Mortgage Software Solutions Blog

How to Safely Handle Personal Data on Mortgage Applications

How to Safely Handle Personal Data graphicA laptop, a book, and a smartphone on lockdown.

Mortgage applications require a huge amount of personal data.

Zillow’s educational post about mortgage application documents suggests more than 14 pieces of identifying data including an applicant’s social security status, employment history, income, and asset account balances. With a wealth of sensitive data, the potential for lenders as a target for identity thieves is extremely high.

In the post-Equifax regulation increase, it’s more important than ever for lenders to be careful with customer data. It’s the responsibility of financial institutions to keep their customers’ data safe.

Here are some ways that mortgage lenders can do their jobs while safely handling the personal data from mortgage applications.

Take Precautions with Customer Data

Lenders can do their part by informing customers about cyber security precautions they may be unfamiliar with.

First, encourage customers to send personal information via a secure online portal instead of email, which is susceptible to attack. To support transparency, lenders can publish privacy and security policies online where customers can access them easily. Finally, lenders should communicate to customers about what steps they are taking to protect their information.

This kind of open communication establishes trust and reassures customers that your company works hard to eliminate security threats.

Guard Against Phishing Scams

Beyond informing consumers, lenders can employ cyber security tools to guard against email-based attacks.

Hackers often send emails containing dangerous links disguised as normal work messages. The fake email messages can be quite sophisticated; using names and email addresses similar to people the recipient actually interacts with. This is called “phishing” and it is a type of email scam designed to make a person unwittingly provide information to outsiders.

Lenders should employ email safeguards such as EmailGuardian to protect loan officers from these phishing scams. This comprehensive cyber security product from mortgage software developers Access Business Technologies (ABT) uses multi-layered detection to identify suspicious messages and review incoming URLs for threats, spam, and malware.

Encryption Keeps Data Safe

Once email is established as a safe way for lenders to communicate, mortgage companies should amp up their data transfer security.

ABT offers another product called DocumentGuardian to give borrowers an easy way to send encrypted loan documents without having to register for an account. Customers should use this secure document drop portal to send all Non-Public Information (NPI) safely to loan officers.

The encryption feature keeps data from falling into the wrong hands by ensuring that only the correct recipient can decrypt the documents and access the data. By not requiring registration, lenders also avoid storing even more information that can be used to identify customers in the lending system.

Auto-Encryption Feature for Personal Data

With secure email and borrowers having a safe option for submitting personal data online, the final loophole that customers worry about is human error.

Though loan officers are knowledgeable about safety precautions and generally tech-savvy, everybody is human. People make mistakes. In the name of convenience and customer service, over 70% of mortgage lenders may be putting customers at risk by accepting loan application documents via unsecured email. The study cited speed and customer service as reasons for loan officers to bypass more secure channels. If they will take incoming data through secure channels, chances are outgoing messages aren’t completely on the level.

ABT’s EmailGuardian not only guards against phishing as mentioned, it also has an auto-encrypt feature that guards against accidental data breach by staff. If a loan officer inadvertently sends an email with NPI contained in the body of the message, the email will automatically be encrypted on its way out of the system.

This capability protects both the loan officer and the lending company from tripping up and creating unintentional liabilities.

The mortgage application process is fraught with security risks due to the amount and quality of personal data being collected for modern-day mortgage applications over the internet. Though ripe for potential breaches, mortgage lenders and borrowers can ensure the security of their conversations and data sharing by taking precautions and using cyber security tools developed especially for the mortgage industry.

With encrypted data, secure portals, and safety nets in place to handle human error, borrowers can have peace of mind that their data is safe with your company.

Visit Access Business Technologies to learn more about how mortgage lenders can successfully safeguarding their company and their customers’ data.

Image: Pexels

Topics: cybersecurity security mortgage business mortgage industry

ABT Leads the Digital Transformation of the Mortgage Lending Industry

ABT Leads the Digital Transformation of the Mortgage Lending IndustryA laptop on the desk of a finance professional.

There is no slowing down for mortgage lenders in 2018.

Mortgage volume in the US is expected to grow and according to National Mortgage News, lenders increasingly view technology as a way to gain a competitive advantage in the growing market.

While some lenders embrace the efficiency that technology gives to the industry, a full 29% describe technology initiatives as a “necessary evil” of the industry.

Access Business Technology, a California-based fintech company, is determined to bring the industry up to speed and usher in the digital transformation of the mortgage industry.

ABT Deploys Quality Hardware & Software

Access Business Technologies (ABT) is a fintech consultant focused on technological advancement for the finance world. The company deploys both hardware and software meant to advance the technological capabilities of their clients.

For hardware, ABT deploys the Surface Pro armed with MS Office 365 for finance professionals who need the best tools for communication and collaboration. This combo provides a quality all-around foundation for finance-focused companies looking to standardize or reduce their device inventory.

ABT is also software developer with award-winning platforms created specifically for mortgage lenders. They have an array of software solutions for lenders that are up-and-running quickly while providing a seamless work environment for staff.

By working with a fintech expert like ABT, lenders save money and get a premium setup with premium service from a single channel.

ABT Provides Secure Cloud-Based Infrastructure

Quality software and hardware are not the only considerations for ushering in an age of technology in the mortgage industry.

Infrastructure also affects staffing. How can mortgage companies attract the best talent?

Flexjobs, a resource for remote workers, reports that workplace flexibility is becoming more important. From 2014 to 2017, the number of people who quit a job due to lack of flexibility has doubled.

Cue the new standard for business: the cloud-based work environment.

The cloud-based platforms that ABT offers to the world of fintech are a major solution to the increasingly remote work environment. Clients who migrate to the cloud don’t need to worry about scaring away talented finance professionals who demand flexibility.

Though the cloud is a relatively new requirement for finance companies, ABT has ensured that security is a first priority. ABT, with its finger on the pulse of the mortgage industry, has focused their fintech developments on cyber security and ensuring that data breaches are not a danger for their clients.

ABT provides cloud-based protection for Office 365 email from being hacked. ABT also provides a host of safeguards including multi-factor authentication, phishing protection on email, as well as encryption and security programs for lost or stolen devices.

ABT is the Mortgage Industry Tech Expert

With hardware, software, cloud-based infrastructure, and cyber security covered, ABT has set a new bar for fintech in financial institutions.

The push to remain at the cutting-edge of mortgage technology comes from an understanding of the industry. ABT knows that a quality tech setup gives lenders the ability to provide the best quality of service to customers.

ABT’s drive to develop quality solutions earned the company classification as a Microsoft Gold Level Partner. As a trusted developer for Microsoft solutions and the experience of deploying Office 365 in the mortgage industry, ABT is digitally enabling a newly mobile generation of mortgage workers.

Through integration and device support, ABT allows mortgage lenders to work even more flexibly and productively.

At the forefront of fintech, ABT hopes to continue the trend in the United States of increasing mortgage volumes by continuing to accelerate the industry along a full path of digital transformation.

To find out more about how ABT empowers financial professionals by using technology to transform the way they work, check out the Access Business Technologies blog.

Image: Unsplash

Topics: mortgage software integration multi-factor authentication cybersecurity mortgage documents security cloud storage productivity mortgage business data warehousing mobile technology Consumer Finance Protection Bureau Compliance Audit cloud-based data Housing Market Mortgage Lending

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

Cyber Security Seatbelts Save Digital Lives

digital seatbeltsWear a seatbelt—navigate your cloud-based systems with safety in mind. 

“Safety first.”

It’s a pretty easy idea to agree on. We all think safety is important.

So what do we do when customers say we aren’t being safe enough?

2017 saw the largest consumer data breach in world history. Equifax made international headlines for a breach that exposed the personal information of as many as 143 million people.

As Equifax knows well, financial and credit-related information is extremely valuable to cyber criminals. Hacks of this kind need to be protected against.

Consumer Safety

After many years of unsafe automobiles, consumers were tired of dangerous cars. They demanded that the industry clean up its act to make vehicles safer. With a little help from activists, car makers complied.

With government regulations in place, riding in a car has changed. Now all cars are made with seatbelts and few people get into a car without buckling up.

The auto industry’s move towards standard safety precautions can teach finance folks a lesson about how to face consumer demand for safety.

Cyber Seatbelt

Safety precautions for automotive vehicles began with the simple safety belt.

The seatbelt of the mortgage industry is MFA security, which keeps data safe.

The safest “seatbelt” on the market, it’s time to implement multi factor authentication when your company migrates into the cloud.

For your staff, a cloud-based workspace makes work convenient and accessible. For cyber criminals, migration to the cloud means they have a doorway to try and break in.

Also known as MFA, multi factor authentication is a nearly fool-proof way to prevent the wrong people from accessing your company’s data.

MFA requires that employees accessing the cloud have to enter at least 2 forms of digital identification. MFA validates that the person logging into the system is who they say they are. Whether by a text message to their company phone or another form of ID, staffers are let in and hackers are kept out.

MFA is so secure, it has become the modern standard for financial institutions. It was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017. It was also listed as the standard for the mortgage industry in New York’s new cyber security legislation.

For any financial institution that works in the cloud, MFA is the first safety precaution that can protect both the company and consumers.

If MFA is the visible seatbelt, what are the airbags that provide safety behind-the-scenes?

Cyber Airbags

Email Guardian is a product developed by a US-based company specifically to keep financial information secure for mortgage companies.

Its main job is to watch business email. It checks URLs on incoming messages to watch for phishing attacks. It filters every link and tests linked sites to make sure they are clean. If a link is dangerous, this program catches it and breaks the link before your staff can click-through.

It protects companies from intrusion by providing comprehensive, multi-layered email security and content controls. A web-based application especially for financial institutions and big business, this application handles dynamic security precautions including email encryption and security tracking as well.

Just like how airbags provide a layer of cushioned protection for car drivers and passengers, this innovative technology provides layers of security to keep email hackers at bay and avoid catastrophe.

With MFA and Email Guardian combined, your company data remains out of harm’s way.

Lessons from the Auto Industry

Just as with unsafe automobiles, consumers are reacting to the Equifax disaster by demanding that something be done about info protection for credit companies and mortgage brokers.

Government regulators have begun to react as well. New York introduced groundbreaking legislation to regulate cyber security for financial institutions. Colorado and Vermont are following suit.

When consumers make an industry-wide demand, companies need to pay attention.

Since widespread consumer outrage over information leaks continues making news and influencing regulators, mortgage companies are wise to adopt security measures and establish a basis of protection for their customers.

In the same situation decades ago, auto manufacturers made serious efforts to improve consumer protection for their products. Today carmakers are seen by the public as one of the most safety-conscious industries.

Taking care of consumer data is important if lenders want to be seen in the same light in the future.

ABT’s cutting-edge Email Guardian application provides strict security breach protection and data leakage prevention. Contact us to learn more.

Image: VisualHunt.com

Topics: Mortgage Cloud Services cyber security email security data security social networking safety cybersecurity security mobile technology mortgage industry HUD Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit Housing Market network safety MBA

How to Protect Your Devices from Bad Guys

how to protectA businessman takes his work laptop home.

What exactly happens when a company device gets stolen?

Imagine that Richard is a loan officer for a mortgage company. He is behind on email and decides to take his work laptop home over the weekend. After a few hours at a coffee shop, he gets up to use the restroom. Two minutes later when Richard returns, the laptop is gone.

Are the files on Richard’s computer safe? If Richard has remote access to company systems, will there be a data breach? Can the thief access all of Richard’s accounts and client information? What exactly is at risk here?

Keeping Data Safe from Hackers

Stolen laptops are more common than you might think.

Kensington reports that over 70 million cell phones are lost each year and one laptop is stolen in the US every 53 seconds.

The laptop thief’s hope is that he can gain access to all the passwords and sensitive information contained in the device. Selling stolen data is profitable; the device itself is not actually the most lucrative part of the theft. Getting a corporate device would be like hitting the jackpot then, right?

Well, it all depends on what kind of data protection measures the company has in place. For financial institutions dealing with sensitive personal data on a daily basis, it’s important to have a system with the most cutting-edge cybersecurity features in place.

MortgageWorkSpace, a platform that won HousingWire’s Tech100 Lending category for 2018, is one such system.

With MortgageWorkSpace protection, Richard’s stolen machine will remain on lock-down and safe from hackers.

The Windows Operating System on Richard’s computer has a program that encrypts system and user files on the device called BitLocker. The laptop also uses Windows Defender Credential Guard, a security program that uses virtualization to isolate sensitive files and keep unauthorized people from accessing that system data.

In Richard’s case, the thieves have no choice but to wipe the machine and lose all the data.

Great. Richard’s data is safe, but it’s all lost. What is he supposed to do about work?

Getting Back to Work

Richard still needs access to his files and the computer programs that he uses every day to do his job.

To make sure that Richard can return to work, MortgageWorkSpace has an advanced continuity feature called “lost device re-provisioning.” This means that when Richard’s device is reported stolen, the system shuts down his previous portal and passwords. When he authenticates his identity on a new machine, he will have all the same data from his previous machine and full access to work-critical programs.

This is the beauty of a cloud-based system like MortgageWorkSpace. All the system files are located in the cloud and not on Richard’s local machine. He doesn’t lose even a single day of work because of his missing computer.

MortgageWorkSpace uses Richard’s corporate credentials and multi-factor authentication to identify that Richard is not one of the sneaky hackers and he is back into the system on a different computer.

Richard’s company has other strict security options to choose from. For the authentication process, the company can require a user-created PIN to identify him as an employee. Some modern companies are even switching to biometric identification like fingerprint and facial recognition technology rather than PIN numbers, which can be guessed.

Whether low-tech or high-tech, the key is to have multiple authentication steps that are difficult for hackers to duplicate so that sensitive system data remains hidden from the prying eyes of laptop thieves.

More importantly, Richard’s company doesn’t experience a system-wide data breach. Forbes Magazine reports that nearly 41% of the data breach events from 2005 to 2015 were due to lost and stolen devices.

Thanks to technology, Richard’s customers’ information is safe and the company’s reputation remains intact. That’s what’ the most advanced security system has to offer the mortgage industry. . While the security gates are keeping the bad guys out, people like Richard can stay productive and customers can stay safe.

For financial institutions, this type of lost device re-provisioning feature is essential for business continuity.

Businesses protected by MortgageWorkSpace don’t need to worry when a company laptop or mobile device is stolen.  Contact us to learn more about cloud-based mortgage and cyber security solutions.

Image: Unsplash

Topics: DeviceGuardian mobile device security mobility mobile workforce mortgage company security financial data security phishing multi-factor authentication cybersecurity security cloud storage productivity mortgage business mortgage industry Housing Market Mortgage Lending

Know Your Cyber Security Reporting Obligations

Know Your Cyber Security Reporting Obligations

New laws dictate how finance companies report security issues.

New York’s recent crackdown in state cybersecurity laws marks true reformation in the finance industry.

14 pages of detailed regulations fully outline the new accountability measures at Wall Street’s epicenter.

The regulations compel close to 10,000 financial institutions and 300,000 insurance licensees to put consumer protection before their corporate reputation for the first time in US history.

From a minor system access attempt by hackers all the way up to a full data breach, the new law saddles financial institutes with direct accountability to the state and implements a new standard in reporting for all mortgage loan servicers, banks, credit unions, and insurance companies.

For finance companies wondering how to conduct business in this new reality, here is a guide to the reporting obligations of New York’s new cybersecurity law

Governing Bodies

The first step of understanding the new obligations is to get familiar with the regulatory bodies of New York’s finance world.

The main authority on the new regulation is the New York State Department of Financial Services (DFS).

In the past, financial institutions were regulated via voluntary frameworks and reported externally to DFS in few situations with undefined parameters.

Under the new law, DFS established immediate authority by requiring a DFS-issued cyber security Certificate of Compliance as a basic prerequisite for operating a financial company. This gives DFS the ability to discipline non-compliant companies by revoking their certificate.

Beyond DFS, the regulation stipulates the creation of internal positions for officers to interface with DFS on behalf of the company. This requirement pushes aside ineffective industry-based governing bodies in favor of a direct link.

Mortgage companies must designate a Chief Information Security Officer (CISO) for in-house enforcement of company security procedures. The CISO reports in writing annually to the company’s board and will be held personally, legally responsible in the event of a breach at the agency.

Reporting Obligations

The final piece of accountability addressed in the new law is a reexamination of security reporting.

A “cybersecurity event” is any attempt of unauthorized access private consumer information. In order to mitigate the effects of a security event, financial institutions need to disclose data loss when it happens. This gives consumers sufficient time to take protective action such as changing passwords or putting a hold on a compromised credit card.

In practice though, finance companies endeavor keep data hacks under wraps. They prefer to save face and avoid losing consumer confidence.

In September of 2017, the Equifax data breach made international headlines. Though not the largest, it is considered the worst data breach in US history due to the sensitive nature of personal data that was accessed.

Despite being aware of the situation, Equifax spent five weeks running corporate damage control before disclosing the leak. The company initially underreported the number of affected consumers as 2.5 million instead of the actual 145.5 million people whose private data was stolen.

This failure to disclose the full extent of the damage infuriated the public.

Lawmakers vowed to protect consumers against this type of cover-up. With Sen. Elizabeth Warren (D-Mass.) at the helm, this is how the new regulations were written into law.

No More Cover-Ups

Now, the superintendent’s office places a strict time cap on security breach announcements. A company has no more than 72 hours to report any event that has a “reasonable likelihood of materially harming the normal operations” of the company. 

Since Equifax’s disregard for public safety, the law now stipulates that a data breach report is no longer the jurisdiction of the local supervisory body. Instead, reports of data loss go up the chain of command straight to the New York Superintendent’s office.

With a quicker turnaround time, consumers can be alerted quickly and efficiently through official channels about the breach.

Though basic requirements of the law have already gone into effect, the state of New York did allow time for mortgage companies to learn the law and implement it piece by piece.

According to the roll-out dates of the law, companies are required to be legally compliant with specific sections of the law on March 1 and September 3, 2018. The end of the full two-year transitional period and full compliance will be enforced by March 1, 2019.

For comprehensive compliance guidance and other cybersecurity solutions and, contact us.

Image: Visual Hunt

Topics: cyber security mobile security mobile device security email security cybersecurity security mortgage industry Trump Administration Housing Market Mortgage Lending 23 NYCRR Part 500 NYSDFS

Time for Lenders to Take Responsibility for Data Security

sharky

Lenders and customers face the dangers lurking in the finance world.

Since when do finance organizations rely on customers for security advice?

An investigation into US mortgage lending practices found that 70% of lenders regularly put sensitive financial data at risk by prioritizing customer convenience over security.

While customers often choose to send personal information via quick and familiar technology such as fax or unencrypted personal email, lenders continue to look the other way rather than correct these dangerous habits.

Something has gone awry in the lending industry and customers are taking notice.

It’s the responsibility of the lender to uphold security measures. Lenders have security tools at their disposal. Instead of leaving the doors open to data thieves, they should be insisting on secure email portals and other measures that protect the consumer.

As technology advances for both financial institutions and the data thieves that seek to attack them, it’s time for lenders to take the reins when it comes to customer security.

Financial Services are at High Risk

The two main dangers facing the finance industry are data breaches and security incidents.

A security incident describes any occurrence that has the potential to compromise consumer information. This can be an attempted data theft or an attempted hack into a computer system that stores sensitive information.

A data breach is more serious. Breaches are confirmed disclosures to an unauthorized party. Breaches represent a complete failure of the security system to keep the wrong people out.

An investigation of data breaches across industries finds that Financial Service organizations like mortgage lenders fall into the top three industries affected by successful hacks. In fact 2016 saw 1,368 security incidents and 795 confirmed data loss cases in the finance industry.

Given the value of the data that mortgage lenders collect, mortgage companies remain among the most vulnerable to cyber attacks.

Cyber Security Issues to Watch For

As mentioned, one security vulnerability is with lending staff. Sophisticated cybersecurity standards don’t mean anything if your employees are side-stepping official procedure. Documents with any sort of consumer data should only be shared within secured environments.

Round up the staff and reiterate how the company (and perhaps their job) relies on following the rules. Employee negligence and unsafe information disposal are not to be tolerated.

It’s also a good idea to get coordinated with your IT department. Are staff members using mobile devices like smart phones and tablets to handle sensitive information? Your IT department can install security measures like password protection and encryption so that these devices are cleared for proper company use.

Besides training and an IT device round-up, make sure your software access is secure. Multi-factor authentication or MFA is another way to seriously step up your security game.

After you’ve cleaned house, check your neighbors. Third-party services and their software tools cannot be overlooked. Anything handled by another organization that concerns your company’s customers should meet the same stringent security standards that you enforce in-house.

The Financial Cost of Cyber Attacks

Though financial institutions may have always had customer security in mind, the industry has felt the backlash in recent years.

Historically respected companies are losing consumer confidence. Beyond topping lists for riskiest industry, some of the big names have taken very public falls.

Equifax, a national name in credit scoring, experienced a hack in late 2017. The breach resulted in unsavory national headlines, a PR crisis, the involvement of the FTC, and a resulting push for never-before-seen legislation that regulates the whole industry.

Beyond reputations, there is money at stake. The financial cost of cyber attacks has been on the rise in recent years.

The average cost per capita of a Financial Services data breach in the US has increased by 10% in three years. In 2016 it reached $221 per person as a shared cost that consumers are burdened with thanks to lenders being devil-may-care with their information.

With consumers taking the hit and their financial institutions being degraded by cyber attacks, the industry is set to lose a lot of money.

Clearly, it’s time for a serious turn towards cyber security in order to prop the industry up in the eyes of consumers.

For mortgage lenders, it’s time to turn away from business as usual and make a serious effort to put cybersecurity at the top of the priority list. Not only will this protect valued customers, but it will save the reputation of an industry that has taken enough hits.

Businesses protected by a cloud-based portal with access secured by MFA are leading the industry in the push for cyber security. To find out about security-focused programs like Document Guardian contact ABT.

Image: Laura College on Unsplash

Topics: phishing security mortgage industry Compliance Audit DFS 23 NYCRR Part 500 NYSDFS network safety

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

4 Reasons to Implement a Mortgage Business Intelligence Strategy

bim.jpgBI visuals help employees in the company get on the same page.

Business Intelligence (BI) has come a long way since its first implementation.

At its most basic, BI has always involved analyzing reports and performance information to allow companies to make decisions based on past activity.

At the complex level of present-day information gathering, BI handles large amounts of unstructured, seeming unrelated data and then makes utilitarian connections between data points.

Using modern BI, a company can turn information sets into successful business strategies that give them the edge on the market and long-term stability over their competitors. Nowadays companies even have access to industry-specific BI tools.

Can you imagine why the mortgage industry should harness this ability? Here are 4 reasons to implement a Business Intelligence Strategy in your mortgage company.

  1. Integrated BI for Complete Data

By integrating business intelligence, a mortgage company has the ability to gather data on their activity via an existing mortgage enterprise management system (EMS) and then work with that data using the BI module.

With two or more applications communicating seamlessly, administrators have all the company information at their fingertips.

Integrating BI with existing tools like EMS and CRM platforms makes the data sets more ample and complete.

  1. Improved Strategic Awareness

Integrated Mortgage BI goes beyond just connecting platforms. It develops a rich business intelligence data warehouse (BIDW) that forms the basis for future decisions.

The BI module has the capacity of building data model visuals that are easy to understand. Using the full range of information available, this feature processes information to make it actionable. Pulling information from all sources means providing the company with rich prescriptive and predictive analytics output.

The strategy of information awareness and fact-based decisions produces a positive influence on the bottom line.

  1. BI Accessibility Breeds Positive Change

It used to be that companies needed IT analysts to interface with the data and come up with insight. It was a management level activity shared between tech folks and decision makers in the company.

With an industry-specific BI strategy in place, everyday users in a mortgage company can view easy-to-understand level-specific data related to their work. Placing BI in employee dashboards empowers them to make informed decisions. It goes beyond IT data and links up with HR, employee metrics, customized dashboards, and more to give the power of data to employees at every level of the company.

Smart decisions go from being seen as top-down directives to using real information as the basis for decisions company-wide. This change in company culture has the benefit of increasing employee job satisfaction and efficiency, which also affects the bottom line.

  1. Industry-Specific Bi is Affordable

There are plenty of BI applications on the market. From Tableau to Microsoft, the tech industry has developed a plethora of BI platforms with a range of executions.

There are also visionary platforms like Salesforce that are extremely flexible but require in-house IT customization. They come with bells and whistles that aren’t meant for the mortgage industry.

Mortgage companies without the resources to create their own fit have a better option. Industry-specific software with ample performance ability is the sweet spot. A mortgage-specific BI tool like this is the most affordable choice.

Mortgage companies who implement this type of “goldilocks” platform will be able to harness the power of BI quickly and easily.

Mortgage BI, developed by the same Northern California-based company that produces the data-sharing software MortgageExchange™, is a perfect example of this type of “goldilocks” platform.

ABT’s takes Microsoft’s Power BI software and their own MortgageExchange and combines them for a leading example of how companies can harness the big-brand power of BI without being oversized or overpriced. Not too expensive, no surplus of addons, and customized to be just right for the finance industry.

BI offers huge improvements to every modern mortgage company’s business strategy. The improved strategic awareness will save your company from financial missteps and BI-generated visual representations of performance data will put employees on the same page across the company.

With BI implementation, companies can efficiently put their data to work and move forward with clear direction.

Contact ABT directly to learn about Mortgage BI business analytics for your bank, credit union, or mortgage company.

Image: VisualHunt.com

Topics: Cloud Services information security for mortgage companies data interface solution data security mortgage software integration Business Intelligence Mortgage BI security productivity mortgage business mortgage regulations mobile technology mortgage industry

A Secure Alternative for Transferring Sensitive Mortgage Documents

Securing_documents_from_borrowers_.jpgDocuments aren't really safe unless their transfer is secure from end to end. A mortgage company may store and manage its information with the highest standards, but there is still significant risk if the borrower or seller submits their documents through unsecure channels.

What are some of the best steps you can take to ensure you are meeting security compliance standards and protecting your valuable data when transferring sensitive mortgage documents?

Avoid Email

Email is a simple, popular way to send information. It is also a very unsafe way to transfer confidential information. There's no standard method of encryption for email; Simple Mail Transfer Protocol sends messages by a series of hops from source to destination, with no way to control what servers a message might go through along the way. A "honeypot" server might pass all emails along normally but also grab copies for nefarious purposes.

This scenario is even worse if a sender is using unencrypted Wi-Fi, such as a public hotspot. A criminal can just lurk nearby with a receiver to grab copies of any mail.

Offer a Secure Alternative

What can a mortgage company do about customers sending unsecured documents, and what does it need to do? You can't outright stop people from using email, but you can severely discourage its use for sending confidential data. The best way to discourage this is to provide secure document management alternatives.

Regulations require lenders to handle documents securely. Though it’s not clear whether a mortgage company can get into trouble for accepting emailed documents, regulators will certainly view you in a better light if you present your customers with a secure, convenient alternative.

If confidential customer information is intercepted in transit, this leak can damage the lender's reputation, even if it was the customer's fault. Lending institutions need to take strong measures to avoid unsecure transfers.

Documents also need to be sent to customers securely. The mortgage company has control over this and should strictly follow good practices, both for the customers' safety and to be on safe legal ground. Lenders should never send sensitive documents by email.

Drag-and-Drop or File Transfer Account?

A simple, secure way to let customers provide documents is the drag-and-drop approach. This method lets users upload documents with a secure transfer, and it can be set up with or without password protection.

If there's no password, anyone who discovers the link can upload a document, but this is a relatively minor risk. The destination server allows only uploading, not viewing, of files, so the most that anyone who gets a copy of the link can do is upload fake files. As long as employees exercise normal caution about any information that looks wrong, the chances of harm are small.

Services like Dropbox take a drag-and-drop approach but create an unprotected link which anyone can download. Dropbox allows password-protected documents, but only with paid accounts; the free version isn't well-suited for sensitive documents.

Another approach is to create a file transfer account for each customer. Once they've registered, the software will let them upload and download files. This allows for two-way file transfer between the customer and lender, and customers can review what they've already uploaded.

In a system where customers can download as well as upload files, it is necessary to authenticate the identity of the person creating the account. Confidential personal information, such as the customer's Social Security number, can help with this. For additional security, the lending institution can send the customer a code to enter when registering.

This method offers more options than the drag-and-drop approach, but it is also more complicated to set up. If customers forget their passwords, they will need a procedure to reset them, which often involves emailing a one-time link—a method which has its own security problems.

What's important in either case is to use a secure URL (starting with “https:”) with a properly configured server. A website that doesn't use a secure connection allows eavesdroppers to intercept not only documents but passwords. An unsecure web connection is even riskier than email.

The DocumentGuardian Solution

ABT's DocumentGuardian™ uses the simple, reliable, drag-and-drop approach but beefs it up with more security. The customer receives an upload link; no registration or password is required. Uploading is a simple matter of dragging the file to a window. Files are uploaded via a secure connection and sent directly to ABT's secure data center, where they're available to the lending institution. When a customer uploads a revised version of a document, the old version remains available and can be viewed, compared, or, if necessary, restored.

Equal parts simplicity and security, DocumentGuardian™ is the perfect solution to enable you and your customers to transfer sensitive documents with as little risk as possible.

To learn more about how DocumentGuardian™ and our other mortgage company technology solutions can safeguard customer confidentiality and security, please contact us.

Learn More

Topics: DocumentGuardian mortgage documents security