TheMReport — News and strategies for the evolving mortgage marketplace.
Issue link: http://digital.themreport.com/i/895084
16 | TH E M R EP O RT COVER STORY that there will be data threats out there that you won't see coming. Hackers are devising new ways every day to circumvent security blocks. Instead of preparing you to ward off a specific attack, the following tips will help ensure that you have a comprehensive, overall data protection plan for your company that can withstand the unexpected. First and foremost, protect - ing your data against the initial threat of a hack isn't enough. You also need to protect your data if a hack occurs to ensure that the hackers don't obtain usable data. "Companies tend to underin - vest on encryption technologies. With solutions like crypto an- chors and multifactor authentica- tion, data can be more difficult to steal," advised Jon Debonis, Head of Information Security at Blend. According to Boyd, a layered approach to security is always best. "The layers are applied from the inside out. At the application level, DocMagic utilizes OWASP secure coding best practices, code reviews, and security-focused QA testing. At the host layer, we apply OS hardening and patching, host- based IPS, Least Privileged ACL and Mandatory Access Controls, and File Integrity tracking. All logs are sent securely to a remote system for real-time monitoring and auditing. At the network layer, we utilize multiple VLANs and firewalls to segment traffic into dedicated security zones. All network devices are hardened to ensure secure communications. Traffic is controlled and monitored through the use of internal IDS systems. The edge of the network is protected by multiple firewalls and the use of an IDS. Ultimately, we take every precaution to safe - guard data and perform regular audits to ensure security." Companies should also run internal tests and audits regularly to catch unusual activity on their servers. Another important piece of the puzzle is being able to verify the source of information and ensuring your data or others' data has not been compromised. Promising new technologies such as blockchain are bringing new tools to the market to add another layer of protection for companies, according to Jason Nadeau, EVP at Factom. "Blockchain technology can help ensure that digital documents are original, unaltered, and within the control of the designated custo- dian," explained Nadeau. Like Debonis, Nadeau also recommends utilizing cryptography. "The most practical way to do this is by using a cryptographic proof that is published to a blockchain with preserved metadata of the digital asset. A digital asset can be defined within the mortgage industry as a mortgage loan, real estate property, MSR, and fore - closed property, along with many other examples," he explained. Patrick also advocates block- chain. "The really interesting long-term technical impact of the Equifax hack may be getting the financial industry to move away from the existing credit-reporting model toward a blockchain solution for credit data sharing. Platforms like JPMorgan's Quorum are potential replacements for the existing credit-reporting infrastruc - ture," said Patrick. "I look at my list of people who are accessing my network on a weekly basis," said Bloodgood. "The only way hacks like Equifax would have been caught is by monitoring your network and looking for what are called data leaks. How is my data being transmitted? Is there something on my network that's sending data that I don't know about? That's the thing that keeps every IT person up at night." Preparing for the Worst T hough responsible financial services companies should do all they can to prevent or stop a hack from occurring, you should have a plan in place on how a hack will be addressed from both logistical and public relations perspectives. According to the Federal Trade Commission, the immediate steps after a data breach should be: • Securing physical areas: This can include locking the area and changing passwords. • Stopping additional data loss: Impacted equipment should be taken offline, but all evidence should be preserved. Your system should be monitored for further activity. • Removing improperly posted information from the web: After you have cleaned up your internal processes, you should search for what information was released publically and ask for its removal. Further steps include inform - ing key service providers, and then seeing what the break noti- fication laws are in the states you conduct business in. Informing law enforcement (including your local police, the FBI, or the U.S. Secret Service, depending on the type of data breach) is crucial. No Longer Walking on Eggshells W hile it may seem somewhat inevitable that the next big data breech is just waiting to capture headlines, as we've seen from the experts collected here, the widespread nature of hacking at - tempts don't have to equal immobil- ity among mortgage professionals. In regards to the Equifax breach, interim CEO Paulino do Rego Barros Jr., has said recently in pub - lic writings: "The entire Equifax team has been humbled by this incident. We are also highly moti- vated and extremely determined. We will get through this by doing the right things for consumers including considering consumers' desire to control their personal financial data. No one thinks it makes sense for individuals to have to rely on a business–any business–to control access to their information. As part of our com - mitment to support consumers, we have announced that by January 31st we will offer consumers a new service that will allow them to control access to their personal credit data. The service will be easy to use and available for free, for life. We hope our competitors will join us to give consumers the power to protect their credit data." As we have learned from high- profile data breaches, to ensure your people, processes, and proto - cols are prepared for both internal and external threats, prepare now. "The trust of the consumer is paramount to running your busi - ness and it is up to all providers to use the proper technology to pro- tect that asset," advised Bechtle. RACHEL WILLIAMS is a Texas-based writer and editor with extensive experience in news reporting, feature writing, and marketing. Her areas of focus include mortgage, default servicing, REO, real estate, home design, and remodeling. She currently serves as editor-in-chief of the MReport and DS News magazine. She specializes in putting a human face on the stories changing the mortgage industry. "Companies tend to underinvest on encryption technologies. With solutions like crypto anchors and multifactor authentication, data can be more difficult to steal." —Jon Debonis, Head of Information Security, Blend