Commercial Magazine

Don’t Fall Victim to Cyber Extortion

Mortgage companies can take inexpensive steps to ward off ransomware attacks

By Jeffrey Bernstein

The first half of 2021 saw a year-over-year increase of more than 100% in the number of global ransomware attacks. These crimes have resulted in shortages of oil and meat, as well as other supply-chain issues; cancelled medical appointments and surgeries; and delays for law enforcement, ambulances and other first responders. Public schools, transportation systems, water supplies and internet providers are among the countless other services integral to society that have been disrupted.

The critical nature of the problem has drawn the attention of the White House, which now holds regular briefings on the subject. This past June, the Biden administration issued an open letter that advised businesses to treat the threat of ransomware attacks with greater urgency, noting that “companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.”

With financial-services companies maintaining the top slot on the list of the most desired targets for cybercriminals, mortgage lenders are feeling the pressure and pain caused by these attacks. This past February, for example, a national mortgage company was forced to notify its clients of a data breach caused by a ransomware attack.

For mortgage companies, the upswing in ransomware incidents is occurring at an especially vulnerable time as many companies are operating at or near capacity to originate record volumes of loans. These attacks are real and are usually quite severe in terms of the chaos that they create. They also are fairly easy to perpetrate. In the instance of the aforementioned attack, all it took to break in was a single stolen username and password combination.

Ransomware and other data-security compromises can result in extortion, theft of funds and stolen identities. These attacks lock up data and hold it for ransom. They damage reputations and can even result in the total collapse of a business. Accordingly, it is imperative for commercial mortgage companies to implement effective cyber-protection strategies. But effective cybersecurity comes at a cost. Unfortunately, many lenders and brokerages do not have the robust resources needed to address the threat. There are, however, many low-cost practices that can help mortgage companies meet the ransomware challenge head on.

Cost-effective solutions 

One essential protective measure is to back up data on all computers and devices that store important information and files. These backup files should be securely stored in an off-site location, in a segregated network or in the cloud. Having a secure backup will enable your organization to restore data and quickly return to operational status if it falls victim to ransomware.

It also is important to educate employees about these threats. Malware tends to be delivered via email attachments. In a tactic known as phishing, cybercriminals often send out thousands of infected email messages in an attempt to entice users to open attachments that contain the virus. Establishing a reasonable usage policy and training employees to recognize email phishing scams is one of the best ways to keep ransomware out of your network. Another way to limit exposure is to restrict an employee’s access to only the systems that they need to perform their job. Also, do not allow your employees to install new software without permission.

Mortgage companies also should be concerned about mobile devices and adopt clear guidelines on how to connect to work. For example, employees should always lock their devices and never leave them out of sight during travel. Limit permission to the network and consider formulating a mobile-device management system. All wireless networks used by the company should be secured and encrypted, and the company should avoid broadcasting its network names.

Brute-force attacks

Phishing attacks aren’t the only way that hackers plant malware in a network. In fact, according to global cybersecurity company F-Secure, nearly one-third of ransomware incidents result from brute-force and remote-desktop protocol attacks. Brute-force attacks test as many passwords as possible with the goal of accessing systems, devices, networks and applications. Using strong passwords and updating them frequently is critical to thwarting this type of attack.

Mortgage companies also should enable two-factor authentication, which requires the user to enter two pieces of information to access files, such as a password and a verification code. Using two-factor authentication provides a second layer of defense against compromised credentials and can prevent a brute-force attack.

Many ransomware attacks can be detected by antivirus software. Because these threats are constantly changing and new variants are introduced often, it is imperative to run antivirus programs on all endpoints and you should keep your auto updates enabled to keep the systems current.

Malware exploits software flaws and vulnerabilities to gain entrance into networks and applications. You can avoid these exposures by performing vulnerability assessments and remediating any problems as quickly as possible. By frequently performing patch and system updates, you will keep your systems resilient to the latest vulnerabilities and internet-borne threats.

Post-attack recovery

You also should encrypt data and store the decryption key in a secure place. Consider adopting policies for data classification, destruction and retention. Massive breaches like the one perpetrated against First American Financial Corp., which leaked some 800 million records associated with mortgages, could have been avoided with proper data-retention and destruction policies.

If ransomware infiltrates your network, you should unplug the system immediately. Malware can spread quickly throughout your organization’s network to other digital assets. Because of this, it’s critical to shut down an infected system as quickly as possible to protect the extended network, including remote employees.

Mortgage companies also need a ransomware response plan and a professional security-services partner that can help in responding to cybersecurity incidents. Make sure that you also have comprehensive insurance to cover data breaches and the loss of critical data. The insurance should cover losses to your company resulting from attacks on third parties, as well as losses to third parties (including clients) that stem from attacks on you.

Cybercriminals are increasingly attacking financial-services companies with debilitating ransomware. The resulting impacts are significant and cannot be overstated. Unfortunately, many commercial mortgage lenders and brokerages are finding themselves in the crosshairs of these hijackers without being properly secured. By implementing a reasonable set of best practices in the workplace, mortgage companies can greatly improve their security by protecting themselves against exposure to the increasing threat of ransomware and other internet-based attacks. ●


  • Jeffrey Bernstein

    Jeffrey Bernstein is the director of cybersecurity and compliance advisory services for Kaufman Rossin’s risk advisory consulting practice. Kaufman Rossin is a certified public accounting firm that provides professional services to businesses, organizations, institutions and their leaders. Bernstein advises clients in highly regulated industries on the protection and compliance of their networks, applications, systems, data, devices, people and property. Follow him on Twitter @Jeff_Bernstein1.

You might also like...