8 Things Every Title Professional Should Know #2 Don't Get Lost in Cyber Space: How to Handle Cy
There was a time when “security” meant a simple lock & key. If you had the key, you were the only person that had access. In the 21st century, however, security has evolved and protection means more than a simple key or combination. In this day and age, security means internet passwords, identity theft, micro-chipped debit cards and search history logs.
For the real estate world, an industry full of private, valuable information – privacy and security are not only mandatory but also regulated to protect and prevent as much as possible. In the wake of TRID, Compliance and the new mortgage climate post housing bubble 2008, protecting you and your clients information is the difference between success and failure. In this week's blog post, Atlantis will explore several areas of digital security and break down how you can invest your time, energy and resources into making sure you’re compliant and ready for October 3rd.
1. Private Email Domains
Whether it’s Outlook or Hotmail for Business, make sure that you have established what your security needs are with your provider before October 3. Access should be limited, password protected and verified. Also, if you don’t already have a privacy disclosure or confidentiality notice in place, be sure to have your legal team draft something up. It can be pretty standardized like ours which states:
“CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your system.”
Email has become the primary means of communication in virtually every industry. Hackers know that. So essentially, Email Privacy is the first step in protecting your clients as well as your business. You get gauge storage, security and most of all, your company looks professional, well branded and compliant.
2. The Cloud and Non Physical Storage:
For years, the internet has been swarming with talk of the mysterious “cloud” – a virtual storage platform hosted entirely on the world wide web. While there are a ton of different types of clouds – some private, some public, some customized. One thing is for sure; if you thought you needed internet security before the Cloud, you need twice as much with the use of digital storage. Title News has determined 3 Major benefits of using digital storage but before we share those, a little background.
The problem with public clouds (as with anything else publicly hosted on line – like free email domains) is that you don’t own them. In the era of CFPB TRID, non-ownership is a big no-no. Why? Because if you don’t own it, you don’t have a say on what’s secured and what’s not, what’s private and what’s not and most of all, the terms of service. These are vital components in solidifying a secured, professional way to secure and store client data. According to Title News, “it’s not uncommon for public cloud companies to actually declare legal ownership of your data.” Whoa.
Private clouds on the other hand can be customized to fit the needs of title agencies, based on agency size, client base and data input.
Here are Three Key Benefits to The Cloud, according to Title News;
You’re secured. You’re compliant. CFPB is happy.
If it’s not physically stored, it’s impervious to natural disasters. The cloud is very secured.
It saves resources, money and time to have a cloud based storage system. You might also consider using the cloud for email and telephone access as well.
The Bottom Line:
If you’re considering digital storage, be sure you select the right provider that can offer you the custom solutions that you need. If you opt for a public cloud, be prepared for compliance issues.
3. Protecting Non Public Personal Information
Non-public personal information (NPI) represents a huge percentage of what we do and why we do it in Title Land. In a closing, there isn’t much information that doesn’t fall into the NPI category. Names, addresses, bank accounts and of course, social security numbers are all prime targets for hackers. Investing in protection for NPI is very important to your business now and later. There is a strategy to doing it correctly.
Outside of the basic info mentioned above, some companies also consider other, less critical details about a client as NPI -- like bank names and lender names. Furthermore, NPI can be transferred on mobile devices computers, productions systems and emails. This means that your platform needs to be multilaterally secured.
You need to secure your files. All of them. You need technology that can accommodate that need – without compromising your client’s needs. There are a ton of software companies that Title agencies can use. Some industry favorites include Softpro Standard & Enterprise, Closing Market, Title Express & Impact/SQL.
4. IT Security Must Haves
(taken from Cyber Attacks Pose Threat to Title Companies in Title News & slightly abbreviated)
Have an antivirus solution in place
Have an IT Professional on duty or assign someone to update the machines manually at least once every other week
Firewalls should be active and updated
Have a “network usage policy” signed by everyone using your network
Have security (not WEP) enabled for Wi-Fi
Change default passwords
Track the devices that you allow on your network (AKA Bring your own device)
Install virus protection or scan computers before they access your network
Use an intrusion detection system (Free)
Use groups and the “need-to-know” process for files (do not give access where it is not needed)
Use VPN (IPSecs) over SSL for external connections
Use HTTPS when transferring personal or customer data (ENCRYPTED EMAIL)
Backups are vital and should be done frequently (DAILY)
Don’t assume Apple products are secure
Don’t assume smart phones are secure
Don’t use “office-wide” passwords
Cyber Security WILL be the difference between compliance and non-compliance in Post- TRID 2015. If you haven’t already enacted some of these policies or investigated how to incorporate these best practices, you need to.