<img src="http://www.mon-com-net.com/58465.png" style="display:none;">

Mortgage Software Solutions Blog

Mobile Technology in the Mortgage Industry: Big Rewards and Big Risks

Mobile technology promises big rewards AND big risks .jpgMobile devices have revolutionized the way modern businesses function from day to day. Employees can now work from anywhere and from a variety of devices. Workers have more flexibility, mobility, and accessibility, and it’s brought about a number major advantages. In fact, few businesses can completely shut out mobile technology and remain competitive.

But these big rewards come with big risks. Mobile technology is notoriously unsecure, putting data and entire networks at risk. For businesses in the mortgage industry, the rewards of enabling a more mobile workforce are tremendous, but it is also imperative that they take the strongest precautions to avoid data theft and other intrusions.

Understanding Mobile Technology’s Place in the Mortgage Industry

Quick response times are critical for landing new mortgage customers. As such, loan officers need to have access to documents, client information, and internal software, wherever they are.

Mobile technology enables loan officers to stay up to date throughout the lending process. And with the help of cloud-based applications, like MortgageWorkSpace®, loan officers can even access their entire desktop from their mobile devices. These tools enable mortgage employees to photograph and send documents; set up reminders; communicate securely with clients, real estate agents, and internal team members; and check the status of their clients’ applications. Without mobile technology in the mortgage industry, these actions are confined to the office, and these days, that just isn't an option.

Recognizing and Avoiding the Risks

Allowing your mortgage employees the freedom to work from their mobile devices provides immeasurable benefits, but it can also be risky. Two out of three businesses have had a mobile-related data breach, yet only 16% are prepared for security threats from mobile devices.

In addition to mobile devices being more vulnerable to hacks, they are also easily lost or stolen. Yet, many people don't think to dedicate the same level of care and security to their mobile devices that they give to the computer that sits safely on their desk.

Here are some general security tips for mobile devices:

  • A mobile device that holds sensitive information needs to be password-protected and encrypted. The password needs to be a strong one, not easily guessed.

  • Wifi hotspots are a serious risk. Public wifi that doesn't require a login sends data over the air without protection. Anyone nearby can intercept it and pick out passwords or personal information. A cellular connection offers better security, even if it eats into your data limit.

  • Email isn't secure. Sending confidential information by email, especially through public wifi or an unsecured mobile app, can expose it to interception.

  • Many mobile applications are not secure. Try to stick to apps from trustworthy sources, but be aware that even they don't always have great security. Aim to download a small number of high-quality applications, rather than grabbing everything that looks useful.

The Risk of Device Theft

Smartphones and tablets can be insured and replaced, but the real cost of theft is the data those devices hold. A data breach can expose a business to liability if it includes personal financial data such as social security numbers, credit card information, or bank account numbers. Criminals know that mortgage businesses have an especially rich supply of this information.

In the financial industry, the cost per compromised record in 2014 was $259, and it continues to rise. When you consider that a mobile device can easily hold thousands of records, that's a large amount of money for one stolen phone or tablet.

Maintaining the Safety of Your Servers

If your business hosts its own server, security must be paramount. A poorly designed server can be susceptible to serious threats from mobile devices:

  • Data transport may not be properly secured, so spying or in-transit modification is possible.

  • User authentication may be weak, allowing impostors to log in or malware to inject malicious data.

  • Sessions may linger too long, allowing thieves to connect after they've stolen a device.

  • Poorly designed cookies allow abuse. Criminals can reuse and modify them for dishonest purposes.

Mortgage businesses need to pay close attention both to mobile devices and to any web applications or cloud services they use. Any point of weakness can lead to a major breach.

A Better Approach

It's impossible to maintain mobile security while using a haphazard set of approaches. A better approach is to use an integrated software suite that's designed to provide mortgage businesses with the tools they need while maintaining security every step of the way.

ABT's DeviceGuardian™ is a complete mobile device management tool. Compatible with a variety of mobile devices, DeviceGuardian™ allows mortgage professionals to handle their mortgage data with agility and a heavy layer of security. DeviceGuardian™ helps to support company BYOD policies and makes all company devices compliant with Consumer Financial Protection Bureau regulations.

To learn more about DeviceGuardian™ and our other cloud software for a secure mortgage business, please contact us.

Learn More

Topics: mobile workforce mobile technology

Can Your Mortgage Company Meet California's Information Security Requirements?

As a lender, are you protecting the privacy and personal information of the borrowers you serve? Data security is a vital responsibility that you take on when you accept personal information from your clients.

When borrowers fill out that mortgage application or provide financial documents, they are trusting your company to keep that information safe. And you have an ethical obligation—and increasingly, a legal one—to do just that.

California's Push for Information Security

California state officials are pushing for a clear minimum standard that mortgage companies and other businesses of all sizes must adhere to in order to avoid breaches of personal data. They are also working to create a set of guidelines that state officials can use to enforce accountability. California isn't likely to be the only state requiring more attention to data protection. Other states will also be demanding that mortgage lenders and other financial companies meet the standard.

With the February release of the 2016 California Data Breach Report, state Attorney General Kamala Harris has spelled out what expectations California has for its businesses to protect important customer data.

"[M]any of the breaches reported to us could have been prevented by taking reasonable security measures, and an organization that voluntarily chooses to collect and retain personal information takes on a legal obligation to adopt appropriate security controls," Harris wrote in the report's introduction.

The report suggests that all organizations which collect personal information need to meet the 20 critical security controls set out by the Center for Internet Security, and that not doing so shows a lack of responsibility for clients' security and a failure to meet the minimum standard of care.California-pushes-for-greater-Information-Security

The CIS Critical Security Controls

If you aren't sure about your firm's data security, the 20 critical security controls that the California Data Breach Report references are a good starting point. The controls are listed in priority order, and they work in concert to help you create complete security for your data. For example, the 12th control involves protecting laptops and mobile devices. Before you can do that, you must have met the first control, which is to know the devices you have and where they are located.

To help businesses implement these controls, the Center for Internet Security has provided information that explains each action and why it is important. Special attention was given to making sure the controls were implementable for organizations of all sizes, including small businesses.

Putting the controls in place won't stop every hacker or prevent your employees from making mistakes with data handling, but they do represent the best practices that your organization should be following, no matter the size. By taking these steps to actively keep data safe, you prove to your customers, and to your entire staff, that you are taking data security seriously.

Specific Data Security Issues in the Financial Industry

About 18 percent of all the security breaches that occurred in California during 2015 were in the financial sector, which accounted for 13 million individual compromised records. The most common breached data in financial businesses? Social Security numbers. They were compromised in 75 percent of the financial sector's security breaches.

While financial breaches were much less likely to be caused by hackers or malware compared to retail sector breaches, they are more likely to happen because of an internal human error, such as:

  • Sending personal information to the wrong recipients
  • Accidentally posting personal information to a public website
  • Failing to properly dispose of personal information
  • Allowing unauthorized employees to access personal information

This means that mortgage companies need to be especially concerned with having processes in place that protect information from being accidentally released or compromised.

Next Steps to Take

Implementing the 20 controls and staying on top of other data security requirements can be a challenge for mortgage companies. Often, loan officers take work home; are they protecting data in all the locations from which they work? Many mortgage companies are smaller firms; do they have the resources in place to implement these controls?

The answer is using a third-party platform that can exceed security requirements, while making it easy for employees get their work done. A tool like MortgageWorkSpace™ from Access Business Technologies allows companies of all sizes to get work done securely from any location. Here's what the DocumentGuardian® component of ABT's software does:

  • Uses the latest encryption and banking standard protocols, including 256-bit encryption and SSL/TLS transfer protocols, to ensure information is kept safe from security breaches, hackers and identity thieves.
  • Allows emails and files to be transferred using the same high-end encryption.
  • Provides a secure workspace environment so you are not storing financial data on individual computers, laptops, or mobile devices.
  • Maintains files in an ultra-secure, state-of-the-art, enterprise-class data center.

Using the right software platform can also minimize the risk that employees will make critical errors that lead to the public release of private data. It is important that the software is not just secure, but it’s easy to use.  Making sure you provide secure easy to use software increases compliance and therefore increases security.

Contact us for more information on using MortgageWorkSpace™ to secure your mortgage company's data. Doing so can help you comply with state and federal audits and give you the peace of mind that you are keeping your borrowers safe.


Demo

Topics: mobile security mobile device security mobile workforce

Securing Your Mobile Workforce in Your Mortgage Company

These days, more and more mortgage companies are beginning to implement a mobile workforce. However, with this newfound mobility comes a number of potential security risks. When mortgage loan officers need to access or enter sensitive information from their mobile devices, they run the risk of exposing that information to security threats.

When a mortgage company focuses more on mobile convenience and less on security, this can become a risky routine. While it's easy to tuck security concerns away due to complacency, data can easily get stolen without the company even knowing. It could happen to your own mortgage company, especially if many of your loan officers work away from the office.

While having a mobile workforce provides some welcome freedom to your loan officers, security for your clients, and the company as a whole, becomes a real concern. As a result, your lenders may not feel confident in their tools or their ability to provide secure and reliable services to clients.

Perhaps by now, you've conducted searches to find a security tool that integrates well with the mortgage software you’re already using. However, your search may have run into snags, since many security tools don’t offer the kind of specific protection the mortgage industry needs.

At Access Business Technologies, we've developed MortgageWorkSpace®, a Cloud-based mortgage desktop that integrates perfectly with all common mortgage software brands and, more importantly, provides a means of security like few other solutions on the market today.mobile workforce

Let's see how this tool protects your mortgage business and gives your loan officers peace of mind when it comes to mobile security.

A Managed Cloud for Personal Data

The mortgage business is one industry that requires quite a bit of personal information from its clients. Your loan officers already know that it's extremely risky to take so much financial information from clients and store it in a private server without monitoring.

If you have your own on-site server, you may not have the extra money to pay for proper 24/7 monitoring. You may do this only because operating an on-site server is already enough of a monthly expense.

Using a cloud solution is the answer the mortgage industry has been looking for. MortgageWorkSpace® stores all of your client data in our fully monitored cloud server for full-time protection. However, your data doesn't become more difficult to access like it might with other storage solutions. Your applications are accessible in an instant, from anywhere you have an Internet connection.

Having a holistic security solution in place not only gives your loan officers peace of mind, but also your clients. Knowing your mortgage company takes mobile security seriously will make your clients feel more comfortable giving out their personal information. It's worth every effort that your lenders show your clients exactly what kind of technology they’re using to keep their private data safe. If not, clients could easily get scared and end up heading to one of your mortgage competitors.

Adhering to Consumer Financial Protection Bureau Regulations

The Consumer Financial Protection Bureau constantly updates their rules, and our MortgageWorkSpace® helps you stay compliant with every regulation. It's rare to find other mortgage programs that help you stay up to date on CFPB amendments without mistakes or overlooking recent rule changes. MortgageWorkSpace® makes compliance easy to achieve and maintain, no matter the current regulations.

Your loan officers should also take time to explain all CFPB regulations to clients, so they understand what's at stake and what regulations are in place to protect them. The more your clients understand how you are working to keep their information safe, the more they'll develop a sense of trust in your mortgage company. They'll know you don't place mobile convenience ahead of client security, just to make your team of loan officers more comfortable.

Contact us at Access Business Technologies to learn more about MortgageWorkSpace® and how well it integrates with your current software, while protecting client data. Want to see for yourself? Request a demo below. 

Demo

Topics: mobile security mobile device security mobile workforce