloud or using an external drive that unplugs when not in use.
  • Users of legacy Windows operating systems may want to consider upgrading as soon as possible since they are longer supported by Microsoft patches.

Depending on your business type--some are more often targeted--the above will only help limit some attacks. Don’t be that business that thinks you won’t be targeted. Your operating expenses should have a high-priority line item for this type of protection. Why? If your business is severely impacted, nothing else will matter. If you don’t have the manning or systems in place now, consider a cloud-based solution, such as DeviceGuardian™ that can easily be installed on any existing or new devices. This allows Access Business Technologies to securely manage all of your mortgage software, data, and users. The best part of this is that ABT takes one of the most important aspects of your business off your plate, efficiently and effectively managing your data security  without skyrocketing your company’s expenses.  

In other news of the when-it-rains-it-pours variety, DocuSign confirmed today that hackers maliciously accessed a separate non-core system and stole more than 100 million email addresses from the company - only email addresses. The hackers took no personal information or addresses. Just another indication, however, that everyone needs to stay vigilant. Cyber criminals make a living off of your vulnerabilities.

As mentioned earlier, even if you weren’t attacked this time around, it doesn’t mean your company’s backend won’t be targeted next time. To find out how to protect your company from making negative headlines like DocuSign and FedEx contact us. ABT has an internal department that monitors all viruses, scams, malware, ransomware, cyber-attacks, etc. We work closely with hundreds of Microsoft IT security team members and have developed a cyber-security solution that we have successfully executed for more than 500 mortgage companies, banks, and credit unions.
Topics: Access Business Technologies cyber security data security malware

3 Tools to Avoid Compliance Risks with Data and Electronic Documents

Compliance-Risk-with-Data-and-Electronic-Documents.jpg

Picture this. Your company has decided to provide end-to-end mortgage services for a new client. To make document sharing easier, you activate a remote login account so that they can have access to consumer reports. Hackers gain access on the client's end, steal the remote login credentials, and grab sensitive information. Unfortunately, this is not a hypothetical situation.

This happened to a mortgage lender back in 2008. 2008? That was 9 years ago, yet the FTC still uses this case as one of their prime examples of a security lesson taught the hard way. This company didn't protect vital data, and the FTC is strictly auditing them until the year 2028!

This is what can happen when your mortgage company creates compliance risks with data and electronic documents. It's a lot cheaper, we'd say, to invest in better data security than to lose the goodwill of your customers and have to defend yourself legally and face other consequences connected with a data breach.

Here's what you need for maximum security and full compliance.

Office 365 Mortgage™

With Office 365 Mortgage™, you are using all of the productivity features that Office 365 offers. Plus, it's configured to work right alongside your mortgage software for maximum security. How does it keep data safe?

  • One Password, One Portal - Users have secure, single-sign-on access, which helps combat issues that revolve around password reuse and other weaknesses. When you hire someone, there is only one account and password to set up, and when someone leaves, you only have one account and one password to delete.

  • Rest Easy With Built-In Security - Microsoft gives you three layers of security and also guards your business email with industry-leading anti-spam and anti-malware defense.

  • Prevent Data Theft - Security is a priority at Microsoft data centers, but simply deploying Office 365 straight out of the box cannot single-handedly keep your data safe. Mortgage businesses need additional layers of protection. This is why we step in and use complex configurations and custom-written software to make Office 365 Mortgage™ exceed banking standards.

MortgageExchange®

Mortgage companies typically rely on human intervention to determine inconsistencies in their paperwork. Two or three different people will either enter the data into a system to cross-check against each other for inconsistencies; or, businesses will use OCR systems to automatically recognize text and numbers. Both of these methods require a certain amount of human intervention to audit inconsistencies, perform exception processing, and control data quality.

MortgageExchange® eliminates the need to re-key data between origination, servicing, core systems, and accounting. In this way, you seamlessly connect people, processes, partners, and information across dissimilar systems, while eradicating data re-entry, costly errors, and security issues at the same time.

Errors in documents can be as simple as a name misspelled or a wrong number in an address, or as serious as incorrect loan amounts or missing pages. All of these errors cause delays in closing, and incorrect loan amounts can have major consequences for the downstream systems processing the loan.

DocumentGuardian

DocumentGuardian is a comprehensive document management system designed specifically for the mortgage industry. It is a cloud-based email service that provides secured encryption and transfer of files, pictures, and documents.

It starts by providing the borrower with a secure and easy way to send their NPI (Non-Public Information) documents without registering or creating a password. Compliance auditors recommend this type of security because, unlike box-type file sharing apps, it stores your documents in our secure data center only; not on individual computers and mobile devices.

Unfortunately, mortgage companies and financial institutions are still extremely vulnerable. With threats growing bigger every day, it is now more critical than ever for businesses to develop an information security plan and make sure that their vendors and other third-parties are covered too.

The non-profit Online Trust Alliance (OTA) warns that the "cyber landscape has changed dramatically just over the past 12 months," with organizations both large and small being the victims of attacks. Housingwire Magazine reports that numerous mortgage companies are now increasing security because of these significant incidents:

  • Thieves walked away with $80 million in 2016 during a cyber attack at the Federal Reserve.
  • 2017 started out with London-based Lloyds Banking Group experiencing a two-day-long distributed denial of service (DDoS) attack.

Employee breaches are also happening. In 2016, a jury awarded Mount Olympus Mortgage Company (MOMC) more than $25 million for their claims against Guaranteed Rate, another mortgage lender. These claims alleged that Guaranteed Rate, along with former employees of MOMC, illegally transferred hundreds of loan files from MOMC's internal systems to Guaranteed Rate's.

In today’s digital world, it is more important than ever to protect vital information and documents from these cyber thieves—both internally and externally—and to stay compliant with industry regulations that are becoming more stringent in response. Please contact us today at Access Business Technologies to learn more.
Topics: Compliance data management for mortgage companies data security

Easing Mortgage Customers’ Concerns About Giving Out Private Information

easing-mortgage-customer-concerns.jpgIn order to apply for a mortgage, borrowers must turn over some very personal information. So it comes as no surprise that many borrowers are concerned with the security of their mortgage lenders’ networks.

What will happen, they wonder, if a hacker does come after your company? Are you an easy target, or do you have the security in place to keep their vital financial information from being stolen?

When you have the best tools and security systems in place for your mortgage company, you can ease your customers concerns and make it easier for you both to sleep at night.

DeviceGuardian™ Protects Every Device Used by Your Company

Chances are, users throughout your company are using their own devices to access the company’s network, applications, and files. With device management software like DeviceGuardian™, every device is protected—no matter when or where it’s being used. You don't have to worry about whether private customer information will be stolen from an employee's phone, tablet, or laptop when DeviceGuardian™ is there, keeping a virtual eye on every aspect of your security.

Security Built for Mortgage Companies

There are plenty of security companies out there that provide hosted IT services for a variety of organizations. Those security companies are great, but they aren't focused on the threats that are specific to your industry.

When you use Access Business Technologies’ cloud IT services, you can reassure your clients that their private financial data is being protected by a security company that knows the mortgage industry just as well as you do—and that we're taking the steps necessary to ensure their privacy.

The financial industry requires a high level of security compliance in order to ensure that every device and every customer is protected. We're here to rise to the challenge, creating confidence in your borrowers that their information will not be stolen from your system.

Safer Emails That Protect Every Communication

Emails containing private details of your borrowers' finances pass through your system every day. If your borrowers are leery about sharing that information through email, you can offer them the reassurance that your email security is in full compliance.

You aren't working with a company that has a generic security solution for every business. Access Business Technologies offers email compliance guarantees specifically for financial institutions. That means that your email is automatically encrypted, providing an additional layer of protection for all of your customers. It's also immediately archived, which means that if you need to check back over previous discussions, that information is right there for you to view.

24/7 Support Means You're Always Protected

Security threats can arise at any time of the day or night. When it comes to information security, however, response time matters. When you use Access Business Technologies, you have 24/7 support that will provide fast answers in the event that your site is compromised.

Security isn't just about protecting against threats; it's about how you respond when a threat occurs. Let your clients know that if you are hacked, your business is prepared to respond quickly and efficiently. We'll know right away if a threat does occur, and we'll be ready to answer that threat as soon as possible.

Security across every device you use, from the phone or tablet in your hand to your desktop computer or even the cloud, is a critical part of ensuring your customers' security. At Access Business Technologies, we provide the high level of security that's necessary for a mortgage company to reassure their customers and themselves that their private information will be kept private.

If you're ready to start easing mortgage customers' concerns—not to mention soothe your own—contact us today to learn more about the security help we can offer your business. Your borrowers need security. We're here to provide it.

Learn More

Topics: DeviceGuardian data security

5 Things You Should Do Now to Prevent a Data Breach

5_Things_You_Should_Do_Now_To_Prevent_A_Data_Breach_.jpg

Mortgage providers are responsible for managing people's personal and financial information in relation to their most valuable asset: their homes.

For many businesses, this is cause for concern, as large corporations appear in the news every other day as a result of another significant data breach. This causes many mortgage companies to wonder (and worry about) how to prevent a data breach from happening to them.

The following are five tips that your mortgage company can implement today to begin securing your systems from a cyberattack. These tips will also help you provide better customer service by protecting personal identification information.

1. Implement Secure Passwords

There are many criteria to be met when creating a secure password, and it’s important that your entire team understands and adheres to these best practices.

Your first step should be to improve education for employees on how to handle password creation. Whether in the form of a company-wide memo, a formal training session, or an online tutorial, training should be thorough and easy to understand. Mortgage companies should make concerted efforts to inform employees on how to create a strong, secure password.

The right vulnerability management solution will require employees to create passwords that include more than just letters or numbers. Passwords should include a combination of letters (lowercase and uppercase), numbers, and characters, in order to create a password that can’t be cracked by hackers.

Multi-factor authentication should also be implemented throughout your business to ensure employees are protected if their login information falls into the wrong hands.

2. Insulate Database Information Depending Upon Needs

Underwriters require specific information that may not be relevant to customer service or sales team members. Although many businesses are tempted to keep as much information as possible in their CRM for more targeted marketing, mortgage companies have so much information on their customers that it is essential to separate customers’ sensitive information from the general contact information necessary for CRM systems.

3. Enact Employee Education Protocols

One of the greatest areas of vulnerability for a business is its employees. The Stuxnet virus, which targeted Iran's nuclear program, was downloaded onto thumb drives by engineers off-site and transported into the secure computer systems managing the centrifuges. In this example, no amount of internal security could protect them from the mistakes of their employees outside of the facility. The fact of the matter is that employees are the most uncontrollable aspect to your business.

Provide company-wide education, and enstate policies that ensure your employees use strong passwords, separate work and personal activities, do not subscribe work email addresses for marketing or political emails, and understand what to do when they are the target of a phishing email, "virus alert" pop-up, or any of the other tactics used by cyber criminals to target unwary computer users.

4. Educate Customers On Privacy, Identity, and CyberSecurity

For mortgage companies, customers are a vulnerability that are completely outside your business's work systems. A customer can be the target of mortgage cyber-attackers perpetrating fraud by mirroring your website, causing possible loss of services and capital.

Make your customers aware of the methods you use to contact them. If you have an outbound call department for customer service or sales, ensure that it follows industry practices, and teach customers how to identify if a call is from you. It is also a good idea to provide generally trusted phone communication information (never give out certain information to an untrusted number, ask for a call-back number and look it up, etc.).

Set up policies for predictable methods of managing customer accounts and inform customers of those policies. For example, make it a policy to never ask for any account information via email, only set appointments on the phone, or use multi-factor identity verification.

5. Outsource With a Trusted Mortgage Services Provider

Finally, it is important to understand that many small mortgage companies do not have the IT staff necessary to properly manage their internal security. With cloud-based mortgage systems like those from ABT, there are options for outsourcing IT and data management to experts in the industry who are able to provide high-quality and secure mobile management software.

Rather than facing all the risk internally—including vetting IT security team members, who are inherent risks for an organization—outsource it! Access Business Technologies, a leader in providing virtual workspaces for mortgage companies, has a leadership team with 15 years of success providing secure systems to mortgage businesses. We provide dedicated account executives to ensure that they understand your business processes and needs, and work with a network of local IT technicians so that on-premise IT problems can be solved in 24 hours or less.

Outsourcing means you will have professional IT services at your fingertips and ready to scale your business, whether you have ten branches or hundreds. A good IT outsourcing team will not be tied to any one software system, but will have the tools and experience necessary to manage any software and hardware. Contact us for more information on outsourcing IT.

Learn More

Topics: data security mortgage company security

ABT Security Recommendations: Creating Stronger Passwords for Stronger Protection

Hackers are more persistent now than ever before, and they’ll stop at nothing to get at your sensitive data. International hackers are now specifically targeting mortgage companies because of the wealth of personal information contained in their systems. Mortgage businesses are among the largest security targets, due to the fact that they deal with the largest amount of personal information that can be used for identity theft.

Fortunately, protecting your mortgage business from security threats is possible, and though it may seem like common sense, strong passwords can be a crucial line of defense. Access Business Technologies (ABT) has a few recommendations for keeping your organization secure through strong passwords.

ABT-Security-Recommendations-Creating-Strong-PasswordsUpdate Passwords Regularly

The most important thing to remember about passwords is to change them regularly—at least once every three months. Having the same corporate or personal password for years and years leaves you very vulnerable to a security breach. Keeping the same password increases your chances that a previous hack, or attempted hack, that captured your password could be reused to finally crack your systems. If you systems don’t automatically force you to change your password, make sure to set a calendar reminder to change your password on a regular basis, and require your entire staff to do the same.

Longer Passwords are Stronger Passwords

The next step to creating a secure password is to make sure it is has enough characters. Each additional character you use makes the password more secure and exponentially more difficult to crack. In particular, if you are choosing from the 26 letters, 10 numbers and 10 symbols in your password selection, you have an enormous amount of combinations. With just 2 characters you have over 70 trillion different combinations. Even though this sounds like a lot, a decent computer could use "brute force" to try every combination in just a few hours and eventually crack your password. However, if you use 8 characters, as is now standard, you would have 3.5 x 10 to the 41st different combinations. Computers today are simply not powerful enough to try every possible combination to guess your password in reasonable amount of time.

We recommend that users have passwords at least eight characters long, utilizing a combination of symbols, numbers, and letters. Case-sensitive passwords with uppercase and lowercase letters can also expand the universe of potential passwords, making yours even more secure.

Avoid Personal Passwords

Although the number of combinations for a given password is very large, hackers know that you will not usually use a randomly generated password. Instead, you will use familiar names, words, and numbers. For that reason, it is important not to include your own name, your birth date, or your company name. In fact, using an incomplete word is best of all. If your favorite baseball team is the Boston Red Sox and you want to incorporate it into your password, you might use "BOstOnrEdoX!04.” While this combination would make sense to you, with the "S" missing from Sox and the 04 indicating the first year that they won the world series, a computer algorithm would have a much tougher time guessing this combination.

Another trick is to replace symbols for letters. These are easy for us to read but difficult for computer programs to guess. For example, substitute 3 for E, $ for S and @ for A or the word "and." For example, "best" could become "b3st", "standard" becomes "$tandard," and "badminton" becomes "[email protected]" Together, these tricks make your password much more difficult to hack.

Make Every Password Unique

Lastly, try to make sure that each password you choose is different from the previous ones that you have used. Each time that you change a password, use different semi-familiar words with different combinations of symbols, uppercase letters, lowercase letters and numbers. Make sure that each category is represented each time that you change passwords.

ABT is a leader in keeping mortgage businesses secure through our unique cloud platform. Remembering many different passwords, especially when they’re changing frequently, can be hard. Fortunately, ABT's MortgageWorkSpace® solution has a single sign-on (SSO) feature that securely stores all of your passwords in one place, so you only have to remember one “Master Password.” MortgageWorkSpace® also offers multi-factor authentication (MFA), which is now required for mortgage companies and which, in combination with SSO, further reduces potential security risks. For more information on how you can use our platform to help your business succeed and stay safe, please contact us.

Learn More

Topics: MortgageWorkSpace data security creating strong passwords

5 Ways DocumentGuardian Helps Mortgage Companies Protect Borrowers

protecting-borrowers-private-documentsCredit unions and mortgage companies are entrusted with some of clients’ most private information. From social security numbers to bank statements, it’s imperative that those companies are taking measured steps to protect borrowers and their private documents from cybersecurity threats.Often the borrowers themselves place their information in jeopardy when they send non-public information via unencrypted emails. This places many lenders in a predicament. Somehow, they must maintain trust, security, and compliance, without sacrificing client efficiency and convenience. Though achieving this balance was once a problem for mortgage companies, there is now a tool available that can do just that: DocumentGuardian. 

Here are five ways DocumentGuardian can help mortgage companies protect their borrowers and maintain regulatory compliance with ease.

  • Encourages Better Borrower Habits

The mortgage lending process requires borrowers to supply loan officers with a great deal of private and sensitive information. Unfortunately, most borrowers aren’t thinking about their own cybersecurity when they send that information. They often assume that because they are sending these files to a trusted source, their files are in good hands. 

These bad habits can not only result in borrowers’ information being intercepted or stolen, but they can also reflect poorly on the mortgage companies involved. When lenders are audited, government agencies blame them for any client-produced security blunders, and this blame isn't entirely misplaced. With pressure from customers and looming deadlines, some lenders are tempted to take careless security risks.

Responsible loan officers educate their clients on what they can and cannot send via unsecured email. After educating customers on the importance of sending non-public personal information (NPI) through secure means, lenders can use DocumentGuardian to provide them with an easy solution that encourages better security habits from the start.

  • Eases Pain Points

The truth is, customers are more concerned with avoiding pain points and inconvenience than they are with complying with regulations. So, it’s up to mortgage companies to ease any potential pain points, while still protecting their borrowers and maintaining compliance. Solutions like DocumentGuardian supply both mortgage companies and borrowers with a tool that makes sending and receiving client documents safe and easy, reducing the numerous clicks, passwords, and log-ins typically involved in secure transactions. 

DocumentGuardian offers clients a simple-to-use interface that allows them to securely send documents and information, eliminating their pain points and yours.

To use the feature, mortgage officers supply customers with a link to a private, secure webpage. For easy customer access, this link can even be included in the loan officer's email signature. The customer opens the link, without needing any logins or complicated passwords. Then, they simply drag and drop their documents to the secure web page. 

  • Stores Information Securely in the Cloud

Once the files are scanned for viruses, DocumentGuardian stores them in secure Cloud data centers, not on mobile apps or desktop hard drives where there is an increased risk of files being hacked. For this reason, compliance auditors prefer secure Cloud storage to file-sharing apps.

Secure storage benefits mortgage companies because there is no need to download additional software or security updates, and there is an added layer of protection that safeguards sensitive information. As part of the MortgageWorkspace suite of services, DocumentGuardian regularly updates to stay within regulatory compliance and to adapt to changing security demands. 

  • Transfers, Downloads, and Uploads Encrypted Files

When clients send NPI through open, unsecured connections, they run the risk of man-in-the-middle security breaches, among other types of attacks. During this type of breach, the hacker is able to monitor traffic and even intercept or compromise messages, such as emails. 

DocumentGuardian technology doesn't require a login. Instead, clients drag and drop their documents into a secure web page (click to view a sample page) through the link you have supplied. The documents are then uploaded to your secure file on the cloud. This completely eliminates the opportunity for hackers to read messages as they are sent and received. 

From there, the SSL 256-bit encrypted documents are accessed as needed. You are able to manage and further secure documents by setting an expiration date for documents that are only needed temporarily. 

  • Track and Record Activity

Once files are uploaded, the client gets a receipt that documents the transaction. On the lender side, all activity on the secure web page is logged and archived. In the event of an audit, this information is readily available.

 For most mortgage customers, few things are more daunting than complex paperwork. Ease customer pain points by supplying your clients with familiar drag-and-drop options. When the process is easier for them, it is easier for you too. DocumentGuardian is available to any user of MortgageWorkSpace. For more information on DocumentGuardian, the latest addition to ABT’s MortgageWorkSpace platform, please contact us.

Learn More

Topics: email security data security DocumentGuardian