Tom Weyant is VP, Risk Management and Data Privacy Officer at Alliant National. He is a Certified Quality Auditor (CQA) and a Certified Fraud Examiner (CFE). He also holds membership in the American Society for Quality (ASQ®) and the Association of Certified Fraud Examiners (ACFE®).
Today’s title professionals face ever-increasing cybersecurity threats, all of which can cause major disruption and economic loss. With October being Cybersecurity Awareness Month, now is the perfect time to review the latest trends affecting our industry and understand how to mitigate some of the top challenges.
I. Wire fraud remains number one
Wire fraud continues to be the number one threat to title agents, their customers and the vitality of their business. According to the latest FBI reports, the average cost per wire fraud incident is nearly $200K, and the total number of incidents recorded this year will likely break records.
Take the following actions to derail some of the most common schemes, including phishing, business email compromise and social engineering:
Use multi-factor authentication (MFA) for system access.
Ensure the latest security patches are promptly installed. Read our tips on keeping programs updated consistently.
Consider upgrading your antivirus protection with endpoint detection and response (EDR), a dynamic tool that leverages AI technology to reinforce your security.
II. Watch out for fraudulent sellers
Seller theft, one of the most significant emerging threats, involves a scheme where the seller’s identity is falsified, leading to a bogus and fraudulent sale. There is no shortage of information online regarding real estate transactions, making it easy for thieves to obtain these details. Here are some of the best strategies for combating these fraudsters:
Use encryption to protect communications and all identifying information, including emails and data that is “at rest,” that is, data housed physically on a given computer storage device.
Verify and validate identification through available electronic tools.
Confirm and reconfirm throughout every step of the transaction. Slow down. Take time to verify.
To reduce fraudulent transactions and lower premiums, Alliant National has initiated a crime watch program, which incentivizes policy-issuing agents to detect and prevent illicit activity. Learn more about the program and get involved.
III. Privacy remains the focus
Ten states have now enacted comprehensive privacy laws. Six have passed laws this year alone, with Texas being just the latest to do so. All 50 states now have data breach reporting laws. Many statutes impose a significant daily fine for late notice or a private right of action for failure to comply and negligence.
What all these legislative moves imply is that privacy and sensitive data protection remains at the forefront of our industry. Title leaders must ask themselves if they are staying current on the latest technologies and techniques to guarantee end-to-end data protection, including:
Developing a written security plan and devoting the necessary time and resources to ensure employees are trained sufficiently. maintaining complete records is important as well.
Encrypting sensitive and non-public information, which is essential to protect against unauthorized access and breaches.
Knowing and abiding by your state-specific breach reporting requirements.
IV. Practice secured electronic document storage
Title agencies routinely deal with electronic documents that contain large quantities of sensitive information and which represent a highly attractive target for today’s criminals. In fact, according to recent research, “88% of organizations worldwide were experiencing spear-phishing attempts in 2019. And 68% of business leaders felt their cybersecurity risks were drastically increasing.”[i]
Here are some principles to help keep these bad actors at bay:
Ensure you are applying encryption to protect digitally stored documents.
Perform periodic backup and recovery tests to ensure the availability and integrity of stored records.
Maintain and test disaster recovery and business continuity plans.
V. Adhere to all regulations
Regulatory compliance requirements have increased and will continue to evolve to address shifting cybersecurity and consumer privacy issues. Stay abreast of some of the most pressing changes to the landscape:
The current patchwork of complex state privacy and data breach laws is expected to continue growing without any expected federal legislation.
The Gramm-Leach-Bliley Act (GLBA) has been updated for the first time since the early-aughts to address data security and privacy. Modifications to the law’s security safeguard rules are going into effect in June 2023 and will be enforced by the Federal Trade Commission.
The National Association of Insurance Commissioners (NAIC) has released a draft of proposed 2023 privacy protection requirements modeled after the California Consumer Privacy Act (CCPA) and the New York State Department of Financial Services (NYDFS).
Taking action can keep you safe
Wire fraud. Seller falsification. Regulatory compliance. It seems like every day there is a new thing for the busy title agent to worry about. Staying apprised of the latest news and best practices, however, can help, as can seeking out the expertise of an experienced technology provider. Taking these steps, along with carrying comprehensive insurance for cybercrime and liability, can reinforce your security posture for maximum protection.
Harnessing the Power of AI for Better Antivirus Protection
Endpoint Detection and Response (EDR) is a next generation cyber security solution that provides more advanced and comprehensive protection for your devices compared with traditional, static antivirus applications that only address simple signature-based malware threats. While traditional antivirus programs detect and remove known malware, EDR is designed to detect and respond to more complex and sophisticated threats that often bypass or get through traditional antivirus protection. A good EDR solution can identify existing threats already hiding on a network, which is important as current threats are often undetected for several months. Since most malware intrusions originate at the end-user, it is critically important to have the very best antivirus protection on individual computers and laptops.
Here are some reasons to consider EDR as a preferred antivirus solution:
Smarter Detection: Traditional antivirus programs rely on pre-defined signatures to identify known threats. However, EDR takes a different approach. It uses behavioral analytics to detect suspicious activity in real-time, even if there are no known signatures. By monitoring file changes, registry modifications, and network traffic, EDR can detect and respond to the latest, advanced threats faster than traditional antivirus programs.
Complete Visibility: EDR provides security teams with a centralized management console to monitor and investigate activity across all devices in an organization. This makes it easier to deploy and manage security policies. Some vendors offer a fully managed model for businesses who cannot or do not want to deal with the administration or management of the EDR tool. With EDR, you don’t need to worry about manually updating antivirus software on individual devices. The central console ensures that the latest EDR protection is deployed, saving time and effort. In case of a security breach, EDR allows for a coordinated and rapid response to investigate and minimize the damage.
Real-time monitoring and continuous threat-hunting: EDR keeps a constant watch over servers, laptops, and mobile devices in real-time. It allows security teams to proactively identify and address threats before they can breach the system. By analyzing suspicious behavior, EDR can act before a breach occurs, reducing the risk of data loss or compromise.
Monitoring of servers, laptops, and mobile devices by EDR is critical to allow fast and effective solutions to threats before they breach, and in the event of a breach, to contain and solution the threat before there is contagion throughout the network. EDR has a proactive threat hunting feature that allows security teams to identify threats before they become an incident. Suspicious behavior is analyzed and reacted to before a breach occurs.
Forensic Capabilities: In the event of a security breach, EDR provides forensic capabilities that assist security teams to investigate and understand system events and scope of the attack. Detailed logs are available showing system events and user behavior. The logs may be used to identify the source of the attack, measure the extent of damage or intrusion, then develop a plan to prevent a future, similar attack. This is very useful to provide evidence of rapid response and the scope, extent, and timing of an event that is required with many state breach notification requirements.
Integration with other security solutions: EDR seamlessly integrates with other security solutions, enabling automated incident response workflows, event logging, and monitoring across multiple platforms. This integration enhances the overall effectiveness of your cybersecurity infrastructure.
With the rapid evolution of advanced threats and sophisticated malware, relying solely on traditional antivirus programs isn’t enough. Having a robust EDR solution provides the best available antivirus resource, deploying a tool that uses artificial intelligence to reiterate and continually evolve an endpoint defense. The combination of advanced detection, rapid response, real-time central monitoring, and enhanced forensic features provides a powerful tool to protect and secure your organization’s critical and sensitive data. Antivirus protection is a vital cyber-security shield on the frontline of defense, and it is imperative that defense is effective, today more than ever.
Interested in learning more about EDR? Notable companies that offer EDR solutions include SentinelOne, CrowdStrike, and Cisco. If you have questions about EDR and other tools and strategies to protect your networks and your business, feel free to contact me: tweyant@alliantnational.com
Best practices to help keep your remote environment secure
While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.
Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.
Here are some best practices to keep your remote environment secured:
Teleconferences
When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.
Equipment, Software and Hardware
Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:
Broadband connection;
Paper shredder;
Secured office space or work area; and
A lockable file cabinet to secure documents when unattended.
Remote users using personal equipment are often responsible for:
access to the internet;
the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.
Security and Privacy
Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:
Log off and disconnect from the company’s network when access is no longer required, at least daily;
Enable automatic screen lock (if available) after a reasonable period of inactivity;
Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
Enable a firewall at all times;
Ensure virus protection is active and current; and
Perform regular backups of critical information using a secure storage solution.
Additionally, companies often implement additional logical security procedures for remote users. These may include:
Disconnect remote user sessions after 60 minutes of inactivity;
Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
Update the virus pattern on a regular and frequent basis;
Provide a reasonable backup solution; and
Perform regular audits of the company supplied equipment to ensure license and configuration compliance.
Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:
Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.
It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.
For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at tweyant@alliantnational.com or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy.
Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.
A cyberattack is a malicious and deliberate attempt by and
individual or an organization to breach the information system of another
individual or company, seeking benefit from the disruption, ransom, or theft of
data.
This electronic threat is increasing in frequency and
complexity and has become very expensive to remediate or to recover from.
Here’s the surprise – almost 90 percent of cyberattacks are
caused or allowed by human error from the internal staff of the entity attacked.
This includes failure to follow security rules and
protocols, sharing passwords, using weak or default settings, and falling
victim to social engineering.
Even the large events such as the hacking at Equifax and
Target, were caused by failure to follow the rules regarding administrative
password settings, human error.
So whether your business is large or small, you need ongoing,
strong training and testing to counter the threats.
Recent survey results of a survey of title insurance
professionals by the American Land Title Association show a surprisingly small
amount of agents are conducting ongoing staff training, and most do it once
when they hire an employee.
This is a recipe for eventually becoming a victim of
electronic fraud.
There are simple yet effective steps to take to counter the
increasing threats by taking a strong defense, and it starts with regular
training and testing to remove or reduce the human error element.
Here is what to do to put a training and test plan into
action:
Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the “why” so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
Focus on all media forms – hardcopy as well as electronic – and include proper handling and protection from receipt through handling to secured destruction.
Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).
After the training, use a quiz to gauge how well your employees understood the material.
Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements – and it’s a best practice.
Last, keep up-to-date on emerging threats and vulnerabilities
and provide updated training to employees to be sure they understand new risks
or new controls and why they are important; employees must know how to
recognize and report threats to stay vigilant.
This will keep your training and testing current and fresh
and serve as a continual reminder to your staff.
Remember, this is a
marathon, not a sprint. Threats are constantly evolving and your training and
testing must also evolve to counter these threats and keep your defense robust.
Despite the
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
A
cyberattack is a malicious and deliberate attempt by and individual or an
organization to breach the information system of another individual or company,
seeking benefit from the disruption, ransom, or theft of data – and such
attacks are increasing in numbers and complexity.
Despite the
rising threat, recent survey results show a surprisingly small number of agents
are prepared, as most do not have a written cyber security and response plan.
A written
cyber security and response plan is essential to be prepared, organized and to
execute appropriate and prompt actions when an attack occurs.
The plan
does not need to be complex. To be effective, it should be simple and clear and
present key information. It should also be built commensurate with the size of
the organization.
Key
elements of the plan must include:
Perform a risk analysis to mitigate all risks, covering administrative, technical, and physical controls. Simply put, this is what could be vulnerable, what could go wrong and what is or should be done to try to avoid or contain the threat(s).
The cybersecurity program must protect the security and confidentiality of nonpublic information, protect against threats or hazards to the security or integrity of information, and protect against unauthorized access.
Define a schedule for the retention of data and a mechanism for its secure destruction when data is no longer required.
Designate an individual, third party, or affiliate who is responsible for the information security program.
Be sure existing controls in place – access controls, authentication controls, and physical controls to prevent access to nonpublic information. Encryption (or an alternative, equivalent measure) should be in place to secure data stored on portable electronic devices and for data transmitted over an external network.
Identify and manage devices that connect to the network – a simple inventory.
Adopt secure development practices for in-house applications if applicable. Alternatively, obtain this assurance from your service provider that performs the development for you.
Use multi-factor authentication to prevent unauthorized accessing of nonpublic information.
Regularly test and monitor systems for actual and attempted attacks, maintain audit trails, and implement measures to prevent the unauthorized destruction or loss of nonpublic information.
Keep up-to-date on emerging threats and vulnerabilities and provide ongoing training to employees to be sure they understand existing controls and why they are important; employees must know how to recognize and report threats.
The
response plan must include the following elements to be effective:
Date of the cybersecurity event.
A description of how the information
was exposed, lost, stolen, or breached,
including the specific roles and responsibilities of third-party service
providers, if any.
How the cybersecurity event was
discovered.
Whether any lost, stolen, or breached
information has been recovered and if so, how this was done.
The identity of the source of the
cybersecurity event.
Whether you filed a police report or
notified any regulatory, governmental or law enforcement agency and, if so,
when such notification was provided and by whom.
A description of the specific types
of information acquired without authorization, which means particular data
elements including, for example, types of financial information, or types of
information allowing identification of the consumer.
Time period during which the
information system was compromised by the cybersecurity event.
The number of total consumers
affected by the cybersecurity event, or a best estimate.
The results of any internal review
identifying a lapse in either automated controls or internal procedures, or
confirming that all automated controls or internal procedures were followed.
A description of efforts being
undertaken to remediate the situation which permitted the cybersecurity event
to occur.
Don’t wait until an event occurs. It’s a chaotic time full of financial
and emotional high stress. Do it now and provide yourself the peace of knowing
you are prepared.
This blog contains general information only, not intended to be relied upon as, nor a substitute for, specific professional advice. We accept no responsibility for loss occasioned to any purpose acting on or refraining from action as a result of any material on this blog.
Let's Connect
Discover more stories and conversations on our social media networks, or drop us a line on our contact page.
The Independent Underwriter for the Independent AgentSM