Every October since 2004, the United States has observed National Cybersecurity Awareness Month. Computer security is always important, but the month when spooks, zombies, and demons are on display is a fitting time for the mortgage business to give it focused attention.
In last year's proclamation, President Obama said, "I urge all Americans to take measures to decrease their susceptibility to malicious cyber activity, including by choosing stronger passwords, updating software, and practicing responsible online behavior."
The Department of Homeland Security and the National Cyber Security Alliance are major forces behind the month's events. Weekly themes will include:
- October 3–7: Every Day Steps Towards Online Safety with Stop.Think.Connect.™
- October 10–14: Cyber from the Break Room to the Board Room
- October 17–21: Recognizing and Combating Cybercrime
- October 24–28: Our Continuously Connected Lives: What’s Your ‘App’-titude?
- October 31: Building Resilience in Critical Infrastructure
The theme for this year is "Our Shared Responsibility." Security isn't a zero-sum game where stopping attackers means they'll just go somewhere else. When more businesses prevent breaches, there's less reward for criminals and therefore less incentive for them to keep trying. On the other hand, losing valuable data or paying ransomware demands doesn't just cost an institution—it gives the thieves more resources to fund their next exploit.
The mortgage business is a popular target for cybercrime because of the opportunity for financial gain. Security expert Jeff Bernstein warns of the increasing threat to mortgage companies, with damage already in the billions of dollars, and offers some simple advice: "Most security compromises happen because somebody is doing something that they shouldn’t do." Awareness of the right practices can greatly reduce risks.
Individuals and organizations, including businesses of all sizes, can become NCSAM Champions simply by registering online and pledging to take some constructive action to raise public or internal awareness.
Access Business Technologies is constantly at work promoting the best security practices for the mortgage business. Several areas are especially important in this field:
- Authentication. Properly identifying customers prevents fraud through impersonation and identity theft. It is possible to do this without causing serious inconvenience.
- Confidentiality. Guarding your clients’ personal information is vital. Submission of documents, storage on the company's data systems, transfer between employees, and storage on employee computers are all potential risk areas. Protecting confidentiality requires making sure that even the weakest points are strong.
- Personal security practices. Each employee needs to be aware of security issues. Employees should avoid opening suspicious emails, and they should be even more cautious about opening unexpected attachments and following questionable links. They should take extreme care with which devices they plug into their computers and which applications they download.
- Protection of portable devices. It is important to secure data on employees’ personal devices. Losing a laptop, phone, or tablet can lead to big trouble if the device holds unencrypted sensitive information. Any portable device that's authorized for sensitive customer data needs to be encrypted with a strong password, and portable devices that aren't encrypted should never hold such data.
- Intrusion prevention. Mortgage businesses have to keep intruders out of computers and networks that hold sensitive data. Malware and spyware can get into a network through many paths and then steal information or damage data.
- Protection against insider breaches. Theft by trusted employees is especially hard to stop, since they need to have access to data in order to do their jobs. In March of 2016, employees of Mount Olympus Mortgage Company allegedly stole loan files and took them to a competitor, Guaranteed Rate. Limitations on access and routine audits can reduce this kind of risk.
- Breach detection. Monitoring systems are necessary to catch any breach as quickly as possible. Quick detection can limit the extent of the damage and allow a quicker recovery.
- Remediation procedures. A mortgage business needs a plan of action to prepare for the possibility of sensitive information being compromised. Affected parties need to be notified without any cover-up or delay.
Last year, the Office of the Comptroller of the Currency issued a press release reminding everyone of the "risks that cyber threats pose to individual banks and thrifts, as well as the financial system as a whole."
Access Business Technology's software tools, including DeviceGuardian™, DocumentGuardian™, and EmailGuardian™ enable mortgage businesses to handle all aspects of the lending process in keeping with strict security compliance, without compromising convenience for customers. Contact us to learn how these tools can aid your business.
National Cybersecurity Awareness Month is an excellent time for mortgage businesses to review and tighten their procedures and to remind their customers of the importance of data security. Promoting general awareness with the hashtag #CyberAware and using the Stop.Think.Connect. Toolkit will encourage employees to do their part. Be a Champion and help to promote and institute best practices for protecting customer data.