<img src="http://www.mon-com-net.com/58465.png" style="display:none;">

Mortgage Software Solutions Blog

Email Security Tips Your Mortgage Customers Should Know

email_security_-1.jpgMortgage customers make heavy use of the Internet today. People are used to carrying on business with online forms and email, even where they'd have expected face-to-face meetings and paper just a few years ago. Online activity, especially email, carries risks of fraud and information theft. It's the responsibility of mortgage professionals to advise their customers on how to keep that risk low.

Tips for Customers

Here are some tips on email safety to pass on to your mortgage customers:

  • Avoid sending confidential information by email. It isn't a secure medium, and third parties can easily intercept it. Use online forms for submitting personal information, making sure you're using the right site. This applies especially to Social Security numbers, credit card numbers, and information on tax returns.

  • If you receive an unexpected request from your mortgage provider, be very wary. If someone asks you to email confidential information, don't treat that as an exception to this advice. Treat it as grounds for suspicion. When in doubt, call to make sure the request is legitimate.

  • If you get unexpected attachments or links, don't open them. Just as the customer shouldn't send email in place of a secure online form, they should expect that you won't send important information in email attachments. Any links you send should be to your own site or one that you've familiarized them with, not to some mysterious site they’ve never seen before.

  • Don't send mortgage-related email through a public wi-fi connection. Everything that's sent that way is transmitted without encryption, and it's not hard for someone nearby to intercept the data.

Understanding Phishing

It’s also important to educate customers about "phishing." Phishers impersonate legitimate operations—possibly your own business—to get people to download malware or turn over personal information. It's easy to forge email addresses or to use an address that appears to be from a trusted source.

Many users don't even see the email address. For the sake of convenience, a lot of client software shows only the display name and not the address. There's generally a way to check the address, such as tapping or hovering on the name. It's important to check the address before replying to an important email message to ensure it's the sender's real address.

An email message that demands an immediate response with the threat of dire consequences is probably phishing, unless the customer was already close to a deadline. One with unusually bad grammar and spelling is likely to be fake.

A message that asks the recipient to do a software update should raise an immediate red flag. Users should always do updates from the software itself, not from a link or attachment in a message.

If the message body doesn't mention the recipient's name, that's another sign of fakery. If it just says "Dear Customer," while calling for a personal response, it should be a dead giveaway.

Maintain High Standards in Your Own Mail

Give your own email a consistent appearance. That will help customers to know something could be wrong if it looks different. Include a standard signature with your contact information. Always greet the customer by name. Keep a consistent tone. Don't use formal language in one message and then address the customer as "u" in the next.

ABT's MortgageWorkSpace® Suite provides the tools you need for communicating safely with customers. EmailGuardian™ supports encrypted communication, guards against malicious links and attachments from mortgage cyber-attackers, and archives all mail. DocumentGuardian™ provides vulnerability management solutions through secure access to documents, without storing them on user devices. All documents are stored safely in our cloud data center.

With MortgageWorkSpace®, you can assure your customers that there will never be a need to use insecure methods of sending or receiving information. Please contact us to learn how you can improve the security of your customer interactions and keep client information safe.

Learn More

Topics: EmailGuardian email security

Understanding the Importance of Email Security for Mortgage Businesses

email_security_.jpg

Email is a big part of communication with mortgage applicants, but it poses many security problems. Companies are torn between their need to protect confidential financial information and the customer’s desire for convenience. Customers don't want to go through extra steps, but they'll be very unhappy if intercepted information leads to identity theft. So will mortgage employees. That's why mortgage businesses need to understand why email security is so important. 

Email standards emerged very early in the history of the internet, when security wasn't a serious concern, and unfortunately, they haven't improved a lot since then.

  • Senders can trivially impersonate other people, including their email addresses.
  • Mail goes through multiple hops, providing many opportunities to read mail in transit.
  • People often don't notice what address a message comes from, and some software even hides it.
  • Unsecure connections to mail servers are common. They send passwords as plain text, allowing for their interception.

A study by Halock Security Labs found that lenders often use unsecure email practices.

  • 70% of the loan officers in the study let applicants send tax documents and other financial information as unencrypted email attachments.
  • Only 12% provided a way of sending email securely.
  • Loan officers cited customer convenience over security as the reason for using email.

The American Land Title Association has issued rules specifying that non-public personal information, in connection with real estate sales, must be transmitted securely. It recommends adopting a written privacy and information security program for protecting such information, in order to comply with federal and state laws.

Some major services, such as Gmail, encrypt mail while it's moving between their own servers, but they can't do anything about the final hop if a message goes to a different host. People have created security measures, such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard), that attempt to provide vendor-independent, end-to-end encryption. Unfortunately, they are so clumsy to use that they have never caught on.

Passwords are another problem. Many people connect to mail servers using an unsecured connection, which means their passwords go through as plain text. If they combine this with an unsecured wi-fi connection, they're literally broadcasting their passwords for anyone nearby to steal. People who get mail through an application can and should use an SSL/TLS connection to their provider. This encrypts logins and other data in transit, and once they set it up, it simply works without the users having to do anything more.

Secure email portals use either a website, a special application, or an add-on to an existing application. They're a departure from how people normally send and receive their mail, but some are more disruptive than others. Finding an approach that provides security, without making customers unhappy, is a tricky balance.

The best solutions combine email and web technology. Email can notify people that information is waiting for them, and a password-protected web connection can deliver it securely.

ABT's DocumentGuardian™ is the safest and easiest way for your borrowers to send you NPI (non-public information) documents. Compliance auditors recommend it because unlike box-type file sharing apps, DocumentGuardian stores your borrower documents in our secure data center, not on individual computers and mobile devices. Loan oficers and borrowers access DocumentGuardian™ through a secure browser connection, so their own logins and uploads are safe.

To minimize the risk of impersonation (called "phishing"), loan officers should advise customers to look at their mail carefully, make sure it links to the usual website, and inform them if anything looks suspicious. The consistent appearance that DocumentGuardian provides will give customers confidence that the mail they receive is authentic.

Businesses that use secure methods of exchanging documents with their customers enjoy a better reputation and are safer from charges of negligence. Contact us to learn how we can help you attain this necessary level of security.

Learn More
Topics: EmailGuardian MortgageWorkSpace email security phishing

5 Ways DocumentGuardian Helps Mortgage Companies Protect Borrowers

protecting-borrowers-private-documentsCredit unions and mortgage companies are entrusted with some of clients’ most private information. From social security numbers to bank statements, it’s imperative that those companies are taking measured steps to protect borrowers and their private documents from cybersecurity threats.Often the borrowers themselves place their information in jeopardy when they send non-public information via unencrypted emails. This places many lenders in a predicament. Somehow, they must maintain trust, security, and compliance, without sacrificing client efficiency and convenience. Though achieving this balance was once a problem for mortgage companies, there is now a tool available that can do just that: DocumentGuardian. 

Here are five ways DocumentGuardian can help mortgage companies protect their borrowers and maintain regulatory compliance with ease.

  • Encourages Better Borrower Habits

The mortgage lending process requires borrowers to supply loan officers with a great deal of private and sensitive information. Unfortunately, most borrowers aren’t thinking about their own cybersecurity when they send that information. They often assume that because they are sending these files to a trusted source, their files are in good hands. 

These bad habits can not only result in borrowers’ information being intercepted or stolen, but they can also reflect poorly on the mortgage companies involved. When lenders are audited, government agencies blame them for any client-produced security blunders, and this blame isn't entirely misplaced. With pressure from customers and looming deadlines, some lenders are tempted to take careless security risks.

Responsible loan officers educate their clients on what they can and cannot send via unsecured email. After educating customers on the importance of sending non-public personal information (NPI) through secure means, lenders can use DocumentGuardian to provide them with an easy solution that encourages better security habits from the start.

  • Eases Pain Points

The truth is, customers are more concerned with avoiding pain points and inconvenience than they are with complying with regulations. So, it’s up to mortgage companies to ease any potential pain points, while still protecting their borrowers and maintaining compliance. Solutions like DocumentGuardian supply both mortgage companies and borrowers with a tool that makes sending and receiving client documents safe and easy, reducing the numerous clicks, passwords, and log-ins typically involved in secure transactions. 

DocumentGuardian offers clients a simple-to-use interface that allows them to securely send documents and information, eliminating their pain points and yours.

To use the feature, mortgage officers supply customers with a link to a private, secure webpage. For easy customer access, this link can even be included in the loan officer's email signature. The customer opens the link, without needing any logins or complicated passwords. Then, they simply drag and drop their documents to the secure web page. 

  • Stores Information Securely in the Cloud

Once the files are scanned for viruses, DocumentGuardian stores them in secure Cloud data centers, not on mobile apps or desktop hard drives where there is an increased risk of files being hacked. For this reason, compliance auditors prefer secure Cloud storage to file-sharing apps.

Secure storage benefits mortgage companies because there is no need to download additional software or security updates, and there is an added layer of protection that safeguards sensitive information. As part of the MortgageWorkspace suite of services, DocumentGuardian regularly updates to stay within regulatory compliance and to adapt to changing security demands. 

  • Transfers, Downloads, and Uploads Encrypted Files

When clients send NPI through open, unsecured connections, they run the risk of man-in-the-middle security breaches, among other types of attacks. During this type of breach, the hacker is able to monitor traffic and even intercept or compromise messages, such as emails. 

DocumentGuardian technology doesn't require a login. Instead, clients drag and drop their documents into a secure web page (click to view a sample page) through the link you have supplied. The documents are then uploaded to your secure file on the cloud. This completely eliminates the opportunity for hackers to read messages as they are sent and received. 

From there, the SSL 256-bit encrypted documents are accessed as needed. You are able to manage and further secure documents by setting an expiration date for documents that are only needed temporarily. 

  • Track and Record Activity

Once files are uploaded, the client gets a receipt that documents the transaction. On the lender side, all activity on the secure web page is logged and archived. In the event of an audit, this information is readily available.

 For most mortgage customers, few things are more daunting than complex paperwork. Ease customer pain points by supplying your clients with familiar drag-and-drop options. When the process is easier for them, it is easier for you too. DocumentGuardian is available to any user of MortgageWorkSpace. For more information on DocumentGuardian, the latest addition to ABT’s MortgageWorkSpace platform, please contact us.

Learn More

Topics: email security data security DocumentGuardian

Email Security Policy: Plan Before You Click and Send

email securityIn today’s highly digital world, much of our business communications take place over email. The mortgage industry, especially, relies on email to communicate with clients, send and receive important documents, and to transmit customer information. However, with email comes a lot of security vulnerabilities that put your mortgage company at risk of contracting malware or having your sensitive communications intercepted by hackers. Email security is vitally important, and it is necessary to establish a strong email security policy that provides proper guidance for your loan officers on how to handle email communications.

Here are some important aspects every email security policy should have.

  • Content Control

     Company policy should clearly state what is appropriate and what is not appropriate to send in the name of the company. This includes the obvious limits, such as restrictions on content which may be considered racist, sexist, etc., but it also needs to address operational aspects such as release of confidential information, when/if encryption is required, and when sending information over email is prohibited.
  • Email Retention

    All email must be retained for a specified period of time. In some cases there are legal requirements to consider, but often your mortgage company may want to retain emails for longer periods of time to have as a reference. No one would question a company practice of filing paper correspondence for a period of years, and the same should be true of email retention. In fact, it is far easier to retain emails than it is to retain paper records, and every bit as important.
  • Content Monitoring

     All employees need to be aware of and agree to a corporate policy that all email sent from company systems or from company addresses are subject to monitoring at all times. This provides the company itself with a tool to review any and all communication in the event that a problem arises as a result of email. It also causes employees to stop and think before they send an email and causes them to remember that they are communicating on behalf of the company.
  • Outlined Limitations

     Company email policy needs to address all situations in which email sent or received by an employee can become a liability. This includes protocol for sending customer information via email, opening attachments, and the use of personal devices for business purposes. It may be difficult for a company to predict every possible situation where email can pose a threat to security, but it is important that the company at least be able to describe minimum acceptable email behavior. If business management cannot describe limitations on email protocol, they cannot reasonably expect their employees to either.
  • Regular Policy Review 

    Your policy should be reviewed periodically. As new technology comes into use, new issues such as encryption or potentially dangerous email attachments must be considered. A policy should be seen as a living document. It must be responsive to current business practices and requirements.

At Access Business Technologies, we offer mortgage companies the tools to ensure email security in their workforce. With solutions like EmailGuardian™, your emails are protected from spam, viruses, malware, phishing, data leaks and email transmission encryption policies. It also offers unlimited archiving so you can retain emails for as long as you wish, as well as seamless email continuity to provide uninterrupted access to emails, even in the event of any outage. These tools support your email security policy with technology that makes it simple for your loan officers to make smart, secure email exchanges.  For additional assistance with developing a robust and comprehensive email policy or finding the tools you need to make your email security a priority, please contact us.

Topics: Cloud Services ABT cyber security EmailGuardian email security