Mortgage Software Solutions Blog

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.


Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

Lawmakers Crack Down on Consumer Data Breaches


New bill to increase cybersecurity oversight in the United States.

Guns are blazing in the US Congress.

In the wake of the major Equifax data breach that lasted from mid-May through July of 2017, US Senator Elizabeth Warren leads the charge in attempts to hold credit reporting agencies responsible for their own cybersecurity.

With a bill proposing to rope the Federal Trade Commission (FTC) into oversight and calling for investigation of the Equifax breach, Warren introduced the Data Breach Prevention and Compensation Act of 2018 to Congress on January 10, 2018.

What Prompted the Bill?

According to Equifax, hackers gained access to sensitive consumer data and maintained access over the course of two months in 2018.

The data that was compromised included names, Social Security numbers, birth dates, addresses, and driver’s license numbers. Victims of the data theft are US citizens as well as people in the UK and Canada. The hackers also stole credit card numbers for 209,000 people.

Though the breach is a significant blunder for the credit reporting agency, Equifax responded by suggesting that the public find out if their information was exposed and allowing victims open enrollment in one year of free credit monitoring services.

Victims and consumer protection agencies alike saw the Equifax response as lackluster and tone deaf.

With identity theft and credit scores hanging in the balance, the public was outraged.

Calling Out the Big Guns

Senator Warren responded on behalf of consumers with a flurry of letters to potential oversight agencies, the United States Government Accountability Office (GAO), and to the three major credit reporting agencies themselves.

In the letter to the GAO, Senator Warren notes that consumers have no control over how their information is collected and used by companies like Equifax. Though credit reporting agencies hold unique power over the management of consumer data, nobody is sure who oversees their mishandling of this sensitive information. Even more shocking is that Equifax seemed to experience no official repercussions due to the hack.

In the letters and the resulting bill, Warren requests clarification of supervisory bodies and demands accountability for the credit agencies in order to protect consumers from future breaches.

In her letters, Senator Warren calls on the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) to consider whether they have authority over credit agencies and could enforce stricter cybersecurity guidelines.

The bill also calls for a significant increase in oversight by the formation of a new oversight body in the FTC. An Office of Cybersecurity is proposed to establish standards for data security, supervise consumer information handling, enforce guidelines, and impose punishment against agencies that don’t comply.

At the heart of the legislation is the protection of data in an industry headed towards more computer- and web-based storage than ever before.

Real Penalties for Serious Breaches

Senator Warren is not alone. Senator Mark Warner from Virginia co-signed the resulting bill. The goal is that with official government oversight, future breaches would be avoided as a result of financial penalties.

Under the terms of the proposed bill, agencies would suffer a $100 fine for each consumer whose private information is compromised plus $50 for each secondary piece of information belonging to that person.

Equifax would have faced $1.5 billion in fines in this case.

In an industry where money talks, this kind of legislation should convince agencies who manage consumer data to get their act together preemptively before letting consumer data fall into the wrong hands.

Inadequate security and a response the equivalent of a company-wide shrug will no longer be tolerated.

Response by Financial Institutions

The push for legislation and further oversight by lawmakers means that banks, credit agencies, and other financial institutions will need to up their cybersecurity game.

To avoid getting hit with major fines and extensive media blowback, the finance industry will be forced to plan ahead and protect sensitive consumer data from hackers like the group that hit Equifax.

Has your banking institution taken steps towards increased security? Is your board of directors aware or concerned about this legislation? Is your company addressing cybersecurity weaknesses in your systems?

Reaching out to software security experts is the obvious ways to avoid getting hit with major fines or extensive media blowback. With help from tech folks, the finance industry can plan ahead and protect sensitive data from hackers like the group that hit Equifax.

 ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Topics: cyber security financial data security multi-factor authentication Business Intelligence disaster recovery

Mortgage Company Security is Vital for Long-Term Sustainability

Mortgage companies gather loads of personal data from applicants and customers, making the security measures they put in place of the utmost importance. Traditional IT systems provide little (if any) protection from security breaches, theft or loss of hardware, or unexpected disasters. As a result, mortgage firms need to find solutions that will keep both their and their clients’ information safe.

Mortgage company security is vital for sustainability, as no other factor has as much potential to ruin your business. Your mortgage company could employ the best loan officers in the country and provide industry-leading service, but it only takes one data security incident to seriously threaten the success and growth of your business. Between the possibility of litigation, the media exposure, the money lost from wary customers, and the time spent dealing with the damage and the recovery of lost data, a single breach could do irreparable harm to your business.

This is where ABT's cloud-based mortgage software solution, MortgageWorkSpace®, can help your company attain optimal security. Access Business Technologies has created a unique, comprehensive solution for mortgage companies to secure every level of their business.

Mortgage-company-securityHere are three reasons ways ABT's cloud-based solutions provide the security mortgage companies need:

  • They provide a central point of management.
  • Everything is stored in a secure location in the Cloud.
  • They increase a mortgage company’s ability to prevent and respond to security issues.

Central Point of Management

When a piece of hardware is stolen, hacked into, or destroyed because of an accident or disaster, managers can simply call upon ABT's support services from their central point of management. Even if all hardware in the office is wiped out in a disaster, users can access their MortgageWorkSpace® in the cloud, from any device, to manage recovery and security processes.

Secure Location in the Cloud

ABT’s secure cloud servers make mortgage data instantly accessible and recoverable, from any device, in any location.

If a laptop is stolen in the night, all the sensitive information it stores is not only safe from falling into the wrong hands, but also able to be accessed remotely from MortgageWorkSpace’s® cloud interface. Users then have the ability to remotely wipe the hard drive on the stolen or lost device, rendering it useless to a thief or hacker. Work can continue without much interruption, and client and company data remains secured and encrypted.

The ABT Mortgage Cloud removes security risks by simply placing all sensitive data in our secure cloud server. All of your business’s documents are stored in your document vault in the cloud.

Improved Ability to Prevent and Respond to Security Issues

ABT is proud to boast a 97 percent customer satisfaction rate, and our ability to provide quick and expert support for security issues is a major part of that success. The mortgage industry, and the security issues facing it, are changing rapidly as technology continues to advance. This means that the security solutions mortgage companies implement must continuously advance and adapt as well.

Migrating to a cloud-based software like MortgageWorkSpace® gives mortgage companies the support and tools to prevent and recover from any security issue. With our excellent support staff and top-of-line encryption technology, we can help you prevent security breaches from occurring and respond swiftly in the incident that one does. Twenty-four-seven tech support is a great asset to have when trying to find quick answers to security issues that have occurred.

There are many other benefits of using our innovative solutions, but none is more important than reaching optimal security and compliance with your mortgage systems. MortgageWorkSpace® has made business easier and secure for the more than 500 customers we serve.

Seamless integration with our powerful partners, makes migrating your mortgage office to the cloud that much easier. Our experienced team has expertise in Calyx, JVI Solutions, Microsoft products, Office 365, and more. Your current software systems can stay in place and be managed more efficiently with the advanced tools available on your MortgageWorkSpace® interface. If you’re interested in learning more, please contact us today.

Get Started

Topics: mortgage company security financial data security