Mortgage Software Solutions Blog

ABT Leads the Digital Transformation of the Mortgage Lending Industry

ABT Leads the Digital Transformation of the Mortgage Lending IndustryA laptop on the desk of a finance professional.

There is no slowing down for mortgage lenders in 2018.

Mortgage volume in the US is expected to grow and according to National Mortgage News, lenders increasingly view technology as a way to gain a competitive advantage in the growing market.

While some lenders embrace the efficiency that technology gives to the industry, a full 29% describe technology initiatives as a “necessary evil” of the industry.

Access Business Technology, a California-based fintech company, is determined to bring the industry up to speed and usher in the digital transformation of the mortgage industry.

ABT Deploys Quality Hardware & Software

Access Business Technologies (ABT) is a fintech consultant focused on technological advancement for the finance world. The company deploys both hardware and software meant to advance the technological capabilities of their clients.

For hardware, ABT deploys the Surface Pro armed with MS Office 365 for finance professionals who need the best tools for communication and collaboration. This combo provides a quality all-around foundation for finance-focused companies looking to standardize or reduce their device inventory.

ABT is also software developer with award-winning platforms created specifically for mortgage lenders. They have an array of software solutions for lenders that are up-and-running quickly while providing a seamless work environment for staff.

By working with a fintech expert like ABT, lenders save money and get a premium setup with premium service from a single channel.

ABT Provides Secure Cloud-Based Infrastructure

Quality software and hardware are not the only considerations for ushering in an age of technology in the mortgage industry.

Infrastructure also affects staffing. How can mortgage companies attract the best talent?

Flexjobs, a resource for remote workers, reports that workplace flexibility is becoming more important. From 2014 to 2017, the number of people who quit a job due to lack of flexibility has doubled.

Cue the new standard for business: the cloud-based work environment.

The cloud-based platforms that ABT offers to the world of fintech are a major solution to the increasingly remote work environment. Clients who migrate to the cloud don’t need to worry about scaring away talented finance professionals who demand flexibility.

Though the cloud is a relatively new requirement for finance companies, ABT has ensured that security is a first priority. ABT, with its finger on the pulse of the mortgage industry, has focused their fintech developments on cyber security and ensuring that data breaches are not a danger for their clients.

ABT provides cloud-based protection for Office 365 email from being hacked. ABT also provides a host of safeguards including multi-factor authentication, phishing protection on email, as well as encryption and security programs for lost or stolen devices.

ABT is the Mortgage Industry Tech Expert

With hardware, software, cloud-based infrastructure, and cyber security covered, ABT has set a new bar for fintech in financial institutions.

The push to remain at the cutting-edge of mortgage technology comes from an understanding of the industry. ABT knows that a quality tech setup gives lenders the ability to provide the best quality of service to customers.

ABT’s drive to develop quality solutions earned the company classification as a Microsoft Gold Level Partner. As a trusted developer for Microsoft solutions and the experience of deploying Office 365 in the mortgage industry, ABT is digitally enabling a newly mobile generation of mortgage workers.

Through integration and device support, ABT allows mortgage lenders to work even more flexibly and productively.

At the forefront of fintech, ABT hopes to continue the trend in the United States of increasing mortgage volumes by continuing to accelerate the industry along a full path of digital transformation.

To find out more about how ABT empowers financial professionals by using technology to transform the way they work, check out the Access Business Technologies blog.

Image: Unsplash

Topics: mortgage software integration multi-factor authentication cybersecurity mortgage documents security cloud storage productivity mortgage business data warehousing mobile technology Consumer Finance Protection Bureau Compliance Audit cloud-based data Housing Market Mortgage Lending

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

4 Ways Loan Management Software Improves the Mortgage Experience

4 Ways Loan Management Software Improves the MortFinancial management software makes everyday interactions smoother for mortgage lenders.

Mortgage software has relied on legacy infrastructures and paper processes for far too long.

In almost every other sector, interactions between banking institutions and customers have moved online.

Web-based transactions for commerce are increasing annually. In 2017, global e-retail sales amounted to 2.3 trillion U.S. dollars and projections show a growth of up to 4.48 trillion U.S. dollars by 2021.  As retail transactions migrate away from brick-and-mortar, the rest of the banking world plays catch up.

In the mortgage world, loan management software offers lenders high-tech solutions to keep them on the cutting edge of the finance world.

Here are the 4 ways that loan management software improves the mortgage experience.

  1. Centralized Access to Document Management

Cloud-based domain services store data on the cloud instead of on a localized server. This gives mortgage companies access to business-critical data from virtually anywhere. Office PCs, employee-owned laptops, and even mobile devices can capitalize on business opportunities anywhere that lenders are interacting with clients.

Loan management software like MortgageWorkSpace (MWS) offers a “portal” or single point of entry to all employees with internet access.

Users can synchronize their user settings and application settings data to the cloud, providing a unified experience across their devices and reducing the time needed for configuring a new device.

Lenders prefer the speed and breadth of information that online-based software provides. When lenders have quick access, customers get quick responses and customer service is perceived as fast and convenient.

Not only does this portal make remote work possible, but it keeps things secure as the mortgage industry embraces the remote working environment.

  1. Improved Security for Client Data

This single point of access protects company assets through multi-factor authentication, ensuring that data remains secure.

Further cyber security measures are managed using Windows Defender, an anti-malware component that keeps intrusions at bay for all devices joined to the MortgageWorkSpace network.

With MWS, there is a cloud-based firewall protecting the devices joined to your lending company’s network as well.

When security events do happen, this software gives the company the ability to remove company data from a mobile device or PC via remote access. This means that even if an employee’s device is stolen, the mortgage software keeps sensitive personal and financial information safe from hackers. 

  1. Effortless Compliance

Running parallel with cyber security, this software handles compliance regarding data security without needing to purchase, integrate, or maintain separate compliance software. MSW has what the industry calls “built-in” compliance features.

Other compliance issues faced by the mortgage industry are included in MSW. Documentation, record keeping, document expiration, and record retention are all features of this platform. This means that lenders using this software are always prepared for an audit without the last-minute scramble.

 In comparison to wider umbrella software, this platform is specifically built and maintained by developers who know the mortgage world.

Developed by California-based ABT, the company is an industry leader and watches the horizon for mortgage legislation that will affect their product’s performance. Lenders using MSW can be sure their software is not only up-to-date with compliance but that it will on boarding the most important finance trends as they happen.

  1. Integration Builds Capacity

Though compliance features are built-in, the platform remains flexible so that your lending company can utilize applications that give a competitive edge.

The Mortgage BI (business intelligence) dashboard powered by Microsoft gives unrivaled visibility to company data. This leads to data-based business decisions that improve the bottom line.

Analysis isn’t limited by this platform’s own BI capabilities though. MSW is vendor neutral so it integrates with loan origination systems, CRMs, Saas apps, on-premises networks, and plenty of proprietary software that makes business run more smoothly.

The days of paper-heavy processes for buying houses are numbered.

Developers are producing these sophisticated platforms that make the mortgage process better.

New financial management software is cloud-based, safe, and expandable. Customers can now enjoy a seamless experience thanks to platforms that give mortgage lenders speed and flexibility in their work.

Good software means agile lenders, which in turn means happy customers.

Does your mortgage company have outstanding software that improves this end-to-end experience?

MortgageWorkSpace is the award-winning business solution that mortgage lenders need. Learn more by visiting ABT.

Image: Unsplash

Topics: mobile device security email security data security phishing multi-factor authentication Business Intelligence cybersecurity Mortgage BI mortgage documents cloud storage productivity mortgage business mortgage industry cloud-based data Housing Market Mortgage Lending disaster recovery MBA

Why Mortgage Companies Need Built-In Compliance Tools

blog pic for Why Mortgage Companies Need Built-InBusiness data is available at your fingertips, but is it protected?

If your mortgage company isn’t talking about advanced data governance, you’ve missed the memo.

Mortgage companies around the world are facing 2018 with a regulatory backlash as a result of data breaches in the US and Europe.

Every company is scrambling to find the best cybersecurity options for financial data and figure out how to comply with stringent reporting regulations at the same time.

How can your mortgage company ensure that you are up-to-date with the newest industry standards in data governance?

Bolt-On vs. Built-In Data Governance

There are two types of compliance tools that financial institutions can use to follow the law.

Bolt-on refers to compliance tools that a business implements to interact with their existing computer-based financial systems.

Built-in refers to governance features that are part of the same computer system that they use to do their daily business activities including customer retention, storage, and database systems.

Bolt-on tools are a non-integrated option from the first wave of computer data compliance. Systems with built-in compliance features and built-in threat protection are the modern solution to meeting compliance standards.

Built-In Compliance Runs at the Speed of Business

The main issue with bolt-on tools is that they lack the visibility necessary to maintain compliance and keep moving at the pace of the company. For example, when working with outside vendors, mortgage companies are responsible for verifying vendor security.

The legal industry reports that using bolt-on tools can delay the on boarding of third-party vendors for up to 17 days and slow down overall revenue growth. Built-in options, due to being native to the system, move faster.

Built-ins can also coordinate with IT permissions on devices such as laptops and tablets used by third-party employees to access sensitive data. They offer high interactivity while bolt-on tends to offer single-process patches for cybersecurity issues.

As regulatory agencies push for never-before-seen requirements, bolt-on solutions don’t make financial sense anymore.

The True Cost of Built-On Compliance

Though switching to a new system is an investment, bolt-on solutions are actually more expensive in the end. The incremental investment is limitless; each new regulation requires a new patch.  

Instead, built-in systems work backwards by going all-in. They offer extreme security features that allow a company to scale back to the compliance limit.

Bolt-on solutions also cost man-hours. It creates busy work for employees who handle information instead of receiving a completed system report. When you factor in confusion and redundancy, the hours start to add up.

In the US, a time lag in reporting can mean trouble. New York State is blazing the trail for new cybersecurity regulations by mandating that mortgage companies have less than 72 hours to officially report a cyber attack or else face financial penalties.

With a built-in system, alerts are immediate and coverage is full from day one. Your financial services institution is protected from the risk associated with litigation and data breach.

Built-In Protection from Data Loss

ABT, a California-based company, has developed a platform for mortgage companies with built-in compliance tools called MortgageWorkSpace.

Systems like this take compliance out of employees’ hands and create strict policies that are enforced by the platform itself.

Since financial institutions are legally required to hold onto sensitive customer data for specific periods of time, a system like this allows the company to write the retention policy directly into the document management system. The system itself identifies, tags, and protects data for archive, even by custom query.

Integrated Security Features

Built-in systems have other data protection features that connect with employee activity.

For example, Felipe the Finance Director receives an email addressed from Ciara the COO but doesn’t notice that it isn’t from her company email address. Because the company email is integrated with the cybersecurity system, Felipe sees an alert that the sender’s email address is suspect and likely a phishing attempt.

Even if Felipe opens the email and clicks on an unsafe link, the system will take Felipe to a safe link where he is alerted again not to proceed. This type of security safety net is possible because built-in security can transparently see activity system-wide and isn’t limited to a single platform.

Built-in security tools helps catch phishing links, unsafe attachments, unsafe webpage links, malware, and spam so that breaches are prevented.

As data governance regulations increase in almost every global financial market, mortgage companies can remain compliant by implementing cybersecurity measures that are fast, transparent, complete, and save the company money in the long run.

The best way to meet these ever-rising regulations is to get outfitted with a platform that handles compliance as a built-in feature of the system.

MortgageWorkSpace is a business solution that allows mortgage companies to comply with full industry requirements regarding sensitive data. Learn more about cybersecurity for mortgage companies by visiting ABT.

Image: Unsplash

Topics: Mortgage Servicing in the Cloud Access Business Technologies MortgageExchange cyber security information security for mortgage companies DeviceGuardian MortgageWorkSpace data security mortgage company security financial data security multi-factor authentication Business Intelligence cybersecurity mortgage industry cloud-based data Housing Market

How to Protect Your Devices from Bad Guys

how to protectA businessman takes his work laptop home.

What exactly happens when a company device gets stolen?

Imagine that Richard is a loan officer for a mortgage company. He is behind on email and decides to take his work laptop home over the weekend. After a few hours at a coffee shop, he gets up to use the restroom. Two minutes later when Richard returns, the laptop is gone.

Are the files on Richard’s computer safe? If Richard has remote access to company systems, will there be a data breach? Can the thief access all of Richard’s accounts and client information? What exactly is at risk here?

Keeping Data Safe from Hackers

Stolen laptops are more common than you might think.

Kensington reports that over 70 million cell phones are lost each year and one laptop is stolen in the US every 53 seconds.

The laptop thief’s hope is that he can gain access to all the passwords and sensitive information contained in the device. Selling stolen data is profitable; the device itself is not actually the most lucrative part of the theft. Getting a corporate device would be like hitting the jackpot then, right?

Well, it all depends on what kind of data protection measures the company has in place. For financial institutions dealing with sensitive personal data on a daily basis, it’s important to have a system with the most cutting-edge cybersecurity features in place.

MortgageWorkSpace, a platform that won HousingWire’s Tech100 Lending category for 2018, is one such system.

With MortgageWorkSpace protection, Richard’s stolen machine will remain on lock-down and safe from hackers.

The Windows Operating System on Richard’s computer has a program that encrypts system and user files on the device called BitLocker. The laptop also uses Windows Defender Credential Guard, a security program that uses virtualization to isolate sensitive files and keep unauthorized people from accessing that system data.

In Richard’s case, the thieves have no choice but to wipe the machine and lose all the data.

Great. Richard’s data is safe, but it’s all lost. What is he supposed to do about work?

Getting Back to Work

Richard still needs access to his files and the computer programs that he uses every day to do his job.

To make sure that Richard can return to work, MortgageWorkSpace has an advanced continuity feature called “lost device re-provisioning.” This means that when Richard’s device is reported stolen, the system shuts down his previous portal and passwords. When he authenticates his identity on a new machine, he will have all the same data from his previous machine and full access to work-critical programs.

This is the beauty of a cloud-based system like MortgageWorkSpace. All the system files are located in the cloud and not on Richard’s local machine. He doesn’t lose even a single day of work because of his missing computer.

MortgageWorkSpace uses Richard’s corporate credentials and multi-factor authentication to identify that Richard is not one of the sneaky hackers and he is back into the system on a different computer.

Richard’s company has other strict security options to choose from. For the authentication process, the company can require a user-created PIN to identify him as an employee. Some modern companies are even switching to biometric identification like fingerprint and facial recognition technology rather than PIN numbers, which can be guessed.

Whether low-tech or high-tech, the key is to have multiple authentication steps that are difficult for hackers to duplicate so that sensitive system data remains hidden from the prying eyes of laptop thieves.

More importantly, Richard’s company doesn’t experience a system-wide data breach. Forbes Magazine reports that nearly 41% of the data breach events from 2005 to 2015 were due to lost and stolen devices.

Thanks to technology, Richard’s customers’ information is safe and the company’s reputation remains intact. That’s what’ the most advanced security system has to offer the mortgage industry. . While the security gates are keeping the bad guys out, people like Richard can stay productive and customers can stay safe.

For financial institutions, this type of lost device re-provisioning feature is essential for business continuity.

Businesses protected by MortgageWorkSpace don’t need to worry when a company laptop or mobile device is stolen.  Contact us to learn more about cloud-based mortgage and cyber security solutions.

Image: Unsplash

Topics: DeviceGuardian mobile device security mobility mobile workforce mortgage company security financial data security phishing multi-factor authentication cybersecurity security cloud storage productivity mortgage business mortgage industry Housing Market Mortgage Lending

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.

Conclusion

Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

Lawmakers Crack Down on Consumer Data Breaches

240_F_94311685_iKW2Fu9b135lRf2BuprLfXCICgbYLEUt.jpg

New bill to increase cybersecurity oversight in the United States.

Guns are blazing in the US Congress.

In the wake of the major Equifax data breach that lasted from mid-May through July of 2017, US Senator Elizabeth Warren leads the charge in attempts to hold credit reporting agencies responsible for their own cybersecurity.

With a bill proposing to rope the Federal Trade Commission (FTC) into oversight and calling for investigation of the Equifax breach, Warren introduced the Data Breach Prevention and Compensation Act of 2018 to Congress on January 10, 2018.

What Prompted the Bill?

According to Equifax, hackers gained access to sensitive consumer data and maintained access over the course of two months in 2018.

The data that was compromised included names, Social Security numbers, birth dates, addresses, and driver’s license numbers. Victims of the data theft are US citizens as well as people in the UK and Canada. The hackers also stole credit card numbers for 209,000 people.

Though the breach is a significant blunder for the credit reporting agency, Equifax responded by suggesting that the public find out if their information was exposed and allowing victims open enrollment in one year of free credit monitoring services.

Victims and consumer protection agencies alike saw the Equifax response as lackluster and tone deaf.

With identity theft and credit scores hanging in the balance, the public was outraged.

Calling Out the Big Guns

Senator Warren responded on behalf of consumers with a flurry of letters to potential oversight agencies, the United States Government Accountability Office (GAO), and to the three major credit reporting agencies themselves.

In the letter to the GAO, Senator Warren notes that consumers have no control over how their information is collected and used by companies like Equifax. Though credit reporting agencies hold unique power over the management of consumer data, nobody is sure who oversees their mishandling of this sensitive information. Even more shocking is that Equifax seemed to experience no official repercussions due to the hack.

In the letters and the resulting bill, Warren requests clarification of supervisory bodies and demands accountability for the credit agencies in order to protect consumers from future breaches.

In her letters, Senator Warren calls on the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) to consider whether they have authority over credit agencies and could enforce stricter cybersecurity guidelines.

The bill also calls for a significant increase in oversight by the formation of a new oversight body in the FTC. An Office of Cybersecurity is proposed to establish standards for data security, supervise consumer information handling, enforce guidelines, and impose punishment against agencies that don’t comply.

At the heart of the legislation is the protection of data in an industry headed towards more computer- and web-based storage than ever before.

Real Penalties for Serious Breaches

Senator Warren is not alone. Senator Mark Warner from Virginia co-signed the resulting bill. The goal is that with official government oversight, future breaches would be avoided as a result of financial penalties.

Under the terms of the proposed bill, agencies would suffer a $100 fine for each consumer whose private information is compromised plus $50 for each secondary piece of information belonging to that person.

Equifax would have faced $1.5 billion in fines in this case.

In an industry where money talks, this kind of legislation should convince agencies who manage consumer data to get their act together preemptively before letting consumer data fall into the wrong hands.

Inadequate security and a response the equivalent of a company-wide shrug will no longer be tolerated.

Response by Financial Institutions

The push for legislation and further oversight by lawmakers means that banks, credit agencies, and other financial institutions will need to up their cybersecurity game.

To avoid getting hit with major fines and extensive media blowback, the finance industry will be forced to plan ahead and protect sensitive consumer data from hackers like the group that hit Equifax.

Has your banking institution taken steps towards increased security? Is your board of directors aware or concerned about this legislation? Is your company addressing cybersecurity weaknesses in your systems?

Reaching out to software security experts is the obvious ways to avoid getting hit with major fines or extensive media blowback. With help from tech folks, the finance industry can plan ahead and protect sensitive data from hackers like the group that hit Equifax.

 ABT’s cloud-based portal MortgageWorkSpace adds banking level security to email, servers, PC’s and mobile devices in the mortgage industry. Contact us to learn more.

Topics: cyber security financial data security multi-factor authentication Business Intelligence disaster recovery

7 Common Questions About Multi-Factor Authentication (MFA)

Multifactor_authentication_MFA_.jpgAs data security professionals, it's clear to us why mortgage companies should be using multi-factor authentication (MFA) in their businesses. Yet many mortgage firms are still resistant to adopting this technology for fear that it will only complicate processes and slow productivity. However, the benefits of this added security far outweighs the additional effort it requires.

Here are answers to seven of the most commonly asked questions about MFA that you should consider before ruling out multi-factor authentication for your mortgage business.

1. What is MFA?

Multi-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.

2. That seems like overkill. What is the point of all that security?

The goal of MFA security systems is to create layers of authentication that defend against hackers trying to breach your system's defenses. If a hacker breaches one authentication layer, there are one or two more still holding the line. MFA makes breaches more complicated and time-consuming for hackers.

When you consider that a breach of your security system exposes your mortgage clients to identity theft and fraud, protecting them with a layered system of security only makes sense. Old-fashioned security measures are no match for today's cyber criminals.

3. Are there typical multi-factor authentication systems I should consider?

Yes. Some systems require swiping a card at login and entering a pin. Others require the username/password and then an additional one-time password that the system generates and sends to the client's phone. This system is popular with banking websites, and using such a system would benefit mortgage companies as well. Other authentication systems require the user ID, the user's fingerprint, and the answer to a security question. Still others require users to first download a virtual private network (VPN) that has a valid certificate and then log in to the VPN in order to access the network.

It’s best to discuss your unique situation and security needs with an IT professional to determine exactly what type of multi-factor authentication will work best for you.

4. So, mortgage companies are vulnerable to such full-scale hacker attacks?

Absolutely. As computer processing speeds have increased, the scale of attacks on financial institutions and other businesses has increased. In addition, there are new hacker tools that can crack password codes more easily than ever before.

The GPGPU, for example, is a general purpose graphics processing unit. GPGPUs can conduct calculations that would normally be done on a CPU at a higher rate: 500,000,000 passwords per second!

Another tool, known as rainbow tables, can crack 14-character passwords (even those with alphanumeric characters) in less than three minutes. It is not hard to see that one-layer password protection and even two-layer protection are no longer good enough.

5. I still don't get it. How does MFA work?

Multi-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.

6. Sounds like something the mortgage industry should consider. Are there any legal or legislative considerations?

Yes. The Federal Financial Institutions Examination Council (FFIEC) issued a directive for multi-factor authentication in the banking sector. We believe that the mortgage industry and the regulators are moving toward a place where mortgage companies will be subject to the same information security standard as the banking industry, meaning mortgage companies will need to implement this technology to maintain security compliance.

7. How do I know what MFA layers would be good for my mortgage business?

You can read more about MFA. For instance, read this buyer's guide for MFA products.

If you want to talk more about MFA, or any other vulnerability management solutions, please contact us. MortgageWorkSpace®’s cloud interface is a convenient entry point to your company that will help you manage your secure information. This secure portal provides you access to your team (by group, branch office, and/or department), their security, their devices, and data. You can control and manage your entire workforce from one web-accessible point with rich features like single-sign on, multi-factor authentication, and user application logs. This way, you can be sure you are keeping track of every aspect of your security.

We look forward to helping you protect your clients' and your network's information security.

Learn More

Topics: MortgageWorkSpace multi-factor authentication