Cybersecurity has become an increasingly pressing issue in all industries that store personal information, particularly after a cyber-attack in 2014 against JPMorgan Chase that compromised some 83 million accounts.
Protecting data has become a larger concern to mortgage professionals in recent years as the industry has become more and more digitized—many mortgage loans now are completed electronically to where no paperwork is involved at all. On top of that, mortgage lenders collect more personal information on customers than any other sector in the financial services industry, making them prime targets for hackers.
Digital data security came to the forefront again this week as the CFPB made an announcement that it is seeking input from stakeholders on consumer access to their personal financial data—particularly, how much access consumers have to that data and how secure the data is when it is being shared.
As digital data is becoming more difficult to protect—after all, the CFPB’s Office of Inspector General listed information security as one of the Bureau’s biggest challenges—companies that handle sensitive information are going to great lengths and expense to make sure that data is safe.
“Our IT’s department’s No. 1 priority is protecting data,” said Mark Mackey, CEO of International Document Systems. “You wouldn’t risk security for anything. It wasn’t as big of a deal 10 years ago because you didn’t hear about it as much.”
Mackey continued, “We try to put in as much security as we can from all sides. We put a lot of safeguards in place. Everything that can be encrypted is encrypted. We have to take everything to the extreme, unfortunately.”
DocMagic CEO Dominic Iannitti said of his company's security procedures, “DocMagic employs a multifaceted defense in depth approach to ensuring customer sensitive data is always protected. Multiple next generation firewalls are used to keep out unwanted traffic and intruders. Additionally, an intrusion detection and prevention system is used to analyze traffic and alert network security personnel of suspicious activity. Advanced encryption is used when data is transmitted to or from DocMagic servers. Secure Document Delivery to partners and third-party providers is provided through the WebDocs platform. This system utilizes a secure combination code along with a client configured challenge password that is entered prior to downloading documents.”
James Deitch, CEO of Teraverde Management Advisors, noted to MReport earlier this year that it has gotten easier for hackers: “They are usually invited in by having an employee click on an email that has an attachment or go to a website which has malware contained on it. And that malware can be downloaded onto a machine simply by browsing on the website.”
Should a data breach occur, Deitch said, “The first item is to do a pretty broad risk assessment and just understand what the risk elements to the company are. One can do a social engineering susceptibility test that are fairly straightforward. They can either be done by the company or independently. The second is just to go through what is called ‘patch management,’ just to make sure that all the updates on software, servers, or computers are all done. And to train employees on the techniques that hackers use to get in.”