Al Stanley is chief information officer and chief technology
officer for Angel Oak Companies, the management company
for the nation’s top non-QM lender, Angel Oak Mortgage
Solutions. Stanley is responsible for the technology
direction and investments across all Angel Oak companies,
including IT infrastructure and operations, information
security, corporate systems, software and applications,
enterprise architecture and technology governance. Reach
him at email@example.com or (855) 539-4910.
5 Cybersecurity Must Do’s
Originators have a stake and role to play in protecting data
By Al Stanley
Security breaches are a pervasive problem in the mortgage industry, but mortgage originators may not realize how important it is for them to be conversant in the latest
systems, threats and best practices in cybersecurity
technology. If originators are untrained in security practices and in the dark about top-line threats, they put
their careers as well as private borrower data at risk.
Financial-services companies are highly desirable
targets for cybersecurity bad actors. The average
annualized cost of a cybersecurity breach to a financial
services company in 2016 was $16.53 million. Financial
services companies were attacked 65 percent more
often than companies in any other industry in 2016,
with more than 200 million records breached. Unfortunately, according to security consultants Teraverde
and Tangible Security, the pressure to produce more
and lower costs can compel some mortgage companies to compromise security for speed.
Originators handle large amounts of borrower data,
which is worth a lot of money to cyber criminals. That
alone should motivate originators to guard against
security breaches. But, according to cybersecurity and
data-privacy attorney Shawn Tuma, mortgage company officers also may be held personally responsible
for data damages from data breaches.
On a more practical level, borrowers know cyber-crime is a huge threat. They need originators whose
systems are streamlined and safe. In a crowded mortgage marketplace, borrowers are more likely to select
originators who understand cybersecurity and can
intelligently address their concerns.
Originators need to pay attention to more than the
devices, networks and software via which they handle
customer business. They must be careful and diligent
in maintaining personal habits and business methods
that deter information theft. Here are five things originators should do to secure their clients’ information.
1. Evaluate your security
With every processed loan, loan originators and
borrowers are likely to communicate across various
devices from multiple locations. Whether working for
a major institution or as an independent broker, astute
and aware mortgage professionals should understand
the general strategy, technical characteristics and
proven effectiveness of the security platforms that
protect client information.
Originators should have basic knowledge of the
most prevalent types of predators and tactics,
types of encryption and firewalls, reputation of third-party vendors and the track records of competitors.
Environmental awareness also includes non-technical
diligence. Do not leave computers or papers
unattended in the office or when working remotely.
2. Conduct an inventory
A formal data and risk analysis can help mortgage
companies and their employees guard their clients’
data and protect themselves from damaging litigation
as well. Although there are various resources available, a good place to start is the Cyber Assessment
Tool published by the Federal Financial Institutions
Examination Council (FFIEC).
Lending-industry consultant Jim Deitch calls the
Deitch’s point is that any data and risk inventory “must
adapt to the context of the bank or lender’s business
3. Check cyber insurance