Mortgage lender cybersecurity is one of the greatest issues facing the financial services industry. Originators handle huge volumes of personal borrower data, all of which is worth a lot to cyber criminals. The move to digital has also multiplied the threat level.
Digital lending, powered by algorithms and dynamic software, delivers instant decisions, and with Millennials’ preference for everything on-demand, it is becoming the new norm. The very nature of these origination systems — the fact that everything is done online, and that the software is usually supported by a third-party vendor — make them far more vulnerable to data breaches than traditional origination systems.
One-Two Punch: Data Breaches & Regulatory Fines
Data breaches have been described as “pervasive” in the industry, with 97% of all companies already having been hacked, according to IBM and The Ponemon Institute. Also in their report: the average data breach takes 45 days to resolve, at an average cost of $15 million — before regulatory fines.
In the face of such an overwhelming problem, and when it’s especially difficult to locate cyber criminals, law enforcement have switched from a strategy of prosecution to one of prevention. This means forcing accountability onto individual lenders, and requiring stringent, documented cybersecurity programs. Regulatory directives can be incredibly broad and often lack specific suggestions for implementation. As a result, a whopping $321 billion in fines have been levied against lenders just since 2008, according to Boston Consulting Group.
Regulatory fines really are the icing on the cake for lenders — and not the good kind of icing. They multiply the cost of what are already calamitous events, especially for small and midsize businesses. According to IBM and The Ponemon Institute, a single breach could bankrupt a small to midsize business.
So, finally, what can mortgage lenders do about it while still remaining competitive?
5 Steps to Bolster Mortgage Lender Cybersecurity
Review the current practices
Start by reviewing your entire cybersecurity ecosystem for potential gaps in protection. This includes: data collection, encryption, interfaces with any third-party vendors, storage, and transmission protocols. Mobile apps require special scrutiny related to the platform they operate one as well as the servers where their information is stored. Make sure you have a basic knowledge of the most common kinds of cyber attacks, kinds of encryption and firewalls, and the reputation and track record of any third-party vendors.
Perform a Risk Analysis
Once you have performed a rudimentary survey of your cybersecurity ecosystem, perform a formal data and risk analysis. One good place to start is with the Cyber Assessment Tool published by the Federal Financial Institutions Examination Council (FFIEC).
Research Cyber Insurance
Cyber insurance is not required by law, however many mortgage companies are taking out cyber insurance policies to protect themselves from the catastrophic losses that often result from mass breaches. A breach typically costs around $250 per compromised record. Use that figure to determine what your liability is and if cyber insurance would be a wise choice.
Train and retrain staff
Every person in the office needs know the fundamentals of mortgage lender cybersecurity risk. Staying up to date means knowing the latest threats as well as the latest prevention strategies. Training shouldn’t be contained to a single session when new personnel is brought onboard. Mortgage lender cybersecurity training needs to be an ongoing process.
Report Everything, Every Time
Report everything. If anyone in your company receives a strange, unknown or unwanted email. If anyone starts receiving strange popup messages. If anyone has trouble logging into a trusted site. No concern is too small to report. Often the signs of a data breach begin with seemingly innocuous issues.
Mortgage Lender Cybersecurity from CertainSafe
CertainSafe is trusted by industry leading companies in the real estate and financial services industries to keep them compliant and to keep their privileged and sensitive information safe. We provide the world’s most secure cloud storage solution, one that uniquely balances organizations’ co-equal needs for flexibility, adaptability, and accessibility. Our system works thanks to our own proprietary MicroEncryption® – MicroTokenization® solutions, which we maintain within our PCI DSS Level 1 Certified, HIPAA Compliant, and co-located server systems.
See how it works with a 30-Day Free Trial
Start your free 30-day trial to experience the world’s most secure cloud storage solution.