Mortgage Software Solutions Blog

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

4 Ways Loan Management Software Improves the Mortgage Experience

4 Ways Loan Management Software Improves the MortFinancial management software makes everyday interactions smoother for mortgage lenders.

Mortgage software has relied on legacy infrastructures and paper processes for far too long.

In almost every other sector, interactions between banking institutions and customers have moved online.

Web-based transactions for commerce are increasing annually. In 2017, global e-retail sales amounted to 2.3 trillion U.S. dollars and projections show a growth of up to 4.48 trillion U.S. dollars by 2021.  As retail transactions migrate away from brick-and-mortar, the rest of the banking world plays catch up.

In the mortgage world, loan management software offers lenders high-tech solutions to keep them on the cutting edge of the finance world.

Here are the 4 ways that loan management software improves the mortgage experience.

  1. Centralized Access to Document Management

Cloud-based domain services store data on the cloud instead of on a localized server. This gives mortgage companies access to business-critical data from virtually anywhere. Office PCs, employee-owned laptops, and even mobile devices can capitalize on business opportunities anywhere that lenders are interacting with clients.

Loan management software like MortgageWorkSpace (MWS) offers a “portal” or single point of entry to all employees with internet access.

Users can synchronize their user settings and application settings data to the cloud, providing a unified experience across their devices and reducing the time needed for configuring a new device.

Lenders prefer the speed and breadth of information that online-based software provides. When lenders have quick access, customers get quick responses and customer service is perceived as fast and convenient.

Not only does this portal make remote work possible, but it keeps things secure as the mortgage industry embraces the remote working environment.

  1. Improved Security for Client Data

This single point of access protects company assets through multi-factor authentication, ensuring that data remains secure.

Further cyber security measures are managed using Windows Defender, an anti-malware component that keeps intrusions at bay for all devices joined to the MortgageWorkSpace network.

With MWS, there is a cloud-based firewall protecting the devices joined to your lending company’s network as well.

When security events do happen, this software gives the company the ability to remove company data from a mobile device or PC via remote access. This means that even if an employee’s device is stolen, the mortgage software keeps sensitive personal and financial information safe from hackers. 

  1. Effortless Compliance

Running parallel with cyber security, this software handles compliance regarding data security without needing to purchase, integrate, or maintain separate compliance software. MSW has what the industry calls “built-in” compliance features.

Other compliance issues faced by the mortgage industry are included in MSW. Documentation, record keeping, document expiration, and record retention are all features of this platform. This means that lenders using this software are always prepared for an audit without the last-minute scramble.

 In comparison to wider umbrella software, this platform is specifically built and maintained by developers who know the mortgage world.

Developed by California-based ABT, the company is an industry leader and watches the horizon for mortgage legislation that will affect their product’s performance. Lenders using MSW can be sure their software is not only up-to-date with compliance but that it will on boarding the most important finance trends as they happen.

  1. Integration Builds Capacity

Though compliance features are built-in, the platform remains flexible so that your lending company can utilize applications that give a competitive edge.

The Mortgage BI (business intelligence) dashboard powered by Microsoft gives unrivaled visibility to company data. This leads to data-based business decisions that improve the bottom line.

Analysis isn’t limited by this platform’s own BI capabilities though. MSW is vendor neutral so it integrates with loan origination systems, CRMs, Saas apps, on-premises networks, and plenty of proprietary software that makes business run more smoothly.

The days of paper-heavy processes for buying houses are numbered.

Developers are producing these sophisticated platforms that make the mortgage process better.

New financial management software is cloud-based, safe, and expandable. Customers can now enjoy a seamless experience thanks to platforms that give mortgage lenders speed and flexibility in their work.

Good software means agile lenders, which in turn means happy customers.

Does your mortgage company have outstanding software that improves this end-to-end experience?

MortgageWorkSpace is the award-winning business solution that mortgage lenders need. Learn more by visiting ABT.

Image: Unsplash

Topics: mobile device security email security data security phishing multi-factor authentication Business Intelligence cybersecurity Mortgage BI mortgage documents cloud storage productivity mortgage business mortgage industry cloud-based data Housing Market Mortgage Lending disaster recovery MBA

How to Protect Your Devices from Bad Guys

how to protectA businessman takes his work laptop home.

What exactly happens when a company device gets stolen?

Imagine that Richard is a loan officer for a mortgage company. He is behind on email and decides to take his work laptop home over the weekend. After a few hours at a coffee shop, he gets up to use the restroom. Two minutes later when Richard returns, the laptop is gone.

Are the files on Richard’s computer safe? If Richard has remote access to company systems, will there be a data breach? Can the thief access all of Richard’s accounts and client information? What exactly is at risk here?

Keeping Data Safe from Hackers

Stolen laptops are more common than you might think.

Kensington reports that over 70 million cell phones are lost each year and one laptop is stolen in the US every 53 seconds.

The laptop thief’s hope is that he can gain access to all the passwords and sensitive information contained in the device. Selling stolen data is profitable; the device itself is not actually the most lucrative part of the theft. Getting a corporate device would be like hitting the jackpot then, right?

Well, it all depends on what kind of data protection measures the company has in place. For financial institutions dealing with sensitive personal data on a daily basis, it’s important to have a system with the most cutting-edge cybersecurity features in place.

MortgageWorkSpace, a platform that won HousingWire’s Tech100 Lending category for 2018, is one such system.

With MortgageWorkSpace protection, Richard’s stolen machine will remain on lock-down and safe from hackers.

The Windows Operating System on Richard’s computer has a program that encrypts system and user files on the device called BitLocker. The laptop also uses Windows Defender Credential Guard, a security program that uses virtualization to isolate sensitive files and keep unauthorized people from accessing that system data.

In Richard’s case, the thieves have no choice but to wipe the machine and lose all the data.

Great. Richard’s data is safe, but it’s all lost. What is he supposed to do about work?

Getting Back to Work

Richard still needs access to his files and the computer programs that he uses every day to do his job.

To make sure that Richard can return to work, MortgageWorkSpace has an advanced continuity feature called “lost device re-provisioning.” This means that when Richard’s device is reported stolen, the system shuts down his previous portal and passwords. When he authenticates his identity on a new machine, he will have all the same data from his previous machine and full access to work-critical programs.

This is the beauty of a cloud-based system like MortgageWorkSpace. All the system files are located in the cloud and not on Richard’s local machine. He doesn’t lose even a single day of work because of his missing computer.

MortgageWorkSpace uses Richard’s corporate credentials and multi-factor authentication to identify that Richard is not one of the sneaky hackers and he is back into the system on a different computer.

Richard’s company has other strict security options to choose from. For the authentication process, the company can require a user-created PIN to identify him as an employee. Some modern companies are even switching to biometric identification like fingerprint and facial recognition technology rather than PIN numbers, which can be guessed.

Whether low-tech or high-tech, the key is to have multiple authentication steps that are difficult for hackers to duplicate so that sensitive system data remains hidden from the prying eyes of laptop thieves.

More importantly, Richard’s company doesn’t experience a system-wide data breach. Forbes Magazine reports that nearly 41% of the data breach events from 2005 to 2015 were due to lost and stolen devices.

Thanks to technology, Richard’s customers’ information is safe and the company’s reputation remains intact. That’s what’ the most advanced security system has to offer the mortgage industry. . While the security gates are keeping the bad guys out, people like Richard can stay productive and customers can stay safe.

For financial institutions, this type of lost device re-provisioning feature is essential for business continuity.

Businesses protected by MortgageWorkSpace don’t need to worry when a company laptop or mobile device is stolen.  Contact us to learn more about cloud-based mortgage and cyber security solutions.

Image: Unsplash

Topics: DeviceGuardian mobile device security mobility mobile workforce mortgage company security financial data security phishing multi-factor authentication cybersecurity security cloud storage productivity mortgage business mortgage industry Housing Market Mortgage Lending

Time for Lenders to Take Responsibility for Data Security

sharky

Lenders and customers face the dangers lurking in the finance world.

Since when do finance organizations rely on customers for security advice?

An investigation into US mortgage lending practices found that 70% of lenders regularly put sensitive financial data at risk by prioritizing customer convenience over security.

While customers often choose to send personal information via quick and familiar technology such as fax or unencrypted personal email, lenders continue to look the other way rather than correct these dangerous habits.

Something has gone awry in the lending industry and customers are taking notice.

It’s the responsibility of the lender to uphold security measures. Lenders have security tools at their disposal. Instead of leaving the doors open to data thieves, they should be insisting on secure email portals and other measures that protect the consumer.

As technology advances for both financial institutions and the data thieves that seek to attack them, it’s time for lenders to take the reins when it comes to customer security.

Financial Services are at High Risk

The two main dangers facing the finance industry are data breaches and security incidents.

A security incident describes any occurrence that has the potential to compromise consumer information. This can be an attempted data theft or an attempted hack into a computer system that stores sensitive information.

A data breach is more serious. Breaches are confirmed disclosures to an unauthorized party. Breaches represent a complete failure of the security system to keep the wrong people out.

An investigation of data breaches across industries finds that Financial Service organizations like mortgage lenders fall into the top three industries affected by successful hacks. In fact 2016 saw 1,368 security incidents and 795 confirmed data loss cases in the finance industry.

Given the value of the data that mortgage lenders collect, mortgage companies remain among the most vulnerable to cyber attacks.

Cyber Security Issues to Watch For

As mentioned, one security vulnerability is with lending staff. Sophisticated cybersecurity standards don’t mean anything if your employees are side-stepping official procedure. Documents with any sort of consumer data should only be shared within secured environments.

Round up the staff and reiterate how the company (and perhaps their job) relies on following the rules. Employee negligence and unsafe information disposal are not to be tolerated.

It’s also a good idea to get coordinated with your IT department. Are staff members using mobile devices like smart phones and tablets to handle sensitive information? Your IT department can install security measures like password protection and encryption so that these devices are cleared for proper company use.

Besides training and an IT device round-up, make sure your software access is secure. Multi-factor authentication or MFA is another way to seriously step up your security game.

After you’ve cleaned house, check your neighbors. Third-party services and their software tools cannot be overlooked. Anything handled by another organization that concerns your company’s customers should meet the same stringent security standards that you enforce in-house.

The Financial Cost of Cyber Attacks

Though financial institutions may have always had customer security in mind, the industry has felt the backlash in recent years.

Historically respected companies are losing consumer confidence. Beyond topping lists for riskiest industry, some of the big names have taken very public falls.

Equifax, a national name in credit scoring, experienced a hack in late 2017. The breach resulted in unsavory national headlines, a PR crisis, the involvement of the FTC, and a resulting push for never-before-seen legislation that regulates the whole industry.

Beyond reputations, there is money at stake. The financial cost of cyber attacks has been on the rise in recent years.

The average cost per capita of a Financial Services data breach in the US has increased by 10% in three years. In 2016 it reached $221 per person as a shared cost that consumers are burdened with thanks to lenders being devil-may-care with their information.

With consumers taking the hit and their financial institutions being degraded by cyber attacks, the industry is set to lose a lot of money.

Clearly, it’s time for a serious turn towards cyber security in order to prop the industry up in the eyes of consumers.

For mortgage lenders, it’s time to turn away from business as usual and make a serious effort to put cybersecurity at the top of the priority list. Not only will this protect valued customers, but it will save the reputation of an industry that has taken enough hits.

Businesses protected by a cloud-based portal with access secured by MFA are leading the industry in the push for cyber security. To find out about security-focused programs like Document Guardian contact ABT.

Image: Laura College on Unsplash

Topics: phishing security mortgage industry Compliance Audit DFS 23 NYCRR Part 500 NYSDFS network safety

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.

Conclusion

Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

Understanding the Importance of Email Security for Mortgage Businesses

email_security_.jpg

Email is a big part of communication with mortgage applicants, but it poses many security problems. Companies are torn between their need to protect confidential financial information and the customer’s desire for convenience. Customers don't want to go through extra steps, but they'll be very unhappy if intercepted information leads to identity theft. So will mortgage employees. That's why mortgage businesses need to understand why email security is so important. 

Email standards emerged very early in the history of the internet, when security wasn't a serious concern, and unfortunately, they haven't improved a lot since then.

  • Senders can trivially impersonate other people, including their email addresses.
  • Mail goes through multiple hops, providing many opportunities to read mail in transit.
  • People often don't notice what address a message comes from, and some software even hides it.
  • Unsecure connections to mail servers are common. They send passwords as plain text, allowing for their interception.

A study by Halock Security Labs found that lenders often use unsecure email practices.

  • 70% of the loan officers in the study let applicants send tax documents and other financial information as unencrypted email attachments.
  • Only 12% provided a way of sending email securely.
  • Loan officers cited customer convenience over security as the reason for using email.

The American Land Title Association has issued rules specifying that non-public personal information, in connection with real estate sales, must be transmitted securely. It recommends adopting a written privacy and information security program for protecting such information, in order to comply with federal and state laws.

Some major services, such as Gmail, encrypt mail while it's moving between their own servers, but they can't do anything about the final hop if a message goes to a different host. People have created security measures, such as PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard), that attempt to provide vendor-independent, end-to-end encryption. Unfortunately, they are so clumsy to use that they have never caught on.

Passwords are another problem. Many people connect to mail servers using an unsecured connection, which means their passwords go through as plain text. If they combine this with an unsecured wi-fi connection, they're literally broadcasting their passwords for anyone nearby to steal. People who get mail through an application can and should use an SSL/TLS connection to their provider. This encrypts logins and other data in transit, and once they set it up, it simply works without the users having to do anything more.

Secure email portals use either a website, a special application, or an add-on to an existing application. They're a departure from how people normally send and receive their mail, but some are more disruptive than others. Finding an approach that provides security, without making customers unhappy, is a tricky balance.

The best solutions combine email and web technology. Email can notify people that information is waiting for them, and a password-protected web connection can deliver it securely.

ABT's DocumentGuardian™ is the safest and easiest way for your borrowers to send you NPI (non-public information) documents. Compliance auditors recommend it because unlike box-type file sharing apps, DocumentGuardian stores your borrower documents in our secure data center, not on individual computers and mobile devices. Loan oficers and borrowers access DocumentGuardian™ through a secure browser connection, so their own logins and uploads are safe.

To minimize the risk of impersonation (called "phishing"), loan officers should advise customers to look at their mail carefully, make sure it links to the usual website, and inform them if anything looks suspicious. The consistent appearance that DocumentGuardian provides will give customers confidence that the mail they receive is authentic.

Businesses that use secure methods of exchanging documents with their customers enjoy a better reputation and are safer from charges of negligence. Contact us to learn how we can help you attain this necessary level of security.

Learn More
Topics: EmailGuardian MortgageWorkSpace email security phishing

Phishing: What to Look For and What to Do When You Recognize the Bait

ABT-Security-Recommendations-Phishing

Phishing is a popular cyber security term that describes a certain form of computer hacking through electronic communications. As it sounds, the methods involved resemble baiting a hook and trying to persuade a person into compromising sensitive data through deception.

Businesses that store large amounts of sensitive data, such as mortgage companies, are most at-risk of these attacks. Fortunately, with a keen awareness of common phishing tactics, many of these attacks can easily be discerned. In this article, we'll discuss specific phishing methods and what to do about them when recognized.

A Brief History of Phishing

The first occurrence of phishing was in 1995 and involved the attacker acting like an AOL representative. This deceptive bait was thrown in the water with an instant message, which lured users into giving sensitive account and billing information.

The numbers show just how effective phishing can be and how quickly this problem has grown. In any given month of 2005, around 14,000 unique phishing campaigns were recorded. In only 10 years, this number increased to around 100,000 unique campaigns per month.

Methods of Phishing

  • Email
  • Phone
  • Instant messages
  • Websites

Email

This is one of the most prevalent methods used in phishing. There are some common signs to look for, though, to help you recognize when something fishy is going on.

For starters, it’s important that you and your mortgage team are aware of potential phishing attempts. With a careful examination, these scam artist can easily be detected and reported.

A simple mistake hackers are prone to make is misspelling words and/or using bad punctuation or grammar. If these signs are detected, then a user can generally guess it's not from the professional service it claims to be. Phishing scams are effectively deceptive because they claim to be a popular company. However, a reputable company is probably not going to send a mass email with mistakes like this.

Does the email have suspicious or unexplained links in it? This link is likely a poisonous element you'll want to avoid clicking on. Malicious files that spread viruses could be on the other side of these links. Sometime, you can detect a bogus link by hovering over it to see if the address matches what's in the link. If it doesn't match the link, this is a potential sign that it's a phishing attempt.

By examining the tone and content of the email itself, a user can often detect a phishing email. If there are threatening or urgent messages, this could be a sign of a phishing attempt. An example would be something like: “If you don't act fast your entire security system will be breached by an invading virus!” This sounds silly, but because they're acting as a popular company whose service you may already be using, your fear or curiosity may encourage you to click the malicious link.

With careful observance of incoming emails, a user can detect these bogus phishing attempts and thwart their intentions. The trusted services you use are not going to act in such an unprofessional manner. If there's any question about the legitimacy of an email, always contact your service provider directly and confirm, before acting on questionable email requests.

Phone calls

These are another method of phishing. Though more obvious in some ways, because phone calls involve a human element, they can be even more deceptive. Understand that no professional service you use (or want to use) is going to call you out of the blue and ask for important and confidential information.

These phone calls basically employ the same type of tactics email phishing does. In other words, they'll claim to be trying to help resolve some issue or sell you something necessary, like a software license. These cyber criminals will use deception and fear tactics to try to gain sensitive information from the user, such as passwords or usernames.

Unsolicited phone calls like this need to be approached with caution. If something feels off about a phone call you’re having, don’t offer up any valuable information. Tell them you are busy and will call the appropriate party when you have time to talk.

Instant Messages and Texting

Phishing attempts through instant messages and texts, though not as common, can still be a threat. Through the phone or social media, instant messages and texts will generally have a link and some bogus problem they want to solve. Again, the use of deception and fear are the way they lure the user into clicking on the link in the message or offering up personal data.

These are easy to avoid and spot, yet because of the mode of communication used, users could be caught off guard. Therefore, being aware of phishing methods that involve instant messaging and text can help prevent hacking attempts.

What to Do When Detecting a Phishing Scam

If users detect any phishing scams through these methods (or any other), contacting the appropriate authorities is what to do next. For those in the U.S., contact the FTC and fill out a complaint form. For those in the UK, contact Action Fraud to report the attack. For other countries, contact your local fraud and cyber crime center to report the attempt. This will help thwart the hackers and prevent others from falling prey to their phishing attacks.

Phishing is an act of criminals who use deception and fraud to steal information from businesses and individuals for their own personal gain. Businesses like mortgage companies, are particularly vulnerable to attacks on their guarded systems. This is because they have a wealth of valuable and sensitive client data on hand. The results of a successful phishing attack can be devastating and should be guarded against through awareness and maintenance of a robust security system.

Access Business Technologies understands the sensitive nature of the mortgage businesses we serve, and for that reason, we have created DocumentGuardian™. DocumentGuardian™ provides mortgage firms with a secure data center where their borrowers’ non-public information documents are stored, instead of being stored on individual computers and devices.

This is one way ABT ensures security within our MortgageWorkSpace®—our comprehensive cloud-based platform for mortgage institutions. To learn more about cyber security and our solutions for the mortgage industry, please contact us today.

Learn More
Topics: ABT phishing