Mortgage Software Solutions Blog

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

4 Ways Loan Management Software Improves the Mortgage Experience

4 Ways Loan Management Software Improves the MortFinancial management software makes everyday interactions smoother for mortgage lenders.

Mortgage software has relied on legacy infrastructures and paper processes for far too long.

In almost every other sector, interactions between banking institutions and customers have moved online.

Web-based transactions for commerce are increasing annually. In 2017, global e-retail sales amounted to 2.3 trillion U.S. dollars and projections show a growth of up to 4.48 trillion U.S. dollars by 2021.  As retail transactions migrate away from brick-and-mortar, the rest of the banking world plays catch up.

In the mortgage world, loan management software offers lenders high-tech solutions to keep them on the cutting edge of the finance world.

Here are the 4 ways that loan management software improves the mortgage experience.

  1. Centralized Access to Document Management

Cloud-based domain services store data on the cloud instead of on a localized server. This gives mortgage companies access to business-critical data from virtually anywhere. Office PCs, employee-owned laptops, and even mobile devices can capitalize on business opportunities anywhere that lenders are interacting with clients.

Loan management software like MortgageWorkSpace (MWS) offers a “portal” or single point of entry to all employees with internet access.

Users can synchronize their user settings and application settings data to the cloud, providing a unified experience across their devices and reducing the time needed for configuring a new device.

Lenders prefer the speed and breadth of information that online-based software provides. When lenders have quick access, customers get quick responses and customer service is perceived as fast and convenient.

Not only does this portal make remote work possible, but it keeps things secure as the mortgage industry embraces the remote working environment.

  1. Improved Security for Client Data

This single point of access protects company assets through multi-factor authentication, ensuring that data remains secure.

Further cyber security measures are managed using Windows Defender, an anti-malware component that keeps intrusions at bay for all devices joined to the MortgageWorkSpace network.

With MWS, there is a cloud-based firewall protecting the devices joined to your lending company’s network as well.

When security events do happen, this software gives the company the ability to remove company data from a mobile device or PC via remote access. This means that even if an employee’s device is stolen, the mortgage software keeps sensitive personal and financial information safe from hackers. 

  1. Effortless Compliance

Running parallel with cyber security, this software handles compliance regarding data security without needing to purchase, integrate, or maintain separate compliance software. MSW has what the industry calls “built-in” compliance features.

Other compliance issues faced by the mortgage industry are included in MSW. Documentation, record keeping, document expiration, and record retention are all features of this platform. This means that lenders using this software are always prepared for an audit without the last-minute scramble.

 In comparison to wider umbrella software, this platform is specifically built and maintained by developers who know the mortgage world.

Developed by California-based ABT, the company is an industry leader and watches the horizon for mortgage legislation that will affect their product’s performance. Lenders using MSW can be sure their software is not only up-to-date with compliance but that it will on boarding the most important finance trends as they happen.

  1. Integration Builds Capacity

Though compliance features are built-in, the platform remains flexible so that your lending company can utilize applications that give a competitive edge.

The Mortgage BI (business intelligence) dashboard powered by Microsoft gives unrivaled visibility to company data. This leads to data-based business decisions that improve the bottom line.

Analysis isn’t limited by this platform’s own BI capabilities though. MSW is vendor neutral so it integrates with loan origination systems, CRMs, Saas apps, on-premises networks, and plenty of proprietary software that makes business run more smoothly.

The days of paper-heavy processes for buying houses are numbered.

Developers are producing these sophisticated platforms that make the mortgage process better.

New financial management software is cloud-based, safe, and expandable. Customers can now enjoy a seamless experience thanks to platforms that give mortgage lenders speed and flexibility in their work.

Good software means agile lenders, which in turn means happy customers.

Does your mortgage company have outstanding software that improves this end-to-end experience?

MortgageWorkSpace is the award-winning business solution that mortgage lenders need. Learn more by visiting ABT.

Image: Unsplash

Topics: mobile device security email security data security phishing multi-factor authentication Business Intelligence cybersecurity Mortgage BI mortgage documents cloud storage productivity mortgage business mortgage industry cloud-based data Housing Market Mortgage Lending disaster recovery MBA

Cyber Security Seatbelts Save Digital Lives

digital seatbeltsWear a seatbelt—navigate your cloud-based systems with safety in mind. 

“Safety first.”

It’s a pretty easy idea to agree on. We all think safety is important.

So what do we do when customers say we aren’t being safe enough?

2017 saw the largest consumer data breach in world history. Equifax made international headlines for a breach that exposed the personal information of as many as 143 million people.

As Equifax knows well, financial and credit-related information is extremely valuable to cyber criminals. Hacks of this kind need to be protected against.

Consumer Safety

After many years of unsafe automobiles, consumers were tired of dangerous cars. They demanded that the industry clean up its act to make vehicles safer. With a little help from activists, car makers complied.

With government regulations in place, riding in a car has changed. Now all cars are made with seatbelts and few people get into a car without buckling up.

The auto industry’s move towards standard safety precautions can teach finance folks a lesson about how to face consumer demand for safety.

Cyber Seatbelt

Safety precautions for automotive vehicles began with the simple safety belt.

The seatbelt of the mortgage industry is MFA security, which keeps data safe.

The safest “seatbelt” on the market, it’s time to implement multi factor authentication when your company migrates into the cloud.

For your staff, a cloud-based workspace makes work convenient and accessible. For cyber criminals, migration to the cloud means they have a doorway to try and break in.

Also known as MFA, multi factor authentication is a nearly fool-proof way to prevent the wrong people from accessing your company’s data.

MFA requires that employees accessing the cloud have to enter at least 2 forms of digital identification. MFA validates that the person logging into the system is who they say they are. Whether by a text message to their company phone or another form of ID, staffers are let in and hackers are kept out.

MFA is so secure, it has become the modern standard for financial institutions. It was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017. It was also listed as the standard for the mortgage industry in New York’s new cyber security legislation.

For any financial institution that works in the cloud, MFA is the first safety precaution that can protect both the company and consumers.

If MFA is the visible seatbelt, what are the airbags that provide safety behind-the-scenes?

Cyber Airbags

Email Guardian is a product developed by a US-based company specifically to keep financial information secure for mortgage companies.

Its main job is to watch business email. It checks URLs on incoming messages to watch for phishing attacks. It filters every link and tests linked sites to make sure they are clean. If a link is dangerous, this program catches it and breaks the link before your staff can click-through.

It protects companies from intrusion by providing comprehensive, multi-layered email security and content controls. A web-based application especially for financial institutions and big business, this application handles dynamic security precautions including email encryption and security tracking as well.

Just like how airbags provide a layer of cushioned protection for car drivers and passengers, this innovative technology provides layers of security to keep email hackers at bay and avoid catastrophe.

With MFA and Email Guardian combined, your company data remains out of harm’s way.

Lessons from the Auto Industry

Just as with unsafe automobiles, consumers are reacting to the Equifax disaster by demanding that something be done about info protection for credit companies and mortgage brokers.

Government regulators have begun to react as well. New York introduced groundbreaking legislation to regulate cyber security for financial institutions. Colorado and Vermont are following suit.

When consumers make an industry-wide demand, companies need to pay attention.

Since widespread consumer outrage over information leaks continues making news and influencing regulators, mortgage companies are wise to adopt security measures and establish a basis of protection for their customers.

In the same situation decades ago, auto manufacturers made serious efforts to improve consumer protection for their products. Today carmakers are seen by the public as one of the most safety-conscious industries.

Taking care of consumer data is important if lenders want to be seen in the same light in the future.

ABT’s cutting-edge Email Guardian application provides strict security breach protection and data leakage prevention. Contact us to learn more.

Image: VisualHunt.com

Topics: Mortgage Cloud Services cyber security email security data security social networking safety cybersecurity security mobile technology mortgage industry HUD Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit Housing Market network safety MBA

Know Your Cyber Security Reporting Obligations

Know Your Cyber Security Reporting Obligations

New laws dictate how finance companies report security issues.

New York’s recent crackdown in state cybersecurity laws marks true reformation in the finance industry.

14 pages of detailed regulations fully outline the new accountability measures at Wall Street’s epicenter.

The regulations compel close to 10,000 financial institutions and 300,000 insurance licensees to put consumer protection before their corporate reputation for the first time in US history.

From a minor system access attempt by hackers all the way up to a full data breach, the new law saddles financial institutes with direct accountability to the state and implements a new standard in reporting for all mortgage loan servicers, banks, credit unions, and insurance companies.

For finance companies wondering how to conduct business in this new reality, here is a guide to the reporting obligations of New York’s new cybersecurity law

Governing Bodies

The first step of understanding the new obligations is to get familiar with the regulatory bodies of New York’s finance world.

The main authority on the new regulation is the New York State Department of Financial Services (DFS).

In the past, financial institutions were regulated via voluntary frameworks and reported externally to DFS in few situations with undefined parameters.

Under the new law, DFS established immediate authority by requiring a DFS-issued cyber security Certificate of Compliance as a basic prerequisite for operating a financial company. This gives DFS the ability to discipline non-compliant companies by revoking their certificate.

Beyond DFS, the regulation stipulates the creation of internal positions for officers to interface with DFS on behalf of the company. This requirement pushes aside ineffective industry-based governing bodies in favor of a direct link.

Mortgage companies must designate a Chief Information Security Officer (CISO) for in-house enforcement of company security procedures. The CISO reports in writing annually to the company’s board and will be held personally, legally responsible in the event of a breach at the agency.

Reporting Obligations

The final piece of accountability addressed in the new law is a reexamination of security reporting.

A “cybersecurity event” is any attempt of unauthorized access private consumer information. In order to mitigate the effects of a security event, financial institutions need to disclose data loss when it happens. This gives consumers sufficient time to take protective action such as changing passwords or putting a hold on a compromised credit card.

In practice though, finance companies endeavor keep data hacks under wraps. They prefer to save face and avoid losing consumer confidence.

In September of 2017, the Equifax data breach made international headlines. Though not the largest, it is considered the worst data breach in US history due to the sensitive nature of personal data that was accessed.

Despite being aware of the situation, Equifax spent five weeks running corporate damage control before disclosing the leak. The company initially underreported the number of affected consumers as 2.5 million instead of the actual 145.5 million people whose private data was stolen.

This failure to disclose the full extent of the damage infuriated the public.

Lawmakers vowed to protect consumers against this type of cover-up. With Sen. Elizabeth Warren (D-Mass.) at the helm, this is how the new regulations were written into law.

No More Cover-Ups

Now, the superintendent’s office places a strict time cap on security breach announcements. A company has no more than 72 hours to report any event that has a “reasonable likelihood of materially harming the normal operations” of the company. 

Since Equifax’s disregard for public safety, the law now stipulates that a data breach report is no longer the jurisdiction of the local supervisory body. Instead, reports of data loss go up the chain of command straight to the New York Superintendent’s office.

With a quicker turnaround time, consumers can be alerted quickly and efficiently through official channels about the breach.

Though basic requirements of the law have already gone into effect, the state of New York did allow time for mortgage companies to learn the law and implement it piece by piece.

According to the roll-out dates of the law, companies are required to be legally compliant with specific sections of the law on March 1 and September 3, 2018. The end of the full two-year transitional period and full compliance will be enforced by March 1, 2019.

For comprehensive compliance guidance and other cybersecurity solutions and, contact us.

Image: Visual Hunt

Topics: cyber security mobile security mobile device security email security cybersecurity security mortgage industry Trump Administration Housing Market Mortgage Lending 23 NYCRR Part 500 NYSDFS

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

Email Security Tips Your Mortgage Customers Should Know

email_security_-1.jpgMortgage customers make heavy use of the Internet today. People are used to carrying on business with online forms and email, even where they'd have expected face-to-face meetings and paper just a few years ago. Online activity, especially email, carries risks of fraud and information theft. It's the responsibility of mortgage professionals to advise their customers on how to keep that risk low.

Tips for Customers

Here are some tips on email safety to pass on to your mortgage customers:

  • Avoid sending confidential information by email. It isn't a secure medium, and third parties can easily intercept it. Use online forms for submitting personal information, making sure you're using the right site. This applies especially to Social Security numbers, credit card numbers, and information on tax returns.

  • If you receive an unexpected request from your mortgage provider, be very wary. If someone asks you to email confidential information, don't treat that as an exception to this advice. Treat it as grounds for suspicion. When in doubt, call to make sure the request is legitimate.

  • If you get unexpected attachments or links, don't open them. Just as the customer shouldn't send email in place of a secure online form, they should expect that you won't send important information in email attachments. Any links you send should be to your own site or one that you've familiarized them with, not to some mysterious site they’ve never seen before.

  • Don't send mortgage-related email through a public wi-fi connection. Everything that's sent that way is transmitted without encryption, and it's not hard for someone nearby to intercept the data.

Understanding Phishing

It’s also important to educate customers about "phishing." Phishers impersonate legitimate operations—possibly your own business—to get people to download malware or turn over personal information. It's easy to forge email addresses or to use an address that appears to be from a trusted source.

Many users don't even see the email address. For the sake of convenience, a lot of client software shows only the display name and not the address. There's generally a way to check the address, such as tapping or hovering on the name. It's important to check the address before replying to an important email message to ensure it's the sender's real address.

An email message that demands an immediate response with the threat of dire consequences is probably phishing, unless the customer was already close to a deadline. One with unusually bad grammar and spelling is likely to be fake.

A message that asks the recipient to do a software update should raise an immediate red flag. Users should always do updates from the software itself, not from a link or attachment in a message.

If the message body doesn't mention the recipient's name, that's another sign of fakery. If it just says "Dear Customer," while calling for a personal response, it should be a dead giveaway.

Maintain High Standards in Your Own Mail

Give your own email a consistent appearance. That will help customers to know something could be wrong if it looks different. Include a standard signature with your contact information. Always greet the customer by name. Keep a consistent tone. Don't use formal language in one message and then address the customer as "u" in the next.

ABT's MortgageWorkSpace® Suite provides the tools you need for communicating safely with customers. EmailGuardian™ supports encrypted communication, guards against malicious links and attachments from mortgage cyber-attackers, and archives all mail. DocumentGuardian™ provides vulnerability management solutions through secure access to documents, without storing them on user devices. All documents are stored safely in our cloud data center.

With MortgageWorkSpace®, you can assure your customers that there will never be a need to use insecure methods of sending or receiving information. Please contact us to learn how you can improve the security of your customer interactions and keep client information safe.

Learn More

Topics: EmailGuardian email security

Understanding the Importance of Email Security for Mortgage Businesses

email_security_.jpg

Email is a big part of communication with mortgage applicants, but it poses many security problems. Companies are torn between their need to protect confidential financial information and the customer’s desire for convenience. Customers don't want to go through extra steps, but they'll be very unhappy if intercepted information leads to identity theft. So will mortgage employees. That's why mortgage businesses need to understand why email security is so important. 

Email standards emerged very early in the history of the internet, when security wasn't a serious concern, and unfortunately, they haven't improved a lot since then.

  • Senders can trivially impersonate other people, including their email addresses.
  • Mail goes through multiple hops, providing many opportunities to read mail in transit.
  • People often don't notice what address a message comes from, and some software even hides it.
  • Unsecure connections to mail servers are common. They send passwords as plain text, allowing for their interception.

A study by Halock Security Labs found that lenders often use unsecure email practices.

  • 70% of the loan officers in the study let applicants send tax documents and other financial information as unencrypted email attachments.
  • Only 12% provided a way of sending email securely.
  • Loan officers cited customer convenience over security as the reason for using email.

The American Land Title Association has issued rules specifying that non-public personal information, in connection with real estate sales, must be transmitted securely. It recommends adopting a written privacy and information security program for protecting such information, in order to comply with federal and state laws.

Some major services, such as Gmail, encrypt mail while it's moving between their own servers, but they can't do anything about the final hop if a message goes to a different host. People have created security measures, such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard), that attempt to provide vendor-independent, end-to-end encryption. Unfortunately, they are so clumsy to use that they have never caught on.

Passwords are another problem. Many people connect to mail servers using an unsecured connection, which means their passwords go through as plain text. If they combine this with an unsecured wi-fi connection, they're literally broadcasting their passwords for anyone nearby to steal. People who get mail through an application can and should use an SSL/TLS connection to their provider. This encrypts logins and other data in transit, and once they set it up, it simply works without the users having to do anything more.

Secure email portals use either a website, a special application, or an add-on to an existing application. They're a departure from how people normally send and receive their mail, but some are more disruptive than others. Finding an approach that provides security, without making customers unhappy, is a tricky balance.

The best solutions combine email and web technology. Email can notify people that information is waiting for them, and a password-protected web connection can deliver it securely.

ABT's DocumentGuardian™ is the safest and easiest way for your borrowers to send you NPI (non-public information) documents. Compliance auditors recommend it because unlike box-type file sharing apps, DocumentGuardian stores your borrower documents in our secure data center, not on individual computers and mobile devices. Loan oficers and borrowers access DocumentGuardian™ through a secure browser connection, so their own logins and uploads are safe.

To minimize the risk of impersonation (called "phishing"), loan officers should advise customers to look at their mail carefully, make sure it links to the usual website, and inform them if anything looks suspicious. The consistent appearance that DocumentGuardian provides will give customers confidence that the mail they receive is authentic.

Businesses that use secure methods of exchanging documents with their customers enjoy a better reputation and are safer from charges of negligence. Contact us to learn how we can help you attain this necessary level of security.

Learn More
Topics: EmailGuardian MortgageWorkSpace email security phishing

5 Ways DocumentGuardian Helps Mortgage Companies Protect Borrowers

protecting-borrowers-private-documentsCredit unions and mortgage companies are entrusted with some of clients’ most private information. From social security numbers to bank statements, it’s imperative that those companies are taking measured steps to protect borrowers and their private documents from cybersecurity threats.Often the borrowers themselves place their information in jeopardy when they send non-public information via unencrypted emails. This places many lenders in a predicament. Somehow, they must maintain trust, security, and compliance, without sacrificing client efficiency and convenience. Though achieving this balance was once a problem for mortgage companies, there is now a tool available that can do just that: DocumentGuardian. 

Here are five ways DocumentGuardian can help mortgage companies protect their borrowers and maintain regulatory compliance with ease.

  • Encourages Better Borrower Habits

The mortgage lending process requires borrowers to supply loan officers with a great deal of private and sensitive information. Unfortunately, most borrowers aren’t thinking about their own cybersecurity when they send that information. They often assume that because they are sending these files to a trusted source, their files are in good hands. 

These bad habits can not only result in borrowers’ information being intercepted or stolen, but they can also reflect poorly on the mortgage companies involved. When lenders are audited, government agencies blame them for any client-produced security blunders, and this blame isn't entirely misplaced. With pressure from customers and looming deadlines, some lenders are tempted to take careless security risks.

Responsible loan officers educate their clients on what they can and cannot send via unsecured email. After educating customers on the importance of sending non-public personal information (NPI) through secure means, lenders can use DocumentGuardian to provide them with an easy solution that encourages better security habits from the start.

  • Eases Pain Points

The truth is, customers are more concerned with avoiding pain points and inconvenience than they are with complying with regulations. So, it’s up to mortgage companies to ease any potential pain points, while still protecting their borrowers and maintaining compliance. Solutions like DocumentGuardian supply both mortgage companies and borrowers with a tool that makes sending and receiving client documents safe and easy, reducing the numerous clicks, passwords, and log-ins typically involved in secure transactions. 

DocumentGuardian offers clients a simple-to-use interface that allows them to securely send documents and information, eliminating their pain points and yours.

To use the feature, mortgage officers supply customers with a link to a private, secure webpage. For easy customer access, this link can even be included in the loan officer's email signature. The customer opens the link, without needing any logins or complicated passwords. Then, they simply drag and drop their documents to the secure web page. 

  • Stores Information Securely in the Cloud

Once the files are scanned for viruses, DocumentGuardian stores them in secure Cloud data centers, not on mobile apps or desktop hard drives where there is an increased risk of files being hacked. For this reason, compliance auditors prefer secure Cloud storage to file-sharing apps.

Secure storage benefits mortgage companies because there is no need to download additional software or security updates, and there is an added layer of protection that safeguards sensitive information. As part of the MortgageWorkspace suite of services, DocumentGuardian regularly updates to stay within regulatory compliance and to adapt to changing security demands. 

  • Transfers, Downloads, and Uploads Encrypted Files

When clients send NPI through open, unsecured connections, they run the risk of man-in-the-middle security breaches, among other types of attacks. During this type of breach, the hacker is able to monitor traffic and even intercept or compromise messages, such as emails. 

DocumentGuardian technology doesn't require a login. Instead, clients drag and drop their documents into a secure web page (click to view a sample page) through the link you have supplied. The documents are then uploaded to your secure file on the cloud. This completely eliminates the opportunity for hackers to read messages as they are sent and received. 

From there, the SSL 256-bit encrypted documents are accessed as needed. You are able to manage and further secure documents by setting an expiration date for documents that are only needed temporarily. 

  • Track and Record Activity

Once files are uploaded, the client gets a receipt that documents the transaction. On the lender side, all activity on the secure web page is logged and archived. In the event of an audit, this information is readily available.

 For most mortgage customers, few things are more daunting than complex paperwork. Ease customer pain points by supplying your clients with familiar drag-and-drop options. When the process is easier for them, it is easier for you too. DocumentGuardian is available to any user of MortgageWorkSpace. For more information on DocumentGuardian, the latest addition to ABT’s MortgageWorkSpace platform, please contact us.

Learn More

Topics: email security data security DocumentGuardian

Email Security Policy: Plan Before You Click and Send

email securityIn today’s highly digital world, much of our business communications take place over email. The mortgage industry, especially, relies on email to communicate with clients, send and receive important documents, and to transmit customer information. However, with email comes a lot of security vulnerabilities that put your mortgage company at risk of contracting malware or having your sensitive communications intercepted by hackers. Email security is vitally important, and it is necessary to establish a strong email security policy that provides proper guidance for your loan officers on how to handle email communications.

Here are some important aspects every email security policy should have.

  • Content Control

     Company policy should clearly state what is appropriate and what is not appropriate to send in the name of the company. This includes the obvious limits, such as restrictions on content which may be considered racist, sexist, etc., but it also needs to address operational aspects such as release of confidential information, when/if encryption is required, and when sending information over email is prohibited.
  • Email Retention

    All email must be retained for a specified period of time. In some cases there are legal requirements to consider, but often your mortgage company may want to retain emails for longer periods of time to have as a reference. No one would question a company practice of filing paper correspondence for a period of years, and the same should be true of email retention. In fact, it is far easier to retain emails than it is to retain paper records, and every bit as important.
  • Content Monitoring

     All employees need to be aware of and agree to a corporate policy that all email sent from company systems or from company addresses are subject to monitoring at all times. This provides the company itself with a tool to review any and all communication in the event that a problem arises as a result of email. It also causes employees to stop and think before they send an email and causes them to remember that they are communicating on behalf of the company.
  • Outlined Limitations

     Company email policy needs to address all situations in which email sent or received by an employee can become a liability. This includes protocol for sending customer information via email, opening attachments, and the use of personal devices for business purposes. It may be difficult for a company to predict every possible situation where email can pose a threat to security, but it is important that the company at least be able to describe minimum acceptable email behavior. If business management cannot describe limitations on email protocol, they cannot reasonably expect their employees to either.
  • Regular Policy Review 

    Your policy should be reviewed periodically. As new technology comes into use, new issues such as encryption or potentially dangerous email attachments must be considered. A policy should be seen as a living document. It must be responsive to current business practices and requirements.

At Access Business Technologies, we offer mortgage companies the tools to ensure email security in their workforce. With solutions like EmailGuardian™, your emails are protected from spam, viruses, malware, phishing, data leaks and email transmission encryption policies. It also offers unlimited archiving so you can retain emails for as long as you wish, as well as seamless email continuity to provide uninterrupted access to emails, even in the event of any outage. These tools support your email security policy with technology that makes it simple for your loan officers to make smart, secure email exchanges.  For additional assistance with developing a robust and comprehensive email policy or finding the tools you need to make your email security a priority, please contact us.

Topics: Cloud Services ABT cyber security EmailGuardian email security