Checklist
Cybersecurity Best Practices: 4 Strategies for Safeguarding Against Risk
The mortgage industry is facing a heightened and critical challenge: relentless cyberattacks. Here are four cybersecurity best practices that can help to decrease vulnerability and protect sensitive customer data.
1. Inspect Your processes & infrastructure
Develop a comprehensive cyber response plan by thoroughly examining your organization's processes and infrastructure.
- Map out your data and document journeys to understand how information flows between systems and stakeholders
- Identify all the systems being used and pinpoint the least secure activities and scenarios, such as email communication or document storage
- Leverage technology to mitigate risks and enhance the security of vulnerable areas
2. Establish, review, test & refine your security program
An effective security program has a lifecycle. Each component (including security policies, disaster recovery plans, and incident response plans) requires ongoing review, testing, and refinement. Treat your cybersecurity strategy as a living, breathing document that continuously evolves.
- Regularly review and identify any changes to processes, workflows, and tech providers
- Ensure your security program is current by testing it against the latest real-world cybersecurity incidents
- Regularly update your cybersecurity protocol to best protect against the risk of cyber incidents
3. Focus on awareness & education
Cybersecurity is not just the responsibility of IT and INFOSEC professionals. From executives to frontline employees, all staff should be aware of their role in identifying and responding to cyber threats.
- Staff training & awareness: Ensure that everyone understands their role and individual responsibility in protecting against cyber threats.
- Executive buy-in: Clearly communicate security risks & recommendations to senior leadership. Stress the importance of proactively investing in prevention, vs. fixing issues after an incident occurs.
4. Teach staff how to recognize the 3 signs of social engineering
- The outreach is unexpected
- Includes a sense of urgency
- There's a consequence (either positive or negative)
5. Prioritize collaboration across the industry
Collaboration is critical in protecting our industry. By openly sharing insights, best practices, and threat intelligence, we can collectively protect against potential threats.
- Have the conversation: Gain valuable knowledge by collaborating with peers, partners, and vendors to strengthen the industry’s cybersecurity defenses
- Stay informed: The cybersecurity landscape is constantly changing. It’s important to stay current on the latest cybersecurity developments, incidents, and best practices
Here are some cybersecurity resources that are digestible, reliable, and actionable
- American Land Title Association (ALTA)
- HousingWire Series: Building Cyber Resiliency, Bruce Phillips
- Cybersecurity Resources, Mortgage Bankers Association
- Cybersecurity & Infrastructure Security Agency (CISA)
About the authors
This checklist was compiled based on the information shared in the recent cybersecurity roundtable, featuring insights from Mortgage Bankers Association (MBA), MyHome (WFG National Title), and Snapdocs.
Interested in hearing the full conversation? Watch the webinar here.
Freddy Feliz
CIO & VP of Information Technology at Mortgage Bankers Association (MBA)
Bruce Phillips
SVP & Chief Information Security Officer at MyHome (WFG)
Bob Stone
VP of Engineering at Snapdocs