TheMReport — News and strategies for the evolving mortgage marketplace.
Issue link: http://digital.themreport.com/i/328038
Th e M Rep o RT | 17 SHS MReport June 050214.indd 1 5/2/14 9:46 AM aspects, it just doesn't occur to the execu- tives that a simple thing like being very, very serious about restricting physical access to the premises at lenders can be as impor- tant as it is." Another type of threat comes from what security experts like Harper term a "drive-by attack": a worker happens to be surfing the Internet on an unpatched browser with a major security flaw. They happen to go to the wrong site—whether it's a mortgage banking site or otherwise— and now they've pulled in an attacker by accident, giving the wrong people "insider status." Wrong place, wrong time: drive-by. "Because of the threat environment that we face on the Internet, all of our users are just one click from essentially becoming a malicious insider themselves," Harper explained. "It doesn't mean much if most of those security issues have to be found on the inside, because attackers get in very easily." Creating a Barrier F acing so many threats from within and without, it might seem impossible to ensure an airtight operation. However, while "airtight" might in fact be a guarantee no company can make, there are easy steps to limit the risk of a breach. The most obvious (and cheapest) one? Education. Many of these problems, explains HALOCK SVP Terry Kurzynski, stem from a simple lack of understanding: "It's just a complete ignorance of the real liability, not really knowing how to do anything about it—'We're not security, we're not technology people, we just process loans,'" he said. Thankfully, that's easy enough to deal with through training and proper configura- tions on all technologies in use. By limiting data access to only those employees who need it (and limiting those employees to only what they need for their job), business- es can go a long way toward keeping their customers' private data exactly that—private. The only thing stopping most lenders from taking that step, Kurzynski says, is their own self-placed limitations. "When you think about it, a lot of these lenders are fairly small," he said. "They just really don't have the resources to say, 'We're going to do something about this,' not knowing that it's actually fairly simple." The alternative, of course, is far more complicated—and expensive. Said Harper, "You might be setting yourself up for a call from a reporter someday when you're on the other side of that CNN event."