Mortgage

Cybersecurity in the Mortgage Workplace: What You Need to Know Now

Keeping business and borrower information safe and secure is challenging for mortgage lenders of every size – and the pandemic only amplified that challenge. Expeditious shifts from in-person to online to hybrid workplaces forced companies to change, or at least reexamine, their cybersecurity practices and protocols, and far too often they weren’t prepared. In fact, according to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.

Now, businesses that fell victim to cyberattacks along with companies fortunate enough to avoid falling prey to breaches and hacks, are looking at ways to bolster their defenses and safeguard their data. But which plans, practices, and services should these organizations invest in?

In this post, we offer four steps that mortgage lenders of all shapes and sizes can take to better protect themselves against cyberattacks:

1.) Identify the “crown jewels” of your business.

Understanding which information cybercriminals want most is essential to combating cyberattacks. In the mortgage industry, cybercriminals are likely to target individuals who access personal and financial information, such as any sort of borrower, title companies, lenders, or even loan officers themselves.

Cybercriminals will attempt to “break in” to your organization’s network to gather this information by targeting the backbone of your infrastructure. That’s why it’s crucial to create an inventory list of the valuable data and assets within your organization, including manufacturer, model, hardware, and software information of network infrastructure. You’ll also want to take note of who has access to important data and information like borrower information, while also accounting for all storage locations. This practice will ensure that business leaders have a track record of accessibility so they know where to look in case of a vulnerability or breach.

2.) Protect assets by updating and authenticating.

At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. To accomplish this, make sure your security software is current. Investing in the most up-to-date software, web browsers, and operating systems is one of the best defenses against a host of viruses, malware, and other online threats. You’ll also want to make sure every device has automatic updates turned on, so you can avoid having employees manually update them, and back up all data in the cloud or via separate hard drive storage.

Keep doubly sure your assets stay safe by requiring staff to use strong authentication and ensuring only those with permission can access them. The key is to use strong, secure, and differentiated passwords. According to a 2021 PC Magazine study, 70% of people admit they use the same password for more than one account. Using weak and similar passwords makes a hacker’s life a lot easier and can give them access to more materials than they could ever dream of. Finally, make sure employees use multi-factor authentication (MFA). While it may mean a few extra sign-ins, MFA is essential to safeguarding data and can make the difference between a successful and unsuccessful breach.

3.) Monitor and detect suspicious activity.

Companies must always be on the lookout for possible breaches, vulnerabilities, and attacks, especially in a world where many often go undetected. Invest in cybersecurity products or services that help monitor your networks, such as endpoint detection and response software, anti-virus, and Security Information and Event Monitoring services. In addition, make sure your employees and personnel follow all established cybersecurity protocols before, during, and after a breach. Individuals who ignore or disregard important cybersecurity practices can compromise not only themselves but the entire organization. It’s incumbent upon business leaders to pay close attention to whether your company fully embraces all of your cybersecurity procedures and technology.

4.) Have a response plan ready.

No matter how many safeguards you put in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Have a cyber incident response plan ready to go prior to a breach. And embrace smart practices such as disconnecting any affected computers from the network, notifying your IT staff or the proper third-party vendors immediately, and utilizing any spares and backup devices while continuing to capture operational data.

For more information on how the mortgage cybersecurity experts at Richey May can help safeguard your operation from cyberattacks, please contact us.