Why Lenders, Servicers Can't Let Their Guard Down on Data Security
Editor's Note: This article is part of the National Mortgage News' MBA Annual Special. Click here to see more from the report.
In the digital age, any given week can bring news of a data breach. Companies from Target to The Home Depot to Sony have fallen victim to cyberattacks from hackers, with customers and employees alike affected.
The mortgage industry is not immune to these attacks. In 2013, PHH employee information was exposed to a temporary worker at the company, and hackers gained access to personal data at Experian just last year.
Despite these incidents, the mortgage industry has not faced the same level of scrutiny as its peers in retail and other sectors of financial services. But that doesn't mean cyberattacks aren't still happening, said John Hurley, CEO of SmartFile, a company that specializes in secure file management and transfer.
Hurley attributes this to the fact that the mortgage industry features many smaller companies.
"It's happening — we're just not hearing about it because it's not at a large scale," Hurley said.
But what sets the mortgage industry apart from others in Hurley's view is the amount of data that mortgage companies are required to collect by regulators. Data that could make consumers highly vulnerable to identity theft if it got into the wrong hands.
"That's where it gets really scary," he said. "It's not just, here's my Social, here's my date of birth. But it's here's my income and my W-2."
In Hurley's view, the mortgage industry could stand to improve how it handles its files. One key factor: appointing someone within the company who is tasked with monitoring how people store and transfer data. And it's important this role not fall to information technology departments just because they supply the software.
"This is a managerial problem, not really a tech problem," he said.
While Hurley does believe that technology is needed to solve data security issues, he argued it comes down to teaching employees. He cited examples of employees working around the secure tools provided by IT departments with web-based applications like Gmail and Dropbox.
"Because the consumer has it, there's this sense that it's OK because everyone has it," he said. "People do things based on habit. That's a really hard thing to prevent."