Data protection is a huge concern in the workforce, especially for title companies. Frequent reports of hacking, viruses, and other data breaches have title agents and their clients on edge, worrying whether their highly personal documents are secure. If you are a title agent or work closely with the title industry, there are key ways to protect your data and maintain your business’ reputation for strong security.
Vulnerabilities in the Title Industry
The year 2017 has been underway less than 3 months, but already scammers are developing new ways to target homeowners and the people who work with them. Phishing scams and ransomware are so common, the Federal Tax Commission (FTC) has already issued a warning regarding them. Phishing scams trick homeowners into providing personal information online, such as passwords, bank account numbers, credit card numbers, and Social Security numbers. Ransomware targets time-sensitive tasks such as mortgage transactions. When your computer contracts ransomware, the entire system locks down, leaving you unable to complete necessary tasks.
While phishing and ransomware damage title agents’ reputations and put their clients at risk, wire transfer fraud is also emerging as a major concern . Wire transfer fraud costs title agencies millions, perhaps billions, and can lead to company failure. In one recent case, a California escrow firm was forced to close after wire transfer fraud cost them $1.1 million. Although your agency may not fail completely after wire transfer fraud or a similar cyberattack, it will almost certainly be impacted negatively.
Protecting Your Data from Cyberattacks
For optimum data protection, the first thing you need is a well-written privacy policy and security risk management program. Your security risk management plan should reflect the sensitivity of the client information you gather, the scope of your activities, the size of your company, and the complexity of your company’s everyday tasks. The plan should evolve with your company. Update it often as you gain a foothold in your area, and add new or improved services to your repertoire.
Once you have a security risk management plan, identify your digital assets. In other words, determine how valuable your information is. Assess what might happen if that information is compromised. Know what hackers and scammers are looking for; often, they track banking credentials and information first. They also search out non-public information (NPI) on clients, and try to gain access to your network and applications. Use regular penetration tests and vulnerability scans, and implement a Principle of Least Privilege (POLP) strategy. A POLP strategy ensures that within your company, everyone has access only to the information legitimately necessary for their jobs. This protects you not only from outside hackers, but also security breaches within the company.
The more people know about data protection, the safer your company will be. Enforce strict password management policies and encourage employees to take precautions, such as not writing passwords down. Require server authentication for your email services, and only allow employees to use approved wireless devices in the workplace. Use firewalls, and review server certificates often. Monitor security in real time, and encourage employees to do the same. Set up a threat and vulnerability reporting program so employees can contact the appropriate people immediately if they suspect a compromise.
Finally, keep your clients’ non-public information (NPI) strictly protected. The more website features you have, the more diligently you must work to do this. Encrypt NPI, and don’t keep old software on your computers or devices after an update. Use strong company-wide passwords. Most experts recommend passwords that combine upper- and lowercase letters with numbers or symbols. If your company is mobile-friendly, or transitioning to a higher level of mobile friendliness, use extra security controls, including cloud-based access, to protect NPI and other sensitive information.
