DSNews delivers stories, ideas, links, companies, people, events, and videos impacting the mortgage default servicing industry.
Issue link: http://digital.dsnews.com/i/1214226
77 Genady Vishnevetsky, Stewart's Chief Information Security Officer, says an additional security measure a title professional should employ is multifactor authentication for everything that supports it. e American Land Title Association (ALTA) recently updated portions of its Title Insurance and Settlement Company Best Practices. One of the changes is the recommendation that companies use multifactor authentication for all remotely hosted accessible systems storing, transmitting, or transferring non-public personal information. Vishnevetsky added that user email protection services can help title agents protect against phishing attacks. "Microsoft and Google both offer a solution as additional service," he said. "ere are standalone services such as Mimecast or Proofpoint that provide the same capabilities." As a security practitioner, Noga believes layered security is the best advice for businesses. Complete protection against attacks isn't a reality. Noga said the best that can be achieved is to reduce the risk by putting in controls that will protect, detect, and respond to incidents. "e goal is to protect but be able to detect and respond when a protection fails," he said. "e faster you can detect and respond the faster you can reduce the impact." In addition to multifactor, examples of layers include firewall, intrusion detection and prevention system (IDS/IPS), data loss prevention, encryption (at rest and in transit), VPN access for remote users, next-gen endpoint protection (which replaces most antivirus programs that use only signature- based detection), security information and event management (to get visibility into your network and systems through log and event aggregation and correlation), patch management (updating firmware, operating systems, software, etc.), and security awareness training. "ese are just a few of the controls that work together in a layered defense, but security awareness training is really the best bet to combat this," Noga said. "Spam and malware filters only catch about 10 to 15 percent of phishing emails. Educating users on spotting the red flags is truly the best route for combating social engineering attacks and scams." RAISING AWARENESS ese scams often lead to wire transfer fraud. To help raise awareness and educate homebuyers as well as real estate and mortgage professionals about the risk and urgency of the problem, ALTA launched in July 2019, the national Coalition to Stop Real Estate Wire Fraud. "For many individuals, buying a home can be stressful, confusing, and filled with a lot of paperwork to send and sign," said Diane Tomb, ALTA's CEO. "In recent years, we've seen the rise of a sophisticated type of fraud by cybercriminals who prey on these facts. e coalition raises awareness and educates consumers, especially first-time homebuyers, about how they protect themselves. We want to identify and empower those who have been victimized to tell their story and advocate for solutions." e coalition outlines easy steps that consumers and professionals can follow to combat real estate wire fraud. Professionals should: » Warn Early and Often: Make sure your clients know about the growing and looming threat of real estate wire transfer fraud. » Educate: Remind your client that you will not email changes to wiring instructions or payment information. » Call: Tell your client to call you via a known phone number to confirm all wiring instructions as well as soon after they make any wire transfers. » Create: Within your company, establish a rapid response plan for wire fraud incidents. Jeremy Yohe is ALTA's VP of Communications. His previous roles include positions at October Research, the Massillon Independent, and the Delaware Gazette. He can be reached at JYohe@ ALTA.org. The NIST password guidelines update requires users to create passwords that consist of a minimum of eight characters. However, it also allows the password form fields to include the use of up to 64 characters. This change was made to help support the use of passphrases. According to the Verizon 2018 Data Breach Investigation Report, length and complexity of passwords are not enough on their own.