Mortgage Software Solutions Blog

How New York’s Latest Cyber Security Law Will Impact You

sgfhj.jpgNew cyber security laws in New York mean strict accountability for businesses.

Cyber security is on the brink of an unprecedented crackdown in New York.

The finance industry is preparing for a new normal that looks vastly more stringent than before.

Part reaction to consumer outrage and part finger-pointing to the market for accountability when it comes to data breaches, the regulation titled Cybersecurity Requirements for Financial Services Companies (2017) is a broad re-draw of the rules by the state regulator.

In a country where the sector has historically played fast and loose with handling missteps, all eyes are watching to see how quickly it can adapt to the new normal.

As everyone settles in for the ride, industry insiders are already forming hypotheses about how far this new regimentation will reach.

Laying Down the Law

The new law outlining consumer data security measures in New York State is the first of its kind in the United States.

Officially released in March of 2017 with a built-in year of lag time, the enforcement date has arrived. As of Thursday February 15, 2018 enforcement is in full effect.

Financial institutions are expected to have stepped up their game in safeguarding computer systems and the sensitive information stored inside. A full guide to the highly prescriptive requirements can be found here.

The end goal is to avoiding security breaches by making businesses sufficiently fearful of repercussions. If they do foster an environment that allows for future problems or leaks of personal data, the stakes are high.

Who the Law Affects

The current law has been interpreted to include all banking, insurance, lending, and mortgage brokerage firms that are operating in New York. Every company under that heading will be held to the new standard.

This means that entities must get in gear to assess their actual and potential cybersecurity risks and make a solid plan to mitigate them.

The good news for IT departments is that due to the highly detailed guidelines about policy and the use of technology to patch up the security gaps, they have rather exact instructions to follow.

Beyond State Lines

At first glance, companies outside of New York might assume they have been spared from the harshest regulations in the country. After a closer look, it seems imminent that the change will have a wide-ranging impact.

Going forward, consumers will rely on their financial institutions to keep personal data safe. Not only are the expectations high, but the safety net sets the stage for demanding the same in other states.

Mortgage companies across the country are targeted by hackers due to the quantity of information and the quality of its use for fraud purposes. Companies outside of New York in the same industry should brace for the arrival of comparable laws on their home turf.  

Out-of-state entities with branches in New York should have a response as well, even before their own states begin drafting something similar.

In fact, other states are already following suit. Colorado and Vermont introduced their own measures within months after the NY regulation was put in place.

Vermont’s law names “securities professionals” as the intended subjects of its tighter regulations. Without specifying banks, the use of this broad term leaves the door open for enforcement with entities that may not previously fall under the state’s traditional regulation agencies.

As a global financial hub, even entities doing business in New York should consider getting the jump on re-assessing their policies as a continuity plan.

Beyond the Finance World

The effect of intensified scrutiny over cyber security practices will logically spill over to third-parties who work in the finance world and businesses who directly manage cyber security for the industry.

Fortune magazine goes one step further, predicting that ripple effect will go well beyond the financial industry. It could cover security events by any business that stores personal data “from point-of-sale to payroll providers.”

After that, it seems the industry shake-up will likely bleed into any major industry that houses consumer data using any sort of technology. These days, companies who aren’t keeping customer information in a computer system are few and far between.

The only thing the industry seems sure of is how this trend in accountability will not be contained by state lines or by industry.

In the early days of this new law’s enactment, the extent of this chain reaction is yet to be seen.

Over the next fiscal year, New Yorkers will lead the way, with countless gazes focused on them for cues of how to adapt.

ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.


Topics: Compliance Due Diligence cyber security mortgage company security financial data security cybersecurity mortgage business mortgage industry Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit cloud-based data Mortgage Lending 23 NYCRR Part 500 NYSDFS network safety

5 Things You Should Do Now to Prevent a Data Breach


Mortgage providers are responsible for managing people's personal and financial information in relation to their most valuable asset: their homes.

For many businesses, this is cause for concern, as large corporations appear in the news every other day as a result of another significant data breach. This causes many mortgage companies to wonder (and worry about) how to prevent a data breach from happening to them.

The following are five tips that your mortgage company can implement today to begin securing your systems from a cyberattack. These tips will also help you provide better customer service by protecting personal identification information.

1. Implement Secure Passwords

There are many criteria to be met when creating a secure password, and it’s important that your entire team understands and adheres to these best practices.

Your first step should be to improve education for employees on how to handle password creation. Whether in the form of a company-wide memo, a formal training session, or an online tutorial, training should be thorough and easy to understand. Mortgage companies should make concerted efforts to inform employees on how to create a strong, secure password.

The right vulnerability management solution will require employees to create passwords that include more than just letters or numbers. Passwords should include a combination of letters (lowercase and uppercase), numbers, and characters, in order to create a password that can’t be cracked by hackers.

Multi-factor authentication should also be implemented throughout your business to ensure employees are protected if their login information falls into the wrong hands.

2. Insulate Database Information Depending Upon Needs

Underwriters require specific information that may not be relevant to customer service or sales team members. Although many businesses are tempted to keep as much information as possible in their CRM for more targeted marketing, mortgage companies have so much information on their customers that it is essential to separate customers’ sensitive information from the general contact information necessary for CRM systems.

3. Enact Employee Education Protocols

One of the greatest areas of vulnerability for a business is its employees. The Stuxnet virus, which targeted Iran's nuclear program, was downloaded onto thumb drives by engineers off-site and transported into the secure computer systems managing the centrifuges. In this example, no amount of internal security could protect them from the mistakes of their employees outside of the facility. The fact of the matter is that employees are the most uncontrollable aspect to your business.

Provide company-wide education, and enstate policies that ensure your employees use strong passwords, separate work and personal activities, do not subscribe work email addresses for marketing or political emails, and understand what to do when they are the target of a phishing email, "virus alert" pop-up, or any of the other tactics used by cyber criminals to target unwary computer users.

4. Educate Customers On Privacy, Identity, and CyberSecurity

For mortgage companies, customers are a vulnerability that are completely outside your business's work systems. A customer can be the target of mortgage cyber-attackers perpetrating fraud by mirroring your website, causing possible loss of services and capital.

Make your customers aware of the methods you use to contact them. If you have an outbound call department for customer service or sales, ensure that it follows industry practices, and teach customers how to identify if a call is from you. It is also a good idea to provide generally trusted phone communication information (never give out certain information to an untrusted number, ask for a call-back number and look it up, etc.).

Set up policies for predictable methods of managing customer accounts and inform customers of those policies. For example, make it a policy to never ask for any account information via email, only set appointments on the phone, or use multi-factor identity verification.

5. Outsource With a Trusted Mortgage Services Provider

Finally, it is important to understand that many small mortgage companies do not have the IT staff necessary to properly manage their internal security. With cloud-based mortgage systems like those from ABT, there are options for outsourcing IT and data management to experts in the industry who are able to provide high-quality and secure mobile management software.

Rather than facing all the risk internally—including vetting IT security team members, who are inherent risks for an organization—outsource it! Access Business Technologies, a leader in providing virtual workspaces for mortgage companies, has a leadership team with 15 years of success providing secure systems to mortgage businesses. We provide dedicated account executives to ensure that they understand your business processes and needs, and work with a network of local IT technicians so that on-premise IT problems can be solved in 24 hours or less.

Outsourcing means you will have professional IT services at your fingertips and ready to scale your business, whether you have ten branches or hundreds. A good IT outsourcing team will not be tied to any one software system, but will have the tools and experience necessary to manage any software and hardware. Contact us for more information on outsourcing IT.

Learn More

Topics: data security mortgage company security

How to Protect Your Mortgage Company From Viruses, Trojans, and Worms

What would happen to your mortgage company if it were hit with a serious computer virus or other malware? Could your company survive both the immediate and long-term financial impact of your critical data and client records being compromised or lost? More importantly, could your company weather the loss of customer confidence in your ability to protect their data?

Data security is essential for any mortgage business, and failure to adequately protect that data can be catastrophic.


At one time, computer security was very simple. Viruses were spread directly from computer to computer on floppy disks. The viruses could be hidden inside the files on the disk, or hidden in the very structure of the disk itself as a boot sector virus. Avoiding a computer virus was a simple as never accepting files or floppy disks from unknown sources.

Then came networks, which allowed computers within an organization to freely share files—and viruses. This was quickly followed by the development of the internet, which gave viruses access to computers not just on the local network, but anywhere in the world. This was followed by the introduction of email, which gave viruses an entirely new way to spread from machine to machine and network to network.

And then came the rise of viruses hidden within macros inside of common document files, such as Word or Excel. Suddenly, almost without warning, businesses and computer users found themselves in a losing war against a constantly evolving army of viruses and assorted malware. Computer security quickly became a battleground, and far too often, the virus creators were on the winning side.

But what exactly are computer viruses? And what differentiates a computer virus from other forms of malware (an umbrella term used to describe destructive, malicious computer code) such as worms or Trojans?

Let’s take a brief look at viruses, trojans, and worms, and the differences between each.


A virus is a malicious program that reproduces or replicates—just like a living virus—and creates copies of itself. These copies may be stand-alone files that mimic the names of real files or executables in an attempt to trick users into opening or running them. The viral payload may also copy itself into the file structure of a legitimate file or program. Once the file or the program is open or executed, the virus can do various things, depending on the intent of the virus creator. For instance, the virus may do something fairly benign, such as simply display a message, or it may do something far more destructive.

Destructive viruses may erase or encrypt critical system files or user data files, or reformat the computer hard drive. Regardless of the level of destructiveness of a virus, all viruses can cause considerable performance issues for computers by consuming system resources, such as memory, processor cycles, and hard drive space—all of which are needed for legitimate programs and user operations. There are five major recognized categories of viruses:

1. File Infector Viruses

File infector viruses inject their code into a legitimate executable (.exe) or command (.com) file and spread by infecting other files each time the infected file is run or accessed. This type of virus is often memory-resident. This means that if you run an infected file from a disc, USB drive, or other removable media, and then disconnect that media from your computer, the virus is still active in your computer’s memory and can still infect other files.

2. Boot Sector Viruses

Boot sector viruses infect hard drives on the structural level, in an area of the disk called the boot sector. When starting your computer from a hard drive, the boot sector is the very first part of the disk the computer looks at. This is the area of the disk where vital information needed to start or ‘boot’ the computer is stored. This means that a virus hidden in this part of the disk is loaded into memory before any operating system or antivirus software is loaded. Boot sector viruses are also memory-resident and can infect any disk inserted into the computer after it is booted.

3. Multipartite Viruses

The worst of both worlds, these viruses combine the traits of a file infector virus and a boot sector virus. Because of this, this type of virus can be both very destructive and very hard to remove from an infected computer.

4. Master Boot Record Viruses

These are similar to boot sector viruses but with one important difference; these viruses save a copy of the ‘clean’ or original boot records elsewhere on the disk, where it can usually be recovered using special software such as disk recovery tools.

5. Macro Viruses

Beginning with Microsoft Office 97, Microsoft introduced the ability to create custom functions and to automate tasks in common Office applications, such as Word and Excel, through user-created macros. Based on Visual Basic, macros opened an entirely new way for malicious coders to create harmful viruses. Macros are now one of the most common and destructive types of viruses in existence.

Trojan Horses

A Trojan horse is not technically a virus, since it does not reproduce or replicate like a true virus. Instead, a Trojan horse pretends to be something desirable to a user—an application, an email attachment, or a document—that conceals a malicious payload that, when triggered, can delete or damage user data or system files.

A large number of Trojans compromise computer security by downloading viruses or other threats, such as botnet clients. Botnet clients can enslave computers to work in tandem as an element in an illicit network. Such networks are often used to breach the security of other computers or computer networks. Botnets are also commonly used to take down websites or entire networks by flooding them with data requests in what is known as a distributed denial of service (DDOS) attack.


Worms are a form of malicious program that replicates itself from computer to computer. Unlike a virus, a worm does not rely on an infected file to spread. Instead, it is the infected file. Worms often exploit security holes to spread quickly from computer to computer within a network or across the internet. Worms can spread exponentially and can quickly bring a network to its knees by generating overwhelming network traffic as they spread from computer to computer.

Now that you are familiar with the most common forms of malware, the next question is simple: What can your business do to protect itself against these threats?

Proper security and data protection require a comprehensive plan. A properly managed and maintained antivirus program that protects against mortgage cyber attackers is a critical part of that plan, as is a firewall to protect against threats originating outside of your network.

However, antivirus software and a firewall are only two pieces of a total data security package. For true protection, you need a partner who is familiar with the special needs of mortgage companies and who has the experience to provide the protection you need.

ABT can be that partner.

Our unique cloud applications, DeviceGuardian™ and EmailGuardian™, can be added to any computer or mobile device to give you the peace of mind you need to know that your data is protected and secured from outside threats. DeviceGuardian™ technology offers full Consumer Financial Protection Bureau (CFPB) regulatory compliance for secure device management, with fully managed antivirus protection and secure data backup.

EmailGuardian™ uses sophisticated, multi-layered detection engines and intelligence to protect email data and employees from malware, spam, advanced threats, and zero-day attacks. With over 18,000 customers, EmailGuardian™'s threat intelligence and adaptive network are constantly improving defenses to eliminate new and advanced threats. It is also works to contain spear-phishing attempts by reviewing every URL for threats, and to ensure spam and malware don’t reach your network.

Contact us today to see what Access Business Technologies’ DeviceGuardian™ and EmailGuardian™ can do for your company.

Get Started

Topics: mortgage company security

3 Ways the Cloud Bolsters Your Mortgage Company Security

Cyber thieves are amping up their attacks on major banks and the U.S. Federal Reserve. Recently, $81 million dollars was stolen from a Bank of Bangladesh account at the New York Fed. Cybersecurity officials are rapidly securing possible entry points for cyber thieves, finding that the most ordinary access points, such as email and social media accounts, can be all a thief needs to gain access to highly sensitive data. What does this mean for mid-sized lenders in the mortgage industry?

If large-scale organizations are strengthening their security measures, then mid-size organizations should do the same. Your organization is only as strong as your weakest partner. However, by placing your data in the cloud and securing access through a single, secure portal, your organization can better protect against a breach. This type of vulnerability management solution can be key to keeping your clients protected.


Here are three ways the cloud bolsters your mortgage company security:

1. Maintain Banking Standards and Compliance

Experts forecast that the mortgage industry is moving toward banking standard regulations, which is one way to avoid an increasing number of breaches within the mortgage industry. Jeff Bernstein of T&M Protection Resources, a New York City-based information security firm, told Scotsman Guide:

It is not just the mortgage company that comes into contact with the consumer data. It is also their business partners. A typical loan will include other parties. There will be attorneys involved, loan servicers, title companies, insurance companies, and a company that collects consumer data is only as secure as its weakest partner.

Loan officers accessing information via MortgageWorkSpace®’s single, secure web portal are able to aggregate information in a secure workspace, providing peace of mind to customers and maintaining above-standard compliance.

2. Integrate Software and Data Securely

Cloud-based dashboards, like those provided by MortgageWorkSpace®, provide users with an interface that accesses Encompass, office software, and email from any device, without the need to update software or security on individual computers. This is especially important given clients' wishes for fast service, as well as for meeting industry deadlines.

With everything a loan officer needs immediately at their disposal, even mid-scale lenders can stay competitive in an increasingly aggressive industry.

3. Eliminate the Need for Personal Files

Loan officers move on from an employer when they seek opportunities elsewhere, but the client lists and documentation they received during their tenure shouldn’t walk out with them. Regulatory privacy guidelines must be followed, even when an employee moves on.

While employees are still in the fold, keeping a separate company database for proprietary information and privacy-bound data is essential for mortgage lenders, credit unions, and small banks. This does not mean that former employees cannot have access to their curated client lists—many do—but those lists should not contain any proprietary information, as outlined in your organization’s employment contracts.

Brad Finkelstein of National Mortgage News quotes former mortgage originator, Karen Deis:

If the loan officer is going to maintain a dual database, they [should] not have any personal information, like social security numbers, date of birth and all of that . . .

Since secure cloud environments like MortgageWorkSpace® offer loan officers access to proprietary data in a secure environment, any information the officer keeps on Excel spreadsheets should not contain private information. Those spreadsheets and other documentation systems lack the security provided by the cloud.

Providing officers with a secure, cloud-based database protects clients from mortgage cyber-attackers. It also safeguards the company and the loan officer, ensuring loan officers do not have access to this information when they leave the organization, and that they do not take any information with them.

For more information on how cloud security, seamless updates, and cloud technologies can assist your mortgage company in maintaining compliance and increasing customer trust, please contact us.

Learn More

Topics: Mortgage Cloud Services mortgage company security

Improve Mortgage Company Security with Centralized Cloud Computing

More and more, financial institutions are being forced to grapple with security issues, concerning the advanced technologies their employees and vendors are using in day-to-day business. While some are embracing SaaS cloud computing for a more centralized and secure way of lending, others are apprehensive about embracing the transition.

The truth is, traditional IT departments are failing to adapt to the increasing security demands of the modern technology that their employees and vendors are using. This failure shows a valid need for financial companies to find a secure and centralized cloud computing system that provides their workforce with the tools they need for optimal efficiency.Mortgage-company-security

Mobile Workforces are the Game Changer

Advanced mobile technology is changing the way mortgage companies and their clients interact and do business in the world today. The availability of efficient apps, through smartphones, tablets, and other mobile devices, is giving mortgage professionals more tools and options with which to conduct business. The problem is that many of these options may not be approved by traditional IT departments and often create security risks.

For instance, if an employee uses Gmail to send and save sensitive data or a note-taking app to track unsecured customer information, they could be putting that information at risk, without even realizing it. For large institutions (with hundreds or thousands of employees), controlling the apps used to conduct day-to-day business with clients is becoming more difficult for their IT departments.

The risk of sensitive data being leaked through an unsecured cloud-based app (from an employee or vendor) is a real problem. As this becomes an increasingly common challenge for mortgage lenders, the best solution is to find a reliable, cloud-based software provider to partner with.

How Transitioning to the Cloud Can Help Mortgage Company Security

By transitioning to a secure, cloud-based platform, mortgage companies can provide their employees with the advanced mobile tools they need, while ensuring a controlled secure environment for all sensitive data.

Access Business Technologies provides a flexible cloud platform called MortgageWorkSpace®, which is designed specifically for mortgage companies. This SaaS will support and protect mortgage professionals and customers throughout the entire lending process. No longer will lending professionals need to use unsecured apps to conduct efficient day-to-day tasks, as ABT gives them tools such as:

  • Email encryption
  • Custom email signatures
  • Security Compliance
  • Custom cloud interface
  • Document management
  • Multiple system back-ups

Through our MortgageExchange™, we can seamlessly connect third-party services to a client's work space in our secure private cloud. And with our DocumentGuardian, your clients will have a secure, fast, and easy way to share their personal documents with lenders.

No longer will documents and secure data from borrowers be stored on individual computers and devices. With ABT’s suite of mortgage security services, you can access all of your data in one centralized, secure data center. This means more control and easier access to the important documents needed for day-to-day business.

Centralize for Security and Ease of Access

ABT's MortgageWorkSpace® is an innovative SaaS that gives financial institutions the perfect solution for creating a secure and controlled environment. MortgageWorkSpace® acts as a secure mobile desktop that provide seamless access to all of the applications and software systems your company knows and loves.

An entire workforce will have access to an easy-to-use interface, which integrates all of the current technologies your mortgage professionals need to conduct efficient and secure business with their clients.

No longer will financial institutions have to worry about vulnerabilities caused by unsecured mobile devices or applications used by your workforce. Through the cloud workspace portal, they can access email, files, databases, software applications, and programs anywhere, at any time, and on any device!

Financial institutions are faced with a future of ever-growing regulations concerning security and compliance, as well as rapidly advancing technologies, which their traditional IT departments may be struggling to keep up with. In light of these challenges, many mortgage companies are seeking a centralized cloud computing solution.

ABT is dedicated to helping mortgage companies secure their valuable data without sacrificing speed and efficiency. To learn more about how ABT can help your company make the cloud transition, please contact us today.

Get Started

Topics: ABT MortgageWorkSpace mortgage company security

Mortgage Company Security is Vital for Long-Term Sustainability

Mortgage companies gather loads of personal data from applicants and customers, making the security measures they put in place of the utmost importance. Traditional IT systems provide little (if any) protection from security breaches, theft or loss of hardware, or unexpected disasters. As a result, mortgage firms need to find solutions that will keep both their and their clients’ information safe.

Mortgage company security is vital for sustainability, as no other factor has as much potential to ruin your business. Your mortgage company could employ the best loan officers in the country and provide industry-leading service, but it only takes one data security incident to seriously threaten the success and growth of your business. Between the possibility of litigation, the media exposure, the money lost from wary customers, and the time spent dealing with the damage and the recovery of lost data, a single breach could do irreparable harm to your business.

This is where ABT's cloud-based mortgage software solution, MortgageWorkSpace®, can help your company attain optimal security. Access Business Technologies has created a unique, comprehensive solution for mortgage companies to secure every level of their business.

Mortgage-company-securityHere are three reasons ways ABT's cloud-based solutions provide the security mortgage companies need:

  • They provide a central point of management.
  • Everything is stored in a secure location in the Cloud.
  • They increase a mortgage company’s ability to prevent and respond to security issues.

Central Point of Management

When a piece of hardware is stolen, hacked into, or destroyed because of an accident or disaster, managers can simply call upon ABT's support services from their central point of management. Even if all hardware in the office is wiped out in a disaster, users can access their MortgageWorkSpace® in the cloud, from any device, to manage recovery and security processes.

Secure Location in the Cloud

ABT’s secure cloud servers make mortgage data instantly accessible and recoverable, from any device, in any location.

If a laptop is stolen in the night, all the sensitive information it stores is not only safe from falling into the wrong hands, but also able to be accessed remotely from MortgageWorkSpace’s® cloud interface. Users then have the ability to remotely wipe the hard drive on the stolen or lost device, rendering it useless to a thief or hacker. Work can continue without much interruption, and client and company data remains secured and encrypted.

The ABT Mortgage Cloud removes security risks by simply placing all sensitive data in our secure cloud server. All of your business’s documents are stored in your document vault in the cloud.

Improved Ability to Prevent and Respond to Security Issues

ABT is proud to boast a 97 percent customer satisfaction rate, and our ability to provide quick and expert support for security issues is a major part of that success. The mortgage industry, and the security issues facing it, are changing rapidly as technology continues to advance. This means that the security solutions mortgage companies implement must continuously advance and adapt as well.

Migrating to a cloud-based software like MortgageWorkSpace® gives mortgage companies the support and tools to prevent and recover from any security issue. With our excellent support staff and top-of-line encryption technology, we can help you prevent security breaches from occurring and respond swiftly in the incident that one does. Twenty-four-seven tech support is a great asset to have when trying to find quick answers to security issues that have occurred.

There are many other benefits of using our innovative solutions, but none is more important than reaching optimal security and compliance with your mortgage systems. MortgageWorkSpace® has made business easier and secure for the more than 500 customers we serve.

Seamless integration with our powerful partners, makes migrating your mortgage office to the cloud that much easier. Our experienced team has expertise in Calyx, JVI Solutions, Microsoft products, Office 365, and more. Your current software systems can stay in place and be managed more efficiently with the advanced tools available on your MortgageWorkSpace® interface. If you’re interested in learning more, please contact us today.

Get Started

Topics: mortgage company security financial data security