Financial services led the list of breached industries in 2023, with a bleak outlook for 2024, according to Forbes. Within the mortgage sector, companies such as Mr. Cooper, Patelco Credit Union and Nations Direct Mortgage, as well as Academy Mortgage and Planet Home Lending, have suffered significant hacks that compromised consumer data.
These breaches not only jeopardize consumers for years to come but also pose severe operational and reputational repercussions for lenders. For instance, LoanDepot faced a staggering $41.6 million in cybersecurity incident-related costs during the first half of 2024, covering investigation, remediation, borrower protection and legal expenses.
So, why are cyberattacks on the rise, and what can lenders and the mortgage originators who work with them do to protect themselves? Addressing cybersecurity is not solely a technological challenge but also a cultural one. The C-suite must prioritize several key actions to mitigate risks.
Endless vigilance
There are a number of ways that lenders and originators can tackle this issue. First, mortgage companies should implement strict access controls, an essential part of security that determines who is allowed access to data, apps and other resources.
Lenders should enforce stringent access requirements for both on-site and remote employees, incorporating role-based access and least privilege principles, which means that employees should only have access to data needed to complete their jobs.
Mortgage companies should also adopt two-factor authentication. This ensures that all devices and systems require multi-factor authentication to bolster security at every login.
Mortgage companies should also regularly audit and secure databases, employing encryption and segmentation to safeguard sensitive information. Monitor systems in real time to detect anomalies. It’s reasonable to assume you are being probed daily, and hackers may already be inside your systems.
Foster a culture of security at your workplace. Continuously train employees on cybersecurity best practices and the importance of vigilance. Treat cybersecurity with the seriousness it demands — it’s a battle that needs to be fought daily.
Trusted innovations
To effectively address cybersecurity challenges, industrywide innovations are essential. Start by questioning established ways of doing business to drive meaningful change. Mortgage companies should embrace what is called a zero-trust infrastructure. This model mandates continuous verification of every user and device, both inside and outside the network.
Move beyond treating consumer data as your proprietary asset. Empower consumers with control and authorization over their data. Mortgage companies should also limit data sharing. Be cautious when granting access to consumer data to offshore and domestic companies that don’t adhere to the same security standards.
Reconsider using vendors who lack superior security measures. Effective leadership involves hiring experts who exceed your knowledge. If you only bring in experts post-breach to investigate what happened, you might need to reassess your team’s proactive capabilities.
The industry continues to rely on outdated systems like credit bureaus and third-party tools mandated by the government-sponsored enterprises and investors, often passing consumer data through multiple intermediaries. Just because these practices have been long-standing doesn’t mean they are optimal.
Embracing innovations that go beyond the “industry standard” can significantly enhance data protection. By addressing these areas, mortgage companies can bolster their cybersecurity posture, be seen as trusted innovators who can better protect their clients than competitors and reduce the risk of costly breaches.
Author
-
Brad Blumberg is the founder of Aster Key, a mobile app that stems cybersecurity risk for mortgage companies by empowering consumers to anonymize, organize and encrypt their financial data on their mobile phones. Blumberg is an entrepreneur who co-founded Smarter Agent Mobile, which was acquired by Keller Williams International. Read more about Aster Key at www.asterkey.com.