Mortgage Software Solutions Blog

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.


Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

ABT Security Recommendations: Social Networking Safety in the Workplace

Businesses that deal with finances and credit face specific social networking safety concerns that many other businesses do not. From threats to family members in hostage situations to the potential for irrevocable public relations harm, mortgage businesses must consider carefully how to address the security issues that may arise from employee social media use.


Train Personnel to Protect Information

The threats to family members mentioned above happened at a mock robbery a consultant performed for a credit union. The police officers, who were acting as robbers, gathered public information from people's social media pages and used it to threaten a teller's husband. While this was done to prevent actual robberies from taking place, simple information regarding places of employment was enough to give potential thieves the upper hand.

Train your personnel to protect their personal information by removing private data from their social media profiles. Educate them on the various risks of social media use and what the best practices are for using various social media platforms. Further, your company should institute and enforce policies that ensure your employees are taking the proper precautions.

Protecting Accounts

Education is essential to protecting your business from potential scams, hackers, thieves, and other malicious agents who desire to use information from social media. Privacy settings are different on every social media platform, and employees must understand the risk of exposing certain types of information on their personal social media accounts.

Posting something on social media is akin to shouting something out loud in the middle of a crowded room. If the information is something you wouldn't shout in the middle of a food court, do not post it. This is especially true for public settings, on sites like Facebook or the very real public forum of Twitter. Employees need to be educated on the long term consequences of things they post online and the potential backlash it can have on your company’s reputation. Often things go viral so quickly that a mistake cannot be taken back. Before you know it, it has already been screen captured and re-shared.

Avoiding Scams

While most employees are used to the idea of the Nigerian prince scam, sophisticated scammers attempt to perpetuate scams, without ever interacting with their targeted victim. Social networks provide answers to security questions (What is your mother's maiden name?) to people who know how to glean data.

In order to prevent much of the risk of scams associated with social networks, employees need to limit the amount of public information they have accessible on social networks. A good recommendation is to require that employees do not list their place of work on personal social network profiles, since this is a part of the profile that is usually public.

Public Nature of Social Networks

Employees need to know and understand social networks, how to control privacy settings, and the nature of various networks. Some networks allow you to control who sees what, while many social media sites default to public viewing of everything, with only limited control of privacy via direct messages.

Employees also need to be aware of screenshot technology, forwarding functions and other systems for making private communication public. Just because something was sent in a direct message on Facebook or Twitter, that does not mean that it cannot be made public later. Employees should never conduct any public or private discussion of the business's affairs over social media.

Limited but Accessible

While the risks associated with social media sites makes some IT personnel want to block them entirely from a workplace, this only increases risks to the business. Employees will often seek ways around an IT security policy that is perceived as unjust and inflexible. This can potentially breach firewall privacy, introduce added distractions to the workplace, and encourage employees to access sites through less-than-trusted means.

While the many advances in technology increase risks to businesses, these risks can be managed with the right information, education, and company policies. Access Business Technologies uses DeviceGuardian™,  a tool that is easily installed on any existing or new device, allowing ABT to securely manage all of your mortgage software, data, and users.  DeviceGuardian™ makes all of your devices compliant with Consumer Financial Protection Bureau (CFPB) regulations. Prevent Social Networking scams with DeviceGuardian™ and control whitelisted and blacklisted websites. For more information about mortgage business and IT safety, mobile apps, and remote desktops, please contact us today.

Learn More

Topics: ABT social networking safety