Mortgage Software Solutions Blog

Email Security Tips Your Mortgage Customers Should Know

email_security_-1.jpgMortgage customers make heavy use of the Internet today. People are used to carrying on business with online forms and email, even where they'd have expected face-to-face meetings and paper just a few years ago. Online activity, especially email, carries risks of fraud and information theft. It's the responsibility of mortgage professionals to advise their customers on how to keep that risk low.

Tips for Customers

Here are some tips on email safety to pass on to your mortgage customers:

  • Avoid sending confidential information by email. It isn't a secure medium, and third parties can easily intercept it. Use online forms for submitting personal information, making sure you're using the right site. This applies especially to Social Security numbers, credit card numbers, and information on tax returns.

  • If you receive an unexpected request from your mortgage provider, be very wary. If someone asks you to email confidential information, don't treat that as an exception to this advice. Treat it as grounds for suspicion. When in doubt, call to make sure the request is legitimate.

  • If you get unexpected attachments or links, don't open them. Just as the customer shouldn't send email in place of a secure online form, they should expect that you won't send important information in email attachments. Any links you send should be to your own site or one that you've familiarized them with, not to some mysterious site they’ve never seen before.

  • Don't send mortgage-related email through a public wi-fi connection. Everything that's sent that way is transmitted without encryption, and it's not hard for someone nearby to intercept the data.

Understanding Phishing

It’s also important to educate customers about "phishing." Phishers impersonate legitimate operations—possibly your own business—to get people to download malware or turn over personal information. It's easy to forge email addresses or to use an address that appears to be from a trusted source.

Many users don't even see the email address. For the sake of convenience, a lot of client software shows only the display name and not the address. There's generally a way to check the address, such as tapping or hovering on the name. It's important to check the address before replying to an important email message to ensure it's the sender's real address.

An email message that demands an immediate response with the threat of dire consequences is probably phishing, unless the customer was already close to a deadline. One with unusually bad grammar and spelling is likely to be fake.

A message that asks the recipient to do a software update should raise an immediate red flag. Users should always do updates from the software itself, not from a link or attachment in a message.

If the message body doesn't mention the recipient's name, that's another sign of fakery. If it just says "Dear Customer," while calling for a personal response, it should be a dead giveaway.

Maintain High Standards in Your Own Mail

Give your own email a consistent appearance. That will help customers to know something could be wrong if it looks different. Include a standard signature with your contact information. Always greet the customer by name. Keep a consistent tone. Don't use formal language in one message and then address the customer as "u" in the next.

ABT's MortgageWorkSpace® Suite provides the tools you need for communicating safely with customers. EmailGuardian™ supports encrypted communication, guards against malicious links and attachments from mortgage cyber-attackers, and archives all mail. DocumentGuardian™ provides vulnerability management solutions through secure access to documents, without storing them on user devices. All documents are stored safely in our cloud data center.

With MortgageWorkSpace®, you can assure your customers that there will never be a need to use insecure methods of sending or receiving information. Please contact us to learn how you can improve the security of your customer interactions and keep client information safe.

Learn More

Topics: EmailGuardian email security

Understanding the Importance of Email Security for Mortgage Businesses


Email is a big part of communication with mortgage applicants, but it poses many security problems. Companies are torn between their need to protect confidential financial information and the customer’s desire for convenience. Customers don't want to go through extra steps, but they'll be very unhappy if intercepted information leads to identity theft. So will mortgage employees. That's why mortgage businesses need to understand why email security is so important. 

Email standards emerged very early in the history of the internet, when security wasn't a serious concern, and unfortunately, they haven't improved a lot since then.

  • Senders can trivially impersonate other people, including their email addresses.
  • Mail goes through multiple hops, providing many opportunities to read mail in transit.
  • People often don't notice what address a message comes from, and some software even hides it.
  • Unsecure connections to mail servers are common. They send passwords as plain text, allowing for their interception.

A study by Halock Security Labs found that lenders often use unsecure email practices.

  • 70% of the loan officers in the study let applicants send tax documents and other financial information as unencrypted email attachments.
  • Only 12% provided a way of sending email securely.
  • Loan officers cited customer convenience over security as the reason for using email.

The American Land Title Association has issued rules specifying that non-public personal information, in connection with real estate sales, must be transmitted securely. It recommends adopting a written privacy and information security program for protecting such information, in order to comply with federal and state laws.

Some major services, such as Gmail, encrypt mail while it's moving between their own servers, but they can't do anything about the final hop if a message goes to a different host. People have created security measures, such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard), that attempt to provide vendor-independent, end-to-end encryption. Unfortunately, they are so clumsy to use that they have never caught on.

Passwords are another problem. Many people connect to mail servers using an unsecured connection, which means their passwords go through as plain text. If they combine this with an unsecured wi-fi connection, they're literally broadcasting their passwords for anyone nearby to steal. People who get mail through an application can and should use an SSL/TLS connection to their provider. This encrypts logins and other data in transit, and once they set it up, it simply works without the users having to do anything more.

Secure email portals use either a website, a special application, or an add-on to an existing application. They're a departure from how people normally send and receive their mail, but some are more disruptive than others. Finding an approach that provides security, without making customers unhappy, is a tricky balance.

The best solutions combine email and web technology. Email can notify people that information is waiting for them, and a password-protected web connection can deliver it securely.

ABT's DocumentGuardian™ is the safest and easiest way for your borrowers to send you NPI (non-public information) documents. Compliance auditors recommend it because unlike box-type file sharing apps, DocumentGuardian stores your borrower documents in our secure data center, not on individual computers and mobile devices. Loan oficers and borrowers access DocumentGuardian™ through a secure browser connection, so their own logins and uploads are safe.

To minimize the risk of impersonation (called "phishing"), loan officers should advise customers to look at their mail carefully, make sure it links to the usual website, and inform them if anything looks suspicious. The consistent appearance that DocumentGuardian provides will give customers confidence that the mail they receive is authentic.

Businesses that use secure methods of exchanging documents with their customers enjoy a better reputation and are safer from charges of negligence. Contact us to learn how we can help you attain this necessary level of security.

Learn More
Topics: EmailGuardian MortgageWorkSpace email security phishing

Email Security Policy: Plan Before You Click and Send

email securityIn today’s highly digital world, much of our business communications take place over email. The mortgage industry, especially, relies on email to communicate with clients, send and receive important documents, and to transmit customer information. However, with email comes a lot of security vulnerabilities that put your mortgage company at risk of contracting malware or having your sensitive communications intercepted by hackers. Email security is vitally important, and it is necessary to establish a strong email security policy that provides proper guidance for your loan officers on how to handle email communications.

Here are some important aspects every email security policy should have.

  • Content Control

     Company policy should clearly state what is appropriate and what is not appropriate to send in the name of the company. This includes the obvious limits, such as restrictions on content which may be considered racist, sexist, etc., but it also needs to address operational aspects such as release of confidential information, when/if encryption is required, and when sending information over email is prohibited.
  • Email Retention

    All email must be retained for a specified period of time. In some cases there are legal requirements to consider, but often your mortgage company may want to retain emails for longer periods of time to have as a reference. No one would question a company practice of filing paper correspondence for a period of years, and the same should be true of email retention. In fact, it is far easier to retain emails than it is to retain paper records, and every bit as important.
  • Content Monitoring

     All employees need to be aware of and agree to a corporate policy that all email sent from company systems or from company addresses are subject to monitoring at all times. This provides the company itself with a tool to review any and all communication in the event that a problem arises as a result of email. It also causes employees to stop and think before they send an email and causes them to remember that they are communicating on behalf of the company.
  • Outlined Limitations

     Company email policy needs to address all situations in which email sent or received by an employee can become a liability. This includes protocol for sending customer information via email, opening attachments, and the use of personal devices for business purposes. It may be difficult for a company to predict every possible situation where email can pose a threat to security, but it is important that the company at least be able to describe minimum acceptable email behavior. If business management cannot describe limitations on email protocol, they cannot reasonably expect their employees to either.
  • Regular Policy Review 

    Your policy should be reviewed periodically. As new technology comes into use, new issues such as encryption or potentially dangerous email attachments must be considered. A policy should be seen as a living document. It must be responsive to current business practices and requirements.

At Access Business Technologies, we offer mortgage companies the tools to ensure email security in their workforce. With solutions like EmailGuardian™, your emails are protected from spam, viruses, malware, phishing, data leaks and email transmission encryption policies. It also offers unlimited archiving so you can retain emails for as long as you wish, as well as seamless email continuity to provide uninterrupted access to emails, even in the event of any outage. These tools support your email security policy with technology that makes it simple for your loan officers to make smart, secure email exchanges.  For additional assistance with developing a robust and comprehensive email policy or finding the tools you need to make your email security a priority, please contact us.

Topics: Cloud Services ABT cyber security EmailGuardian email security