Opinion

Consumer Mortgage Data Breaches Do Not Just Exist in Cyberspace

ft-filetheft-250.jpg
yellow data folder with paper key close

There have recently been some large data breaches of consumer information that have made the news. Less known, there have been numerous examples of physical loan files being stolen from mortgage banks for the apparent purpose of identity theft.

While no one can prevent data theft with 100% certainty, there are many simple ways lenders can greatly reduce the chances of a data breach. For instance, lenders should ensure that all electronic access, including remote access through smart phones and laptops, is secure.

This means designing both an IT system with proper security in mind as well as policies and training on where, when, and how employees can access the systems. Related to this, there should be clear protocols on how to cut off access if a device is lost or stolen, as well as policies requiring passwords to access the devices and the ability to remotely "wipe" devices.

Another important point is the physical location of files as well as computers containing sensitive information. Generally, it is best to maintain such electronic information centrally rather than on computer hard drives since the latter can be physically removed with substantially less difficulty.

Lenders should avoid allowing employees to maintain or access use to sensitive data on personal computers since it is difficult to monitor the personal usage which could compromise data security. In terms of access to files, they should — unless being actively in use — remain kept under lock and key.

Lenders should utilize storage with meaningful locks and maintain the in secured areas.

Generally physical files should not be allowed to leave the premises of the office. Similarly, computers should be located in areas where screens with sensitive information are only viewable by those with proper authorization, who have been subject to a proper background check. To that end, lenders should include different access levels on its systems and think of things such as the location of windows to computer screens, automatic screen hibernation, and automatic log-outs.

Most of these concepts seem basic but it is amazing how often security breaches result from simple oversights that would have been caught by spending a few minutes contemplating the actual day to day operations and the proper implementation and enforcement of data security practices. 

For reprint and licensing requests for this article, click here.
Compliance Law and regulation Data and information management Mortgage technology Originations
MORE FROM NATIONAL MORTGAGE NEWS