Mortgage Moat
Cybersecurity Solutions for Small Financial Services Firms
IT/Cybersecurity is Mortgage Industry Hot Button
The FTC requires that all companies that handle sensitive consumer information implement a Red Flag ID Theft detection plan. 38 States have explicit regulations and requirements to comply with safeguarding and sharing customer information.
This is the ONLY information security/cybersecurity NPI and ID Theft Red Flags Plan available that is written specifically for the mortgage industry.
The Gramm-Leach-Bliley Act requires that all companies handling private consumer information have a Red Flag ID Theft detection plan in place. We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. Many states also require proof that lenders have an information security plan in place.
Compliance Management System Components
Plans - Policies and Procedures
We provide the Red Flag Plan, but also provide an information security plan and an employee training plan to make complying with the law simple. A company can't comply with the Red Flag rule if it doesn't have an information security plan. We have combined information security, mortgage origination, processing and closing with this Red Flag program to provide a comprehensive program that can actually be put into use.
Training - Employee Education
Indisputably, cybersecurity remains the single greatest compliance risk for mortgage lenders and brokers today. Hackers and ID thieves have realized that mortgage loan files hold a goldmine of financial information, and smaller, less hardened firms represent a "soft target." The liability for mortgage firms includes regulatory censure, legal action, restitution and fines.
All employees must receive annual training to achieve awareness of the threats in all forms that companies face every day. Employees are the front line of defense against phishing and wire transfer schemes. In addition, protecting the physical plant, and ensuring all business partners participate to the same degree, also offer defense against attacks.
Tests - Audits and Tests to Validate
Cyber Security Self-Assessments and testing help your company ensure that you have conducted the basic due diligence to avoid compromising customer data.
Our evaluations focus on small companies, who don't own a significant amount of their own IT infrastructure, and instead focus on vendors and system specific risks and vulnerabilities.
Today, with remote workforce in the forefront, we must evaluate and ensure that remote employees do not create a target rich environment. Evaluation of remote work infrastructure can secure the firm against breaches and losses.