These inexpensive options are quick and easy
This is the second article in a series on what originators need to know about the phenomenon of cyber attacks and ways that they can protect their business.
If you don’t know much about internet security or cyber threats in general, it can be overwhelming to dive into the subject, and to know the best things to do as a business owner, or even if you operate as an individual who handles client data.
Good news, though: you don’t need to know everything there is to know about cybersecurity in order to immediately put some effective safeguards into place.
1. Patching your equipment
You probably patch your programs all the time, perhaps not understanding how important it is. A patch is a set of changes to a computer program or software that’s designed to improve, update, or address any kinks in the existing program or software. Often, this includes fixing security vulnerabilities.
“I’m still shocked on the number of mortgage companies we go into and they’re not doing a really good job of patching their work stations and their servers. And that’s one of the easiest things to do from a cost perspective and one of the easiest things to do to reduce their risks,” said JT Gaietto, executive director of cybersecurity services for Richey May & Co.
2. Protect your online identity
No, we’re not talking about the stories you share on your social media profiles. We’re talking about having a Sender Policy Framework, or an SPF record on their DNS name. An organization that has an SPF record is protected from anyone going to another email server and sending an email masquerading as that organization. To put an SPF record is a simple configuration that costs nothing.
Another safeguard to put into place is domain-based message authentication, reporting, and conformance, or DMARC. This configuration also reduces the risk of people impersonating your online identity.
3. Educate your employees
Security awareness sounds simple, but it’s more than knowing that you need to be aware. In other words, just because your team knows that phishing and malware exist, doesn’t mean that they’re able to recognize it when they’re confronted with it. IT departments can remind employees about ways to recognize suspicious electronic communication, and lenders and leaders can also take advantage of specific security awareness training, which is an inexpensive option.
“Educating your employees and making them the front line of defense for monitoring is better than expending a lot of money on technology that someone might not be able to look at,” said Gaietto.
4. Multi-factor authentication
You’ve probably encountered the rollout of multi-factor authentication, as companies across various industries are putting it into play. Multi-factor authentication is basically a multi-step process that a user must go through in order to log in to an account.
Gaietto jokes that if he got paid every time he’s said ‘multi-factor’ over the past year, I wouldn’t have to work anymore.
“It really is one of the best things that organizations can put in place today to reduce their risks, especially with the distributed workforce that many originators are going towards,” Gaitteo said. “Instead of having expensive branch offices, they’ve got loan officers working out of their homes, or working out of Starbucks with their laptops, a lot of people moving around, so there’s lot of access that’s going on over the internet, and multifactor really helps reduce that risk.”
According to the Payment Card Industry Security Standards Council, multi-factor authentication requires at least two of the three authentication methods: Something you know, such as a password or passphrase; something you have, such as a token device or smartcard (such as a physical or logical security token, a key fob, an employee access card, or a phone’s SIM card); and/or something you are, such as a biometric (think fingerprint scans, facial recognition, or voice recognition).