Enter your e-mail address and password below.


Forgot your password? New User? Register Now.
   ARTICLE   |   From Scotsman Guide Residential Edition   |   November 2014

Leaky Apps Make for Risky Business

Tablets and smartphones pose security dangers for the mortgage industry

For mortgage banks and brokerages, a mobile workforce is both a necessity and a fact of life. A transaction is no longer an in-person exchange of documents, deeds and titles finalized by a series of signatures and initialized forms. Instead, industry professionals today perform a daily back-and-forth between their smartphones and tablets — which often run on competing operating systems — as they tap their way through contracts, e-mails, virtual meetings and proposed terms for any number of transactions.

However convenient these new processes may be, what security concerns come along with them? This question is well worth asking, as the answer may affect your company’s operations to their very core.

An increasing threat

The acts of data theft that occupy the news — the exposés about illegally obtained celebrity photos and other Hollywood gossip — are a distraction from the very real and increasing threats to financial institutions. Some industry experts warn that banks and brokerages face the same security risks as famous individuals and consumer-facing retailers.

The absence of media coverage about this phenomenon is some cause for concern. Of greater importance, however, is the rapidity by which this menace may grow. A Gartner Inc. study predicts that the focus of endpoint breaches will shift to tablets and smartphones by 2017. Simply put, the devices that empower the mortgage industry today could cause its downfall in the not-too-distant future.

Major financial institutions that create and manage their own applications are not immunized from harm, either. These tools, which range from apps for calculating basic loan terms to validating digital signatures and transmitting personal income tax returns, do not always include a means of protection against cyber criminals.

This is problematic, considering that apps of all kinds have become a vital part of the mortgage industry. Brokers and lenders rely on them to do business on the go without regard to the vulnerabilities that these individual resources possess. Recent studies underscore this point; one study has found that 60 percent of the 100 most popular apps — including those that appeal to real estate and mortgage professionals — have a high risk rating in one or more categories.

Leaky apps

It only takes a single “leaky” app for a hacker or thief to cause mayhem. The app itself may operate properly, and its particular point of weakness may even be invisible to the people who need it to conduct business.


Leaky app

A mobile application that sends private user data, such as address book entries and friend lists, over the Internet without a user’s knowledge.

Source: McAfee.com


Compounding this threat is the failure by developers to carefully scrutinize an app in its entirety. Money that should go to testing and security may instead go to marketing, because the competition to create a “killer” app often overshadows the need to create a secure, high-quality app.

According to the Ponemon Institute, the average cost of remediating a successful attack against a business is $8.3 million, and experts forecast that this number will increase 10 percent through 2016. No industry can afford to let this risk go unanswered, especially not one that accumulates sensitive financial data for residential and corporate clients.

To minimize the security risks of mobile apps, lenders and brokers must proactively monitor mobile devices by setting up comprehensive programs to review privacy and data security of all the apps used by their companies. These reviews should be completed whenever new apps are installed or procedures for their use change.

SCAN for danger

Comprehensive mobile security means having visibility into four key areas collectively referred to as “SCAN,” which stands for “systems, configurations, apps and networks.” Let’s take a closer look at each of these areas, and what originators can do to mitigate related security threats.

  • Systems testing. Check to see whether employees are running the most up-to-date versions of the operating systems on their devices. Many hackers take advantage of flaws in older versions, and attackers know that users are often not vigilant about keeping pace with new system releases.
  • Configuration testing. Examine how users have set up their devices. Have they set a passcode? Is the device rooted or “jailbroken”? Properly managing device configurations can greatly improve security.
  • App testing. Determine if you have any apps with known vulnerabilities installed on your device. App testing can also tell where your apps are sending information and whether that data is encrypted. As with operating systems, it’s important to determine if you are running the latest version of your apps to keep current with any security patches that the vendor may have issued.
  • Network security testing. This test involves more than just making sure that your office Wi-Fi is secure. Unlike traditional computing, mobile devices typically traverse many networks in the course of a given day. Your mobile device may connect to the Wi-Fi at a coffee shop in the morning and then again at a restaurant where a lunch meeting is taking place. Later, it may connect to the network at your gym and then to the one you’ve set up at home. One unsecured Wi-Fi connection can allow attackers to intercept all of your traffic and mine it for sensitive data. Because of this, originators need a program that can tell if their connections are secure and, when they’re not, provide a warning in real time.

•  •  •

Simply put, the mortgage industry needs better knowledge and control of sensitive information. Wherever data exists, the processes by which it is stored, accessed and transmitted must all be part of a comprehensive plan to identify suspicious patterns and possible criminal behavior. In so many words, when it comes to mobile security, we must all perform due diligence to protect the mortgage industry and the clients it serves, now and in the future.


Fins A Lender Post a Loan
Residential Find a Lender Commercial Find a Lender
Scotsman Guide Digital Magazine

Related Articles



© 2019 Scotsman Guide Media. All Rights Reserved.  Terms of Use  |  Privacy Policy