Did you know the first known use of the term “cybersecurity” was in 1989? Not surprisingly, it saw a surge in usage around 2000. Anyone remember “Y2K?”
I bring this up to remind us that cybersecurity is not a new concept. Cyberthreats have been a major business concern for over a decade now. However, the importance of protecting data gets more pressing each day as technology continues its relentless march into every aspect of our daily lives.
Do you remember when the biggest data security threat was a smash-and-grab of borrower files from your office? Oh, for the good old days. It wasn’t long ago that we used our phones as phones—you know, to make calls. Now our phones give us the power of a laptop right in our pockets.
The beauty is that technology provides solutions to increase loan production speed and quality and lower costs. The down side is that we have moved so quickly that we have gaping security holes that leave us vulnerable.
Think about how easy it is for a hacker to get our information. We use unsecured WiFi at coffee shops where a 16-year-old kid can use free software to record everything we type and play it back like a movie. We use the same passwords for every website. We open emails and click on attachments without looking close enough to realize it’s a hacker dropping ransomware on our machines.
What happens to all this information? Once stolen, where does it all go? Often, it goes to a place called the “dark web,” which plays host to the internet’s black market, to be sold and traded.
I had heard of the dark web, but had no idea how to get there and, frankly, I was slightly nervous to even Google that. But before addressing a session on this topic at the American Association of Residential Mortgage Regulators (AARMR) Conference this year, I decided I needed to see behind the curtain for myself.
With some help, I grabbed an old computer and wiped it completely clean, added a special browser and super-anonymous virtual private network, and dialed up some of the more popular dark web sites.
We found cocaine, crack, and every other drug you can imagine, guns, stolen identifications, passports and passport creators, credit cards, bank logins, and so much more. This is where the bad guys go to sell information they obtained from various places. The experience of finding all that private and sensitive data available with a few clicks made me sick to my stomach.
So, how does this fit in a mortgage compliance conversation? We are all vulnerable, and companies that don’t take this seriously will not last. Our industry is wide open for hackers, and we don’t have much time to fix it before the bad guys figure us out.
Keep in mind that we make promises to borrowers to keep their data safe. The Gramm-Leach-Bliley Act requires us to have an information security plan. The state of New York recently launched expansive cybersecurity requirements. Other states and federal agencies are creating rules that require us to go way deeper on your information security policies. We are required to assess and implement safeguards, yet how many companies actually do?
It is essential that we take serious steps to protect our organizations and borrowers. Let me give you just a few things you should consider doing right away that will help your company protect borrower data.
Require Software Updates
One of the easiest ways to protect your company’s and customer’s information is to implement a software patching policy. Software and app publishers regularly release updates to fix known vulnerabilities. All company devices and personal devices used to access company information should be set to auto-download updates. Employees should not be allowed to use old web browsers or operating systems that are no longer supported by the publisher.
Consider the case of Windows XP. Because Microsoft has stopped supporting XP, it is so hackable it’s almost embarrassing. That’s how hackers are getting into pacemakers and voting machines. They run on older software like Windows XP and are no longer updated.
Using the latest browser and operating system won’t make you bulletproof, but will make you much more difficult to hack. Remember when an update is released hackers can identify the vulnerabilities of older versions and then use those to get into machines and programs that are not regularly updated.
Get Ahead of This Latest Scam
Get the message out to all of your lenders and borrowers about the latest real estate scam. Here’s how it works: Hackers break into realtor and closer emails and send borrowers new wiring instructions. The customer clicks the link (it’s from a trusted source after all) and unknowingly wire their money directly to the hackers. In California, one home buyer lost nearly a million dollars by wiring it to the account link in the email. Create a campaign to train internally and communicate with active borrowers to make sure this doesn’t happen to your clients.
Use the Cloud to Provide a Buffer
There are two important ways the cloud can be used to help put a barrier between your data and hackers. The threat of ransomware and the inherent insecurity of email can both be addressed by outsourcing data storage.
Keeping information backed up in the cloud (as opposed to stored exclusively on your own server) makes your company less susceptible to ransomware. The latest ransomware attacks should scare you into backing up company files in the cloud so you can’t have your information held captive. If you keep a second copy of everything in an off-site server of some sort, ransomware suddenly becomes ineffective.
Also, a system with multiple points of entry, where people can access the data from any computer with individualized logins, makes it possible to share information without sending it by email. Transmitting private borrower data by email is foolish at best. You also have to consider that email is the easiest way to get a virus. I love seeing tech move towards systems that allow you to communicate outside of email. We created The Knowledge Coop with this in mind.
Cybersecurity and data protection are not getting easier. Start with these three tips and then don’t stop researching. Every day we learn something new about system vulnerabilities. You can’t stay ahead of the hackers, but you can take steps to avoid being a victim. The biggest mistake you can make is to not take this seriously.
Ken Perry is the President and Founder of The Knowledge Coop. Find out more and sign up for his weekly industry update video at www.knowledgecoop.com or connect with Ken at firstname.lastname@example.org.