Updated 8-12-16. For Notary Signing Agents, there is growing pressure to do more to protect borrowers’ sensitive personal and financial information — often called Non-Public Personal Information (NPPI).
With the mortgage industry improving its ability to protect consumer information, cyber criminals are looking for the weak link, according to title industry executives. In many cases that means targeting the generic email accounts — such as Gmail or Yahoo — that NSAs and others use because the accounts often lack strong security measures.
Common Email Scams
It’s fairly easy for cyber criminals to hack into email chains about real estate transactions through these email accounts. Once in, the hackers will insert a bogus email into the chain, said Bill Burding, Executive Vice President and General Counsel of Orange Coast Title Company, during the mortgage industry panel discussion at NNA 2016 Conference.
The bogus emails often look like they were sent by real individuals from real email addresses. NSAs are most likely to see an email, purportedly from the borrower, asking for copies of documents in the loan package that contain financial information. “If you see that request in an email chain, it should raise a red flag,” said co-panelist Brian Hughes, Chief Operating Officer of Title Source.
Even if NSAs do not see a fake email, hackers could get into the email chain for a mortgage transaction through their accounts. “If you are in an email thread, and the consumer loses their money, count on being a defendant in any court case,” Burding cautioned.
Report All Breaches
To a one, the panelists urged NSAs to report any breach or threat immediately. Government regulators can impose hefty fines on entities that fail to report a breach in a timely manner. “Call your settlement agent or call the title company or whoever gave you the assignment,” Hughes said.
Marcy Tiberio, a signing service owner and NSA from Rochester, New York, offered a number of tips in the Conference workshop , “What Lenders Say You Must Know About Protecting Signers’ Privacy.” At the top of the list were straightforward recommendations, such as using strong firewall and encryption protection for all their mobile and computing devices; using strong passwords that are not shared; and avoiding public wireless networks.
She also encouraged NSAs to activate or download security features on their smartphones that would allow them to lock their phones or wipe the data if it is lost or stolen.
Low-Tech Guidance
The title industry panelists had several low-tech recommendations:
- Maintain a “clean desk” policy by keeping all sensitive information you’re not using locked safely away; a lockable file cabinet is good to store sensitive documents.
- Use screen protectors for your laptop to keep people from looking over your shoulder.
- Make sure any documents in your car are locked in the trunk or hidden out of sight to cut down on “smash and grab” incidents.
- Periodically review your security precautions to make sure you haven’t left any gaps. The NNA has a Self-Assessment tool available.
- Make sure family members and others in your home cannot access your data, including client information, loan documents and other records.
- Shred every document you don’t need.
- Never put loan packages into a FedEx or UPS drop box. Instead, take the packages inside and get a receipt. This was the third consecutive year that an industry panel gave this advice.
Good cyber security measures will act as a strong deterrent to hackers. Because there are so many people who can be breached, if a hacker comes across a good firewall or encrypted communication, they will move on to the next target.
Michael Lewis is Managing Editor of member publications for the National Notary Association.
Related Articles:
The Identity Protection Crisis
Notarization And Technology: Dealing With Unusual Requests
Additional Resources:
Privacy Tips For Notary Signing Agents
Common Data Security Terms