Mortgage Software Solutions Blog

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

4 Ways Loan Management Software Improves the Mortgage Experience

4 Ways Loan Management Software Improves the MortFinancial management software makes everyday interactions smoother for mortgage lenders.

Mortgage software has relied on legacy infrastructures and paper processes for far too long.

In almost every other sector, interactions between banking institutions and customers have moved online.

Web-based transactions for commerce are increasing annually. In 2017, global e-retail sales amounted to 2.3 trillion U.S. dollars and projections show a growth of up to 4.48 trillion U.S. dollars by 2021.  As retail transactions migrate away from brick-and-mortar, the rest of the banking world plays catch up.

In the mortgage world, loan management software offers lenders high-tech solutions to keep them on the cutting edge of the finance world.

Here are the 4 ways that loan management software improves the mortgage experience.

  1. Centralized Access to Document Management

Cloud-based domain services store data on the cloud instead of on a localized server. This gives mortgage companies access to business-critical data from virtually anywhere. Office PCs, employee-owned laptops, and even mobile devices can capitalize on business opportunities anywhere that lenders are interacting with clients.

Loan management software like MortgageWorkSpace (MWS) offers a “portal” or single point of entry to all employees with internet access.

Users can synchronize their user settings and application settings data to the cloud, providing a unified experience across their devices and reducing the time needed for configuring a new device.

Lenders prefer the speed and breadth of information that online-based software provides. When lenders have quick access, customers get quick responses and customer service is perceived as fast and convenient.

Not only does this portal make remote work possible, but it keeps things secure as the mortgage industry embraces the remote working environment.

  1. Improved Security for Client Data

This single point of access protects company assets through multi-factor authentication, ensuring that data remains secure.

Further cyber security measures are managed using Windows Defender, an anti-malware component that keeps intrusions at bay for all devices joined to the MortgageWorkSpace network.

With MWS, there is a cloud-based firewall protecting the devices joined to your lending company’s network as well.

When security events do happen, this software gives the company the ability to remove company data from a mobile device or PC via remote access. This means that even if an employee’s device is stolen, the mortgage software keeps sensitive personal and financial information safe from hackers. 

  1. Effortless Compliance

Running parallel with cyber security, this software handles compliance regarding data security without needing to purchase, integrate, or maintain separate compliance software. MSW has what the industry calls “built-in” compliance features.

Other compliance issues faced by the mortgage industry are included in MSW. Documentation, record keeping, document expiration, and record retention are all features of this platform. This means that lenders using this software are always prepared for an audit without the last-minute scramble.

 In comparison to wider umbrella software, this platform is specifically built and maintained by developers who know the mortgage world.

Developed by California-based ABT, the company is an industry leader and watches the horizon for mortgage legislation that will affect their product’s performance. Lenders using MSW can be sure their software is not only up-to-date with compliance but that it will on boarding the most important finance trends as they happen.

  1. Integration Builds Capacity

Though compliance features are built-in, the platform remains flexible so that your lending company can utilize applications that give a competitive edge.

The Mortgage BI (business intelligence) dashboard powered by Microsoft gives unrivaled visibility to company data. This leads to data-based business decisions that improve the bottom line.

Analysis isn’t limited by this platform’s own BI capabilities though. MSW is vendor neutral so it integrates with loan origination systems, CRMs, Saas apps, on-premises networks, and plenty of proprietary software that makes business run more smoothly.

The days of paper-heavy processes for buying houses are numbered.

Developers are producing these sophisticated platforms that make the mortgage process better.

New financial management software is cloud-based, safe, and expandable. Customers can now enjoy a seamless experience thanks to platforms that give mortgage lenders speed and flexibility in their work.

Good software means agile lenders, which in turn means happy customers.

Does your mortgage company have outstanding software that improves this end-to-end experience?

MortgageWorkSpace is the award-winning business solution that mortgage lenders need. Learn more by visiting ABT.

Image: Unsplash

Topics: mobile device security email security data security phishing multi-factor authentication Business Intelligence cybersecurity Mortgage BI mortgage documents cloud storage productivity mortgage business mortgage industry cloud-based data Housing Market Mortgage Lending disaster recovery MBA

Cyber Security Seatbelts Save Digital Lives

digital seatbeltsWear a seatbelt—navigate your cloud-based systems with safety in mind. 

“Safety first.”

It’s a pretty easy idea to agree on. We all think safety is important.

So what do we do when customers say we aren’t being safe enough?

2017 saw the largest consumer data breach in world history. Equifax made international headlines for a breach that exposed the personal information of as many as 143 million people.

As Equifax knows well, financial and credit-related information is extremely valuable to cyber criminals. Hacks of this kind need to be protected against.

Consumer Safety

After many years of unsafe automobiles, consumers were tired of dangerous cars. They demanded that the industry clean up its act to make vehicles safer. With a little help from activists, car makers complied.

With government regulations in place, riding in a car has changed. Now all cars are made with seatbelts and few people get into a car without buckling up.

The auto industry’s move towards standard safety precautions can teach finance folks a lesson about how to face consumer demand for safety.

Cyber Seatbelt

Safety precautions for automotive vehicles began with the simple safety belt.

The seatbelt of the mortgage industry is MFA security, which keeps data safe.

The safest “seatbelt” on the market, it’s time to implement multi factor authentication when your company migrates into the cloud.

For your staff, a cloud-based workspace makes work convenient and accessible. For cyber criminals, migration to the cloud means they have a doorway to try and break in.

Also known as MFA, multi factor authentication is a nearly fool-proof way to prevent the wrong people from accessing your company’s data.

MFA requires that employees accessing the cloud have to enter at least 2 forms of digital identification. MFA validates that the person logging into the system is who they say they are. Whether by a text message to their company phone or another form of ID, staffers are let in and hackers are kept out.

MFA is so secure, it has become the modern standard for financial institutions. It was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017. It was also listed as the standard for the mortgage industry in New York’s new cyber security legislation.

For any financial institution that works in the cloud, MFA is the first safety precaution that can protect both the company and consumers.

If MFA is the visible seatbelt, what are the airbags that provide safety behind-the-scenes?

Cyber Airbags

Email Guardian is a product developed by a US-based company specifically to keep financial information secure for mortgage companies.

Its main job is to watch business email. It checks URLs on incoming messages to watch for phishing attacks. It filters every link and tests linked sites to make sure they are clean. If a link is dangerous, this program catches it and breaks the link before your staff can click-through.

It protects companies from intrusion by providing comprehensive, multi-layered email security and content controls. A web-based application especially for financial institutions and big business, this application handles dynamic security precautions including email encryption and security tracking as well.

Just like how airbags provide a layer of cushioned protection for car drivers and passengers, this innovative technology provides layers of security to keep email hackers at bay and avoid catastrophe.

With MFA and Email Guardian combined, your company data remains out of harm’s way.

Lessons from the Auto Industry

Just as with unsafe automobiles, consumers are reacting to the Equifax disaster by demanding that something be done about info protection for credit companies and mortgage brokers.

Government regulators have begun to react as well. New York introduced groundbreaking legislation to regulate cyber security for financial institutions. Colorado and Vermont are following suit.

When consumers make an industry-wide demand, companies need to pay attention.

Since widespread consumer outrage over information leaks continues making news and influencing regulators, mortgage companies are wise to adopt security measures and establish a basis of protection for their customers.

In the same situation decades ago, auto manufacturers made serious efforts to improve consumer protection for their products. Today carmakers are seen by the public as one of the most safety-conscious industries.

Taking care of consumer data is important if lenders want to be seen in the same light in the future.

ABT’s cutting-edge Email Guardian application provides strict security breach protection and data leakage prevention. Contact us to learn more.

Image: VisualHunt.com

Topics: Mortgage Cloud Services cyber security email security data security social networking safety cybersecurity security mobile technology mortgage industry HUD Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit Housing Market network safety MBA

Why Mortgage Companies Need Built-In Compliance Tools

blog pic for Why Mortgage Companies Need Built-InBusiness data is available at your fingertips, but is it protected?

If your mortgage company isn’t talking about advanced data governance, you’ve missed the memo.

Mortgage companies around the world are facing 2018 with a regulatory backlash as a result of data breaches in the US and Europe.

Every company is scrambling to find the best cybersecurity options for financial data and figure out how to comply with stringent reporting regulations at the same time.

How can your mortgage company ensure that you are up-to-date with the newest industry standards in data governance?

Bolt-On vs. Built-In Data Governance

There are two types of compliance tools that financial institutions can use to follow the law.

Bolt-on refers to compliance tools that a business implements to interact with their existing computer-based financial systems.

Built-in refers to governance features that are part of the same computer system that they use to do their daily business activities including customer retention, storage, and database systems.

Bolt-on tools are a non-integrated option from the first wave of computer data compliance. Systems with built-in compliance features and built-in threat protection are the modern solution to meeting compliance standards.

Built-In Compliance Runs at the Speed of Business

The main issue with bolt-on tools is that they lack the visibility necessary to maintain compliance and keep moving at the pace of the company. For example, when working with outside vendors, mortgage companies are responsible for verifying vendor security.

The legal industry reports that using bolt-on tools can delay the on boarding of third-party vendors for up to 17 days and slow down overall revenue growth. Built-in options, due to being native to the system, move faster.

Built-ins can also coordinate with IT permissions on devices such as laptops and tablets used by third-party employees to access sensitive data. They offer high interactivity while bolt-on tends to offer single-process patches for cybersecurity issues.

As regulatory agencies push for never-before-seen requirements, bolt-on solutions don’t make financial sense anymore.

The True Cost of Built-On Compliance

Though switching to a new system is an investment, bolt-on solutions are actually more expensive in the end. The incremental investment is limitless; each new regulation requires a new patch.  

Instead, built-in systems work backwards by going all-in. They offer extreme security features that allow a company to scale back to the compliance limit.

Bolt-on solutions also cost man-hours. It creates busy work for employees who handle information instead of receiving a completed system report. When you factor in confusion and redundancy, the hours start to add up.

In the US, a time lag in reporting can mean trouble. New York State is blazing the trail for new cybersecurity regulations by mandating that mortgage companies have less than 72 hours to officially report a cyber attack or else face financial penalties.

With a built-in system, alerts are immediate and coverage is full from day one. Your financial services institution is protected from the risk associated with litigation and data breach.

Built-In Protection from Data Loss

ABT, a California-based company, has developed a platform for mortgage companies with built-in compliance tools called MortgageWorkSpace.

Systems like this take compliance out of employees’ hands and create strict policies that are enforced by the platform itself.

Since financial institutions are legally required to hold onto sensitive customer data for specific periods of time, a system like this allows the company to write the retention policy directly into the document management system. The system itself identifies, tags, and protects data for archive, even by custom query.

Integrated Security Features

Built-in systems have other data protection features that connect with employee activity.

For example, Felipe the Finance Director receives an email addressed from Ciara the COO but doesn’t notice that it isn’t from her company email address. Because the company email is integrated with the cybersecurity system, Felipe sees an alert that the sender’s email address is suspect and likely a phishing attempt.

Even if Felipe opens the email and clicks on an unsafe link, the system will take Felipe to a safe link where he is alerted again not to proceed. This type of security safety net is possible because built-in security can transparently see activity system-wide and isn’t limited to a single platform.

Built-in security tools helps catch phishing links, unsafe attachments, unsafe webpage links, malware, and spam so that breaches are prevented.

As data governance regulations increase in almost every global financial market, mortgage companies can remain compliant by implementing cybersecurity measures that are fast, transparent, complete, and save the company money in the long run.

The best way to meet these ever-rising regulations is to get outfitted with a platform that handles compliance as a built-in feature of the system.

MortgageWorkSpace is a business solution that allows mortgage companies to comply with full industry requirements regarding sensitive data. Learn more about cybersecurity for mortgage companies by visiting ABT.

Image: Unsplash

Topics: Mortgage Servicing in the Cloud Access Business Technologies MortgageExchange cyber security information security for mortgage companies DeviceGuardian MortgageWorkSpace data security mortgage company security financial data security multi-factor authentication Business Intelligence cybersecurity mortgage industry cloud-based data Housing Market

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

4 Reasons to Implement a Mortgage Business Intelligence Strategy

bim.jpgBI visuals help employees in the company get on the same page.

Business Intelligence (BI) has come a long way since its first implementation.

At its most basic, BI has always involved analyzing reports and performance information to allow companies to make decisions based on past activity.

At the complex level of present-day information gathering, BI handles large amounts of unstructured, seeming unrelated data and then makes utilitarian connections between data points.

Using modern BI, a company can turn information sets into successful business strategies that give them the edge on the market and long-term stability over their competitors. Nowadays companies even have access to industry-specific BI tools.

Can you imagine why the mortgage industry should harness this ability? Here are 4 reasons to implement a Business Intelligence Strategy in your mortgage company.

  1. Integrated BI for Complete Data

By integrating business intelligence, a mortgage company has the ability to gather data on their activity via an existing mortgage enterprise management system (EMS) and then work with that data using the BI module.

With two or more applications communicating seamlessly, administrators have all the company information at their fingertips.

Integrating BI with existing tools like EMS and CRM platforms makes the data sets more ample and complete.

  1. Improved Strategic Awareness

Integrated Mortgage BI goes beyond just connecting platforms. It develops a rich business intelligence data warehouse (BIDW) that forms the basis for future decisions.

The BI module has the capacity of building data model visuals that are easy to understand. Using the full range of information available, this feature processes information to make it actionable. Pulling information from all sources means providing the company with rich prescriptive and predictive analytics output.

The strategy of information awareness and fact-based decisions produces a positive influence on the bottom line.

  1. BI Accessibility Breeds Positive Change

It used to be that companies needed IT analysts to interface with the data and come up with insight. It was a management level activity shared between tech folks and decision makers in the company.

With an industry-specific BI strategy in place, everyday users in a mortgage company can view easy-to-understand level-specific data related to their work. Placing BI in employee dashboards empowers them to make informed decisions. It goes beyond IT data and links up with HR, employee metrics, customized dashboards, and more to give the power of data to employees at every level of the company.

Smart decisions go from being seen as top-down directives to using real information as the basis for decisions company-wide. This change in company culture has the benefit of increasing employee job satisfaction and efficiency, which also affects the bottom line.

  1. Industry-Specific Bi is Affordable

There are plenty of BI applications on the market. From Tableau to Microsoft, the tech industry has developed a plethora of BI platforms with a range of executions.

There are also visionary platforms like Salesforce that are extremely flexible but require in-house IT customization. They come with bells and whistles that aren’t meant for the mortgage industry.

Mortgage companies without the resources to create their own fit have a better option. Industry-specific software with ample performance ability is the sweet spot. A mortgage-specific BI tool like this is the most affordable choice.

Mortgage companies who implement this type of “goldilocks” platform will be able to harness the power of BI quickly and easily.

Mortgage BI, developed by the same Northern California-based company that produces the data-sharing software MortgageExchange™, is a perfect example of this type of “goldilocks” platform.

ABT’s takes Microsoft’s Power BI software and their own MortgageExchange and combines them for a leading example of how companies can harness the big-brand power of BI without being oversized or overpriced. Not too expensive, no surplus of addons, and customized to be just right for the finance industry.

BI offers huge improvements to every modern mortgage company’s business strategy. The improved strategic awareness will save your company from financial missteps and BI-generated visual representations of performance data will put employees on the same page across the company.

With BI implementation, companies can efficiently put their data to work and move forward with clear direction.

Contact ABT directly to learn about Mortgage BI business analytics for your bank, credit union, or mortgage company.

Image: VisualHunt.com

Topics: Cloud Services information security for mortgage companies data interface solution data security mortgage software integration Business Intelligence Mortgage BI security productivity mortgage business mortgage regulations mobile technology mortgage industry

Ransomware Alert: Don't Become a Victim of WannaCry Malware!

 

Ransomware Alert: Don't Become a Victim of WannaCry Malware!

You may have heard by now about the huge--global in scope--ransomware attack that happened May 12th and endured for three days into the following week. It's the largest ransomware attack to date, and has caused quite an uproar in the business world, disrupting and even dismantling some operations. What determines the severity of this attack, and others, for individual organizations? Vulnerabilities. If you don't want to become a victim of WannaCry malware--and nobody should--you need to learn more about the malware itself, and prevention methods. Let's start with a bit of background on WannaCry.

What gave birth to WannaCry Ransomware?

Cyber security experts point the finger at the National Security Agency (NSA). The NSA apparently discovered the vulnerability in Microsoft Windows operating systems some time ago and kept the information secret so it could exploit the vulnerability for its own intelligence activities. Earlier this year, a group calling itself ShadowBrokers leaked the code for NSA cyber spy tools, including NSA's hacking tool called EternalBlue, online. It didn't take long before cybercriminals were at work creating WannaCry ransomware. Once the infection got started, the trojan virus infected a certain number of computers and then began to spread like wildfire using the vulnerability in the Windows Server Message Block to infect other computers on the same networks and then to connected networks.

Are all Windows operating systems at risk?

When Microsoft learned of the vulnerability, the company created security patches for all the updated operating systems which it released this past March. For those computers who update their operating systems through Windows Update automatic feature, the vulnerability no longer is an issue. Users can also manually update the security patch. Consider yourself fortunate if you did this.

Before the attack, the problem still was an issue with respect to legacy-operating systems Windows XP, Windows 8, and Windows Server 2003, which are no longer supported by the Microsoft security patches. However, after the attacks were discovered, Microsoft made security patches available to those legacy systems. Users who run one of these legacy systems and have not installed the security patches, should do so immediately, and of course, from a secure server.

A Serious Global Issue

How many computers are we talking about? Within a few hours of the attack the virus affected more than 100 countries and infected more than 200,000 computers. Unlike most viruses, WannaCry did not seem to rely on emails for the initial contact. It does appear that the virus propagated itself once it invaded a certain number of computers and did not rely on users to click on an email.

Where was the attack centered?

Russia and China were hardest hit. Russia's infection spread to 1,000 computers in its Interior Ministry as well as banks and mobile phone systems. In China, however, the virus infected more than 30,000 computers, many of them universities. China is vulnerable to cyber attacks because it encourages the use of pirated software.

The virus infected Federal Express here in the United States in the initial attack but the virus does not appear to have affected any U.S. government systems. The virus attacked telecommunications systems and gas utilities in Spain and France's Renault automobiles had to stop production.

What was the ransomware demand?

The demand and payment make this attack interesting. The virus encrypted files and then sent a screen message demanding $300 worth of Bitcoin. If the ransom remained unpaid after three days, it increased to $600 worth of Bitcoin. After seven days without payment, the ransomware threatened to destroy the encrypted files and all data would disappear forever. Researchers found only three Bitcoin wallets with a total of only about $50,000 in payments. For such a widespread attack, these numbers are quite low. Security experts say the attackers were not set up very well for Bitcoin payments.

Protecting yourself against ransomware

You've heard most of this advice before but it still holds true, and more so when attacks like this occur. Know that they will continue to happen, so just because you weren’t attacked this time, doesn’t mean you won’t be vulnerable in the future. Cybercriminals are often intelligent and quite sophisticated with their attacks, often upping the ante from any previous large-scale ones. You might be familiar with the following, but all across the world people still do these:

  • Don't click on emails if you don't recognize the sender. It’s simple. Just don’t do it.
  • Do not click on unknown attachments. Curiosity gets the best of us, but don’t let it dismantle your entire organization.
  • The same is true for links in emails. They aren’t harmless, and even when they are in an email from a familiar email address, check it!
  • Enable your Windows Update function so that all security patches update when released. This way you won't forget to do it.
  • Perhaps most important of all is to back up files on a separate server from the main computer. Consider backing up to the cloud or using an external drive that unplugs when not in use.
  • Users of legacy Windows operating systems may want to consider upgrading as soon as possible since they are longer supported by Microsoft patches.

Depending on your business type--some are more often targeted--the above will only help limit some attacks. Don’t be that business that thinks you won’t be targeted. Your operating expenses should have a high-priority line item for this type of protection. Why? If your business is severely impacted, nothing else will matter. If you don’t have the manning or systems in place now, consider a cloud-based solution, such as DeviceGuardian™ that can easily be installed on any existing or new devices. This allows Access Business Technologies to securely manage all of your mortgage software, data, and users. The best part of this is that ABT takes one of the most important aspects of your business off your plate, efficiently and effectively managing your data security  without skyrocketing your company’s expenses.  

In other news of the when-it-rains-it-pours variety, DocuSign confirmed today that hackers maliciously accessed a separate non-core system and stole more than 100 million email addresses from the company - only email addresses. The hackers took no personal information or addresses. Just another indication, however, that everyone needs to stay vigilant. Cyber criminals make a living off of your vulnerabilities.

As mentioned earlier, even if you weren’t attacked this time around, it doesn’t mean your company’s backend won’t be targeted next time. To find out how to protect your company from making negative headlines like DocuSign and FedEx contact us. ABT has an internal department that monitors all viruses, scams, malware, ransomware, cyber-attacks, etc. We work closely with hundreds of Microsoft IT security team members and have developed a cyber-security solution that we have successfully executed for more than 500 mortgage companies, banks, and credit unions.
Topics: Access Business Technologies cyber security data security malware

3 Tools to Avoid Compliance Risks with Data and Electronic Documents

Compliance-Risk-with-Data-and-Electronic-Documents.jpg

Picture this. Your company has decided to provide end-to-end mortgage services for a new client. To make document sharing easier, you activate a remote login account so that they can have access to consumer reports. Hackers gain access on the client's end, steal the remote login credentials, and grab sensitive information. Unfortunately, this is not a hypothetical situation.

This happened to a mortgage lender back in 2008. 2008? That was 9 years ago, yet the FTC still uses this case as one of their prime examples of a security lesson taught the hard way. This company didn't protect vital data, and the FTC is strictly auditing them until the year 2028!

This is what can happen when your mortgage company creates compliance risks with data and electronic documents. It's a lot cheaper, we'd say, to invest in better data security than to lose the goodwill of your customers and have to defend yourself legally and face other consequences connected with a data breach.

Here's what you need for maximum security and full compliance.

Office 365 Mortgage™

With Office 365 Mortgage™, you are using all of the productivity features that Office 365 offers. Plus, it's configured to work right alongside your mortgage software for maximum security. How does it keep data safe?

  • One Password, One Portal - Users have secure, single-sign-on access, which helps combat issues that revolve around password reuse and other weaknesses. When you hire someone, there is only one account and password to set up, and when someone leaves, you only have one account and one password to delete.

  • Rest Easy With Built-In Security - Microsoft gives you three layers of security and also guards your business email with industry-leading anti-spam and anti-malware defense.

  • Prevent Data Theft - Security is a priority at Microsoft data centers, but simply deploying Office 365 straight out of the box cannot single-handedly keep your data safe. Mortgage businesses need additional layers of protection. This is why we step in and use complex configurations and custom-written software to make Office 365 Mortgage™ exceed banking standards.

MortgageExchange®

Mortgage companies typically rely on human intervention to determine inconsistencies in their paperwork. Two or three different people will either enter the data into a system to cross-check against each other for inconsistencies; or, businesses will use OCR systems to automatically recognize text and numbers. Both of these methods require a certain amount of human intervention to audit inconsistencies, perform exception processing, and control data quality.

MortgageExchange® eliminates the need to re-key data between origination, servicing, core systems, and accounting. In this way, you seamlessly connect people, processes, partners, and information across dissimilar systems, while eradicating data re-entry, costly errors, and security issues at the same time.

Errors in documents can be as simple as a name misspelled or a wrong number in an address, or as serious as incorrect loan amounts or missing pages. All of these errors cause delays in closing, and incorrect loan amounts can have major consequences for the downstream systems processing the loan.

DocumentGuardian

DocumentGuardian is a comprehensive document management system designed specifically for the mortgage industry. It is a cloud-based email service that provides secured encryption and transfer of files, pictures, and documents.

It starts by providing the borrower with a secure and easy way to send their NPI (Non-Public Information) documents without registering or creating a password. Compliance auditors recommend this type of security because, unlike box-type file sharing apps, it stores your documents in our secure data center only; not on individual computers and mobile devices.

Unfortunately, mortgage companies and financial institutions are still extremely vulnerable. With threats growing bigger every day, it is now more critical than ever for businesses to develop an information security plan and make sure that their vendors and other third-parties are covered too.

The non-profit Online Trust Alliance (OTA) warns that the "cyber landscape has changed dramatically just over the past 12 months," with organizations both large and small being the victims of attacks. Housingwire Magazine reports that numerous mortgage companies are now increasing security because of these significant incidents:

  • Thieves walked away with $80 million in 2016 during a cyber attack at the Federal Reserve.
  • 2017 started out with London-based Lloyds Banking Group experiencing a two-day-long distributed denial of service (DDoS) attack.

Employee breaches are also happening. In 2016, a jury awarded Mount Olympus Mortgage Company (MOMC) more than $25 million for their claims against Guaranteed Rate, another mortgage lender. These claims alleged that Guaranteed Rate, along with former employees of MOMC, illegally transferred hundreds of loan files from MOMC's internal systems to Guaranteed Rate's.

In today’s digital world, it is more important than ever to protect vital information and documents from these cyber thieves—both internally and externally—and to stay compliant with industry regulations that are becoming more stringent in response. Please contact us today at Access Business Technologies to learn more.
Topics: Compliance data management for mortgage companies data security

Easing Mortgage Customers’ Concerns About Giving Out Private Information

easing-mortgage-customer-concerns.jpgIn order to apply for a mortgage, borrowers must turn over some very personal information. So it comes as no surprise that many borrowers are concerned with the security of their mortgage lenders’ networks.

What will happen, they wonder, if a hacker does come after your company? Are you an easy target, or do you have the security in place to keep their vital financial information from being stolen?

When you have the best tools and security systems in place for your mortgage company, you can ease your customers concerns and make it easier for you both to sleep at night.

DeviceGuardian™ Protects Every Device Used by Your Company

Chances are, users throughout your company are using their own devices to access the company’s network, applications, and files. With device management software like DeviceGuardian™, every device is protected—no matter when or where it’s being used. You don't have to worry about whether private customer information will be stolen from an employee's phone, tablet, or laptop when DeviceGuardian™ is there, keeping a virtual eye on every aspect of your security.

Security Built for Mortgage Companies

There are plenty of security companies out there that provide hosted IT services for a variety of organizations. Those security companies are great, but they aren't focused on the threats that are specific to your industry.

When you use Access Business Technologies’ cloud IT services, you can reassure your clients that their private financial data is being protected by a security company that knows the mortgage industry just as well as you do—and that we're taking the steps necessary to ensure their privacy.

The financial industry requires a high level of security compliance in order to ensure that every device and every customer is protected. We're here to rise to the challenge, creating confidence in your borrowers that their information will not be stolen from your system.

Safer Emails That Protect Every Communication

Emails containing private details of your borrowers' finances pass through your system every day. If your borrowers are leery about sharing that information through email, you can offer them the reassurance that your email security is in full compliance.

You aren't working with a company that has a generic security solution for every business. Access Business Technologies offers email compliance guarantees specifically for financial institutions. That means that your email is automatically encrypted, providing an additional layer of protection for all of your customers. It's also immediately archived, which means that if you need to check back over previous discussions, that information is right there for you to view.

24/7 Support Means You're Always Protected

Security threats can arise at any time of the day or night. When it comes to information security, however, response time matters. When you use Access Business Technologies, you have 24/7 support that will provide fast answers in the event that your site is compromised.

Security isn't just about protecting against threats; it's about how you respond when a threat occurs. Let your clients know that if you are hacked, your business is prepared to respond quickly and efficiently. We'll know right away if a threat does occur, and we'll be ready to answer that threat as soon as possible.

Security across every device you use, from the phone or tablet in your hand to your desktop computer or even the cloud, is a critical part of ensuring your customers' security. At Access Business Technologies, we provide the high level of security that's necessary for a mortgage company to reassure their customers and themselves that their private information will be kept private.

If you're ready to start easing mortgage customers' concerns—not to mention soothe your own—contact us today to learn more about the security help we can offer your business. Your borrowers need security. We're here to provide it.

Learn More

Topics: DeviceGuardian data security

5 Things You Should Do Now to Prevent a Data Breach

5_Things_You_Should_Do_Now_To_Prevent_A_Data_Breach_.jpg

Mortgage providers are responsible for managing people's personal and financial information in relation to their most valuable asset: their homes.

For many businesses, this is cause for concern, as large corporations appear in the news every other day as a result of another significant data breach. This causes many mortgage companies to wonder (and worry about) how to prevent a data breach from happening to them.

The following are five tips that your mortgage company can implement today to begin securing your systems from a cyberattack. These tips will also help you provide better customer service by protecting personal identification information.

1. Implement Secure Passwords

There are many criteria to be met when creating a secure password, and it’s important that your entire team understands and adheres to these best practices.

Your first step should be to improve education for employees on how to handle password creation. Whether in the form of a company-wide memo, a formal training session, or an online tutorial, training should be thorough and easy to understand. Mortgage companies should make concerted efforts to inform employees on how to create a strong, secure password.

The right vulnerability management solution will require employees to create passwords that include more than just letters or numbers. Passwords should include a combination of letters (lowercase and uppercase), numbers, and characters, in order to create a password that can’t be cracked by hackers.

Multi-factor authentication should also be implemented throughout your business to ensure employees are protected if their login information falls into the wrong hands.

2. Insulate Database Information Depending Upon Needs

Underwriters require specific information that may not be relevant to customer service or sales team members. Although many businesses are tempted to keep as much information as possible in their CRM for more targeted marketing, mortgage companies have so much information on their customers that it is essential to separate customers’ sensitive information from the general contact information necessary for CRM systems.

3. Enact Employee Education Protocols

One of the greatest areas of vulnerability for a business is its employees. The Stuxnet virus, which targeted Iran's nuclear program, was downloaded onto thumb drives by engineers off-site and transported into the secure computer systems managing the centrifuges. In this example, no amount of internal security could protect them from the mistakes of their employees outside of the facility. The fact of the matter is that employees are the most uncontrollable aspect to your business.

Provide company-wide education, and enstate policies that ensure your employees use strong passwords, separate work and personal activities, do not subscribe work email addresses for marketing or political emails, and understand what to do when they are the target of a phishing email, "virus alert" pop-up, or any of the other tactics used by cyber criminals to target unwary computer users.

4. Educate Customers On Privacy, Identity, and CyberSecurity

For mortgage companies, customers are a vulnerability that are completely outside your business's work systems. A customer can be the target of mortgage cyber-attackers perpetrating fraud by mirroring your website, causing possible loss of services and capital.

Make your customers aware of the methods you use to contact them. If you have an outbound call department for customer service or sales, ensure that it follows industry practices, and teach customers how to identify if a call is from you. It is also a good idea to provide generally trusted phone communication information (never give out certain information to an untrusted number, ask for a call-back number and look it up, etc.).

Set up policies for predictable methods of managing customer accounts and inform customers of those policies. For example, make it a policy to never ask for any account information via email, only set appointments on the phone, or use multi-factor identity verification.

5. Outsource With a Trusted Mortgage Services Provider

Finally, it is important to understand that many small mortgage companies do not have the IT staff necessary to properly manage their internal security. With cloud-based mortgage systems like those from ABT, there are options for outsourcing IT and data management to experts in the industry who are able to provide high-quality and secure mobile management software.

Rather than facing all the risk internally—including vetting IT security team members, who are inherent risks for an organization—outsource it! Access Business Technologies, a leader in providing virtual workspaces for mortgage companies, has a leadership team with 15 years of success providing secure systems to mortgage businesses. We provide dedicated account executives to ensure that they understand your business processes and needs, and work with a network of local IT technicians so that on-premise IT problems can be solved in 24 hours or less.

Outsourcing means you will have professional IT services at your fingertips and ready to scale your business, whether you have ten branches or hundreds. A good IT outsourcing team will not be tied to any one software system, but will have the tools and experience necessary to manage any software and hardware. Contact us for more information on outsourcing IT.

Learn More

Topics: data security mortgage company security