Mortgage Software Solutions Blog

Why Cyber Security Comes First in the Mortgage Software Market

Why Cyber Security Comes First in the Mortgage Software Market

Equally important: physical security and cyber security.

The finance industry’s data-handling platforms have a clear bulls-eye on them.

The U.S. mortgage industry supply chain is considered a “massive target for information security breaches.” In fact, from 2015 to 2016 the number of data breaches in the United States went up by 40%.

Still, most mortgage lenders sidestep cyber security by shopping for software the old-fashioned way.

Functionality across platforms is comparable, but security is where the largest variation exists amongst current technology offerings. The regulatory and litigation atmosphere surrounding data breaches in 2018 is such that the best mortgage software addresses cyber security first and foremost.

Here is how the best mortgage software on the market is focused on security frameworks first.

The Weakest Link

Poor cyber security has a financial and regulatory impact. This, combined with the negative press of recent international breaches, is what the modern financial institution wants to avoid.

Though large institutions have tight security, an increase in automation and “digital mortgage” online customer interactions means that high-tech services are being farmed out to third-party vendors. Tools like business intelligence (BI) and machine learning (ML) also means data transfer within the industry is nearly constant.

Homebuyer information is especially ripe for hackers because it includes secondary digital assets like credit data.

Though big banks are heavily invested in keeping this data safe, the sharing of borrower data to smaller vendors has caused a disruption in the security systems. The immature security of these third-party service providers has created a weak link in a previously well-fortified industry.

Who is Responsible?

Though it seems like the third-party vendor is the one who should catch up to security norms, the tech newcomers are not being held responsible.

New legislation in the US holds financial institutions responsible for the security level of their third-party vendors—no matter where the data or breach originated from. When a smaller vendor experiences a security event, it is the large mortgage company that is on the hook.

Even if the company avoids catching the eye of regulators, cases of mishandled customer data have executed litigation of $201+ per recorded liability.

Cyber Security Solutions

The solution is to rein in weak spots by employing cyber security technology that goes beyond the traditional server model. It should cover gateways, third-party access, and employ strategies that keep an eye on common but unsafe tech-related practices.

A tech developer called ABT offers a cloud-based platform called MortgageWorkSpace that ticks the right boxes.

ABT works exclusively with the mortgage industry to develop software solutions for lenders and third-party financial institutions in the home buying industry. With the functionality of the lending platforms in place, ABT leads mortgage tech by focusing squarely on cutting-edge cyber security.

Above all, MortgageWorkSpace provides a secure gateway to access lending data. It employs multi-factor authentication and monitors system email use to fend off phishing as well.

Despite increased accountability, mortgage lenders can keep the company name and customers safe by shopping for a platform that puts security first.

Advanced Cyber Security Features

With market demand high, on-board security features distinguish better platforms from those that add build-out security capabilities as an afterthought.

ABT has a built-in consumer protection feature called Remote Desktop which gives mortgage lending employees a cloud-based real-time file management system. Offering functionality to the user, this feature actually prevents the storage of data on local PCs. This Dropbox-like feature means that the employee’s desktop is not only updateable from anywhere, but that files containing sensitive information don’t get downloaded out of the system where security is weakest.

Lenders shopping for top mortgage software should keep an eye out for features like the Remote Desktop that combine user experience with security in a way that is seamless.

Developers who have security at the forefront of their business model will also provide crucial non-tech extras for lenders.

ABT gives clients a written information security policy that outlines the software’s parameters and security compliance rules. This type of documentation may have been overkill in the past, but is increasingly required by state and federal law for legal operations in the U.S.

Though most software shoppers understandably look at usability first, the consumer financial sector increasingly puts cyber security front and center.

Mortgage broker software is no exception. Platforms should have a full range of built-in cyber security solutions, usability features that incorporate digital protection without being clunky, and advanced features that provide extended protection as regulations become more stringent.

As a target for hackers and a trend of increasing legal accountability, cyber security is now the main consideration in the mortgage software market.

Check out the full range of ABT’s security-driven mortgage business products on our website or contact us to learn more.

Image: Unsplash

Topics: Hosted Software options Mortgage Servicing in the Cloud mobile security mobile device security email security data security mortgage company security financial data security social networking safety phishing multi-factor authentication Business Intelligence cybersecurity mortgage documents security data warehousing

Cyber Security Seatbelts Save Digital Lives

digital seatbeltsWear a seatbelt—navigate your cloud-based systems with safety in mind. 

“Safety first.”

It’s a pretty easy idea to agree on. We all think safety is important.

So what do we do when customers say we aren’t being safe enough?

2017 saw the largest consumer data breach in world history. Equifax made international headlines for a breach that exposed the personal information of as many as 143 million people.

As Equifax knows well, financial and credit-related information is extremely valuable to cyber criminals. Hacks of this kind need to be protected against.

Consumer Safety

After many years of unsafe automobiles, consumers were tired of dangerous cars. They demanded that the industry clean up its act to make vehicles safer. With a little help from activists, car makers complied.

With government regulations in place, riding in a car has changed. Now all cars are made with seatbelts and few people get into a car without buckling up.

The auto industry’s move towards standard safety precautions can teach finance folks a lesson about how to face consumer demand for safety.

Cyber Seatbelt

Safety precautions for automotive vehicles began with the simple safety belt.

The seatbelt of the mortgage industry is MFA security, which keeps data safe.

The safest “seatbelt” on the market, it’s time to implement multi factor authentication when your company migrates into the cloud.

For your staff, a cloud-based workspace makes work convenient and accessible. For cyber criminals, migration to the cloud means they have a doorway to try and break in.

Also known as MFA, multi factor authentication is a nearly fool-proof way to prevent the wrong people from accessing your company’s data.

MFA requires that employees accessing the cloud have to enter at least 2 forms of digital identification. MFA validates that the person logging into the system is who they say they are. Whether by a text message to their company phone or another form of ID, staffers are let in and hackers are kept out.

MFA is so secure, it has become the modern standard for financial institutions. It was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017. It was also listed as the standard for the mortgage industry in New York’s new cyber security legislation.

For any financial institution that works in the cloud, MFA is the first safety precaution that can protect both the company and consumers.

If MFA is the visible seatbelt, what are the airbags that provide safety behind-the-scenes?

Cyber Airbags

Email Guardian is a product developed by a US-based company specifically to keep financial information secure for mortgage companies.

Its main job is to watch business email. It checks URLs on incoming messages to watch for phishing attacks. It filters every link and tests linked sites to make sure they are clean. If a link is dangerous, this program catches it and breaks the link before your staff can click-through.

It protects companies from intrusion by providing comprehensive, multi-layered email security and content controls. A web-based application especially for financial institutions and big business, this application handles dynamic security precautions including email encryption and security tracking as well.

Just like how airbags provide a layer of cushioned protection for car drivers and passengers, this innovative technology provides layers of security to keep email hackers at bay and avoid catastrophe.

With MFA and Email Guardian combined, your company data remains out of harm’s way.

Lessons from the Auto Industry

Just as with unsafe automobiles, consumers are reacting to the Equifax disaster by demanding that something be done about info protection for credit companies and mortgage brokers.

Government regulators have begun to react as well. New York introduced groundbreaking legislation to regulate cyber security for financial institutions. Colorado and Vermont are following suit.

When consumers make an industry-wide demand, companies need to pay attention.

Since widespread consumer outrage over information leaks continues making news and influencing regulators, mortgage companies are wise to adopt security measures and establish a basis of protection for their customers.

In the same situation decades ago, auto manufacturers made serious efforts to improve consumer protection for their products. Today carmakers are seen by the public as one of the most safety-conscious industries.

Taking care of consumer data is important if lenders want to be seen in the same light in the future.

ABT’s cutting-edge Email Guardian application provides strict security breach protection and data leakage prevention. Contact us to learn more.

Image: VisualHunt.com

Topics: Mortgage Cloud Services cyber security email security data security social networking safety cybersecurity security mobile technology mortgage industry HUD Consumer Finance Protection Bureau Compliance for Mortgage Companies Compliance Audit Housing Market network safety MBA

7 of the Most Interesting Facts About Cyber Security

 

pic blog-1.jpgAs technology of cyber security advances, so does the technology of hackers.

A computer hacker is the name given to the tech-savvy folks on both sides of the internet battlefront. Bad guys or “black hat” hackers are the ones trying to break into computer systems, steal data, and install harmful software. The “white hat” hackers are cyber security heroes that develop ways to catch bad guys and stop malicious programs from doing damage. That’s interesting nomenclature, right?

The world of cybersecurity is full of intriguing tidbits that help us understand the dangers and how to protect ourselves from the black hats of the world. Here are 7 of the most interesting facts about cyber security.

  1. The number of cyber attacks is going UP not down. Though white hat hackers continue to improve, the total number of cyber attacks doubled in 2017. That’s according to the Online Trust Alliance (OTA), which has named 2017 “the worst year ever in data breaches and cyber-incidents around the world.” 
  2. Ransomware is leading the way in modern cyber security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on doxxing (publishing of the personal data) or blocking a victim’s online access to their own accounts.
  3. 91% of cyber attacks in 2017 started with a phishing email. Phishing is the practice of sending fraudulent emails that seem to be from a reputable company. When the victim clicks on a link or freely reveals their passwords or credit card information as a response, the phish is a success. The two best ways to avoid phishing attacks are to (1) never click unknown links and (2) never send sensitive information that has been requested via email.
  4. Cyber-crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This massive amount of money represents the greatest transfer of economic wealth in history (2017 Cybersecurity Ventures).
  5. Financial organizations are the biggest targets of cyber attacks. Verizon’s 2017 Data Breach Report breaks down the hacks by percentage: Last year, 24% of breaches targeted the finance industry, 15% were aimed at healthcare, 15% were retail, and only 12% of breaches occurred in the public sector.
  6. Mortgage companies are the #1 target in the industry because of the treasure trove of information that they require from customers. Mortgage companies hang onto more non-public than any other type of financial organization.
  7. 93% of breaches could have been avoided by taking simple steps, such as regularly updating software or leveraging modern cloud based solutions. Can you believe that breaches are easy to prevent? There is an old saying that “the best defense is a good offense”. It applies to the cyber security world too.

If you take the initiative ahead of time to set up clear security mechanisms, your company’s data systems won’t be attractive to bad guys.

What are the new standards for security? Modernized IT including updated password policies and Multi Factor Authentication. Cloud-based data systems are key for getting your company data off those old office servers. Sophisticated cloud-based email gateways configured especially for the mortgage industry to protect against email-based threats. These are the foundations for data security when it comes to financial institutions in 2018.

Be the cyber security leader in your industry. Make the changes before hackers make the first move on your company. When you aren’t an easy target, your data remains safe and your customers stay happy.

The best thing a business can do to keep those black hats at bay is to stay informed about cyber security by reading articles like this and use their knowledge to implement solid security measures before a hack occurs.

Businesses protected by proven security measures like ABT’s Email Guardian remain safe and receive monthly reports detailing security threats. Contact us to learn more.

Image: Pexels.com
Topics: Mortgage Software Reporting dangers of ransomware email security data security mortgage company security financial data security creating strong passwords social networking safety phishing multi-factor authentication cybersecurity security productivity mortgage business malware network safety

Business Data Security and Multi-Factor Authentication

 240_F_122590781_AfHycyjOI0sOqepiZ1DQVBYkZsH7qlRr.jpg Get an extra level of security with multi-factor authentication or MFA.

Each year, cybersecurity gets more complicated.

According to anti-virus developer Panda Security, the amount of malware created by cybercriminals is predicted to grow exponentially with each passing year.

Companies have to face the reality that a security breach has a serious impact on business.

To avoid the distress of company-wide damage control and a PR nightmare, it’s best to make sure security is in good shape.

Real Business Impact

For some businesses, consumer data handling is the main issue.

Financial institutions such as banks and mortgage companies are often targeted by hackers because they house the most personal information.

With major security failures like the Equifax breach of 2017 making international news, the finance industry’s cybersecurity worries are real.

More is at stake than information. A data breach can mean sales losses and a tarnished reputation that lasts for years.

From fines to fraud, there are monetary repercussions as well.

So what is the fastest way to tighten security on cloud-based and traditional networks?

Multi-Factor Authentication

Data breaches in single-factor authentication systems often exploit the system login credentials or passwords of users.

Multi-factor authentication or MFA is a group of security measures that go beyond the traditional password in order to correctly identify a person for system access.

MFA is becoming more prevalent in the financial industry. This kind of authentication was adopted by the Payment Card Industry Data Security Standard (PSI DSS) in February of 2017 and was listed as a standard for the mortgage industry in the State of New York in the same year.

Multiple factors mean heightened levels of information that only the user can provide.

These factors can be a number of different security measures. A “soft token” is when security software generates a one-time-use passcode sent to the user’s mobile device. This type of authentication can also be executed with a text message, phone call, or an email with a hyperlink.

Other factors run the gamut from predefined security questions to biometric identifiers like fingerprints or facial recognition software.

Only the correct user knows the information or is in the circumstance to receive the passcode, so using MFA means only the approved user is given access.

The Modern Office

Another issue with security is the modern office environment.

There are a growing number of remote workers. Employees want access to work-related applications from outside the office.

In this mobile workforce, employees are moving off of network-approved computers and onto personal or public machines. It’s up to the IT department to facilitate their work and make sure they go through a heightened level of security checks.

MFA is an authentication strategy that allows IT to deliver this level of remote access. It solves the problem of identifying recognized employees while maintaining a solid defense against intruders.

User Experience

The final consideration when implementing cybersecurity measures is user experience.

With higher scrutiny comes a higher level of annoyance by the employee at having to prove their authorization.

IT staffers need to balance security measures with user convenience.

One development that improves this balance is “adaptive” MFA. This security technology evaluates the risk factor of the user and then adapts the number of factors required for entry to the system.

An employee using a company-issued laptop at a café with an IP address across the street from headquarters is considered a low-risk access attempt. This situation does not require extra security measures.

On the other hand, if someone is trying to gain access on an unrecognized device in a location where the company doesn’t have an office (e.g. employee is attempting to do work on her tablet while vacationing in Bali) then the number of factors required will be at the maximum level. The employee jumps through some hoops, but with an understanding of why.

Conclusion

Data breaches are happening at the enterprise level at an alarming rate. A watchdog organization called Breach Level Index estimates that every second, an average of 57 records are stolen.

Employees are moving towards a more mobile work environment with wide geographic distribution.

For companies who handle consumer data, implementing MFA is simply one of the most effective ways to crack down on security violations and keep up with the modern workplace.

Businesses that use the MortgageWorkspace management software by ABT are protected by multi-factor authentication and a host of other cybersecurity measures. Contact us to learn more.

Topics: social networking safety phishing multi-factor authentication cloud storage mortgage business Compliance for Mortgage Companies Compliance Audit cloud-based data Housing Market Mortgage Lending

ABT Security Recommendations: Social Networking Safety in the Workplace

Businesses that deal with finances and credit face specific social networking safety concerns that many other businesses do not. From threats to family members in hostage situations to the potential for irrevocable public relations harm, mortgage businesses must consider carefully how to address the security issues that may arise from employee social media use.

ABT_Security_Recommendations_Social_Networking_Safety.jpg

Train Personnel to Protect Information

The threats to family members mentioned above happened at a mock robbery a consultant performed for a credit union. The police officers, who were acting as robbers, gathered public information from people's social media pages and used it to threaten a teller's husband. While this was done to prevent actual robberies from taking place, simple information regarding places of employment was enough to give potential thieves the upper hand.

Train your personnel to protect their personal information by removing private data from their social media profiles. Educate them on the various risks of social media use and what the best practices are for using various social media platforms. Further, your company should institute and enforce policies that ensure your employees are taking the proper precautions.

Protecting Accounts

Education is essential to protecting your business from potential scams, hackers, thieves, and other malicious agents who desire to use information from social media. Privacy settings are different on every social media platform, and employees must understand the risk of exposing certain types of information on their personal social media accounts.

Posting something on social media is akin to shouting something out loud in the middle of a crowded room. If the information is something you wouldn't shout in the middle of a food court, do not post it. This is especially true for public settings, on sites like Facebook or the very real public forum of Twitter. Employees need to be educated on the long term consequences of things they post online and the potential backlash it can have on your company’s reputation. Often things go viral so quickly that a mistake cannot be taken back. Before you know it, it has already been screen captured and re-shared.

Avoiding Scams

While most employees are used to the idea of the Nigerian prince scam, sophisticated scammers attempt to perpetuate scams, without ever interacting with their targeted victim. Social networks provide answers to security questions (What is your mother's maiden name?) to people who know how to glean data.

In order to prevent much of the risk of scams associated with social networks, employees need to limit the amount of public information they have accessible on social networks. A good recommendation is to require that employees do not list their place of work on personal social network profiles, since this is a part of the profile that is usually public.

Public Nature of Social Networks

Employees need to know and understand social networks, how to control privacy settings, and the nature of various networks. Some networks allow you to control who sees what, while many social media sites default to public viewing of everything, with only limited control of privacy via direct messages.

Employees also need to be aware of screenshot technology, forwarding functions and other systems for making private communication public. Just because something was sent in a direct message on Facebook or Twitter, that does not mean that it cannot be made public later. Employees should never conduct any public or private discussion of the business's affairs over social media.

Limited but Accessible

While the risks associated with social media sites makes some IT personnel want to block them entirely from a workplace, this only increases risks to the business. Employees will often seek ways around an IT security policy that is perceived as unjust and inflexible. This can potentially breach firewall privacy, introduce added distractions to the workplace, and encourage employees to access sites through less-than-trusted means.

While the many advances in technology increase risks to businesses, these risks can be managed with the right information, education, and company policies. Access Business Technologies uses DeviceGuardian™,  a tool that is easily installed on any existing or new device, allowing ABT to securely manage all of your mortgage software, data, and users.  DeviceGuardian™ makes all of your devices compliant with Consumer Financial Protection Bureau (CFPB) regulations. Prevent Social Networking scams with DeviceGuardian™ and control whitelisted and blacklisted websites. For more information about mortgage business and IT safety, mobile apps, and remote desktops, please contact us today.

Learn More

Topics: ABT social networking safety