Extend your security bubble further than your business’s front door.
Managing cybersecurity risk is an arduous task for any organization, one that becomes even more challenging when trying to extend your security to vendor relationships. However, it has never been more important. Not only are cyber threats on the rise, but the U.S. Securities and Exchange Commission (SEC) made ensuring operational resiliency and information security one of its 2021 priorities.
Thankfully, last year the agency published a report on the due diligence companies should practice when dealing with vendor relationships. Covering the monitoring of vendors, contracts, customer information policies and other issues, the guidance provides much-needed advice for these complex business partnerships. Let’s explore some of its main tips, takeaways and findings for addressing security concerns with your vendors.
Why Does Information Security and Operational Resiliency Matter?
According to the SEC’s 2021 Examination Priorities report, breaches in information security can in fact “have consequences that extend well beyond [a] firm,” adversely impacting “other market participants.” The report further explains that, due to the radical increase in remote operations in response to the COVID-19 pandemic, cybersecurity concerns have been elevated further, requiring closer scrutiny of endpoint security, data loss, remote access, use of third-party communication systems and, of course, vendor management.
Understand Your Liability
It is a common misconception that if your vendor experiences a data leak, the onus is on them. Not true. State laws typically lay responsibility at the feet of the entity that collected the customer information in the first place. They usually limit vendor requirements to informing you that a data breach or hack has occurred. To safeguard yourself and your business, ensure that your vendor contracts explicitly detail how your customers’ data needs to be handled, what to do in the event of a breach and the expected timeline for dealing with any disruptions.
Vendor Management Programs
You likely already have some experience working with vendors, as well as an understanding of how time consuming such relationships can be. Unsurprisingly, adding cybersecurity concerns into the mix creates an additional set of concerns that need to be managed. Establishing a program that addresses security concerns and expectations at the beginning of the working relationship can help. This program should cover safeguards, how to evaluate vendors, independent audits and processes for terminating and/or replacing vendors.
Understanding and Monitoring Vendor Relationships
One positive finding from the SEC is that many advisers and their personnel already demonstrate a clear understanding of privacy and cybersecurity contract terms. Furthermore, these advisers display an awareness of the risks inherent to outsourcing work to vendors and best practices for limiting such risks. One way that companies accomplish this is through continuous monitoring of vendor relationships, making sure to stay apprised of any changes in the vendor’s services or personnel.
Despite this good news, firms cannot simply assume that their data protection policies are fully up to snuff or even rest on their laurels. Instead, they must treat vendor security as an ongoing, habitual process.
As the SEC noted, designing a vendor management program is a great place to start. Then, be sure to implement it. Build security requirements into your initial vendor contracts and make them as specific as possible. Run regular security audits, using questionnaires if necessary to rigorously evaluate your vendor’s security practices. You can also demand system and organization controls (SOC) for any vendor you choose to work with, requiring them to conduct a SOC for cybersecurity audit on an annual basis. Lastly, you and your company should be performing access and security reviews daily, always staying vigilant for unusual activity.
The hard truth is that, in our digital-first world, we all must work a bit harder to stay safe online and protect the integrity of our customers’ data. But by doing so, you will have a more resilient organization and satisfied client base.
In the COVID era, the only certainty is that nothing is certain.
Forming and maintaining authentic connections, for instance, has taken on new meaning. As we pass the one-year mark of the pandemic, I want to reflect for a moment on how things have changed and grapple with what staying connected has meant during an unforgettable 12 months.
One of the most vivid ways the pandemic has complicated our connections is through the disruptions it introduced to home life. Schedules had to adapt to accommodate online schooling. More adults also now work at home. Even when these potential distractions are overcome, there is still Zoom to contend with, which presents its own challenges regarding connection and collaboration.
“Zoom fatigue” is a real thing. It is far more difficult to develop an emotional connection with fellow meeting participants through a computer screen. It can be incredibly challenging to simply stay in the moment and not get distracted by what is going on in the virtual environment.
The disconnection of working remotely has even, at times, been a source of stress, which is why it has been important for companies to prioritize self-care and the emotional and mental well-being of their employees. One of the many things that I appreciate about Alliant National is that, from the first day of my employment, I have felt as if they cared about me as a person – not just as a professional.
A silver lining of the pandemic, however, is its universality, which I suppose, in a way, is its own form of connection: a connection built around shared experience. Whether it be the lack of communication or struggling with technical difficulties, we have all been required to adapt to a new way of working. I mean, at this point, who isn’t familiar with the pain of a disruption in video or sound on a communication platform?
The new world created by the pandemic has also had an impact on the nature of connection as it exists in my job. In sales, more than anything else you are selling trust. Pushing a product during a time when many people are under immense strain can feel a little callous. But helping your clients adapt to a virtual world builds trust and helps them protect their business. I have also found that making yourself available outside of traditional working hours and through a wider array of communication platforms (such as social media) can be enormously beneficial for these relationships. In the COVID era, we need to be collaborating and not merely pitching our clients.
COVID has had other positive impacts on connection, particularly when it comes to technology and family life. Older generations have been pushed to embrace technological solutions to stay in contact with their personal and professional networks. Our family interactions have become less scheduled, with real, genuine moments of spontaneity now being possible with children and spouses. I feel that this dynamic with our loved ones has become somewhat of a rarity. For all the destruction the virus has caused, reconnecting with friends and family in a deeper and more protracted way has been a true blessing of the past year.
Nearly everyone had to get creative to connect with clients, extended families and to fill time. Many turned to home renovation and improvements. DIY is at an all-time high, and people want to change their interior space to make it more conducive to family rooms that really function for families. They have added home offices or updated kitchens that are really being cooked in now.
Personal hobbies have skyrocket. Cooking classes, exercise forums, online knitting groups, even virtual interior design classes have sprung up to take the place of in-person site visits. The innovation of the pandemic is truly inspiring. While we still crave the personal interaction of experiences, the option of a virtual experience opens up opportunities for all of life’s challenges outside of a pandemic.
Flash forward to today, and we are now potentially at a turning point in the story of the virus. I am looking forward to a return to the office, as I feel it is healthy and necessary to communicate in a live environment as opposed to solely a virtual one. Spending this year largely separate from my colleagues has confirmed what I already suspected: as a salesperson, I need the type of face-to-face interactions that a computer simply cannot replicate.
Still, it is important to recognize that some things have probably changed for good. Full-blown office environments are likely going to be a thing of the past. Companies have invested heavily in equipping their employees with solutions to facilitate remote work. They have also realized that their work-forces are capable of being productive while off site. Whatever the future holds, there is no doubt that the coronavirus has taught us many lessons about the nature of connection – both personal and professional, good and bad. We should carry these lessons with us long after the pandemic ends.
The Future is Here; Let’s Embrace It
The adoption and implementation of remote online notarization (RON) received a tremendous boost during the COVID-19 pandemic. Buyers, sellers and title agents are looking to close transactions in the safest way possible. According to the American Land Title Association (ALTA), “Forty-eight states and the District of Columbia have either passed a RON law or issued an executive order pertaining to remotely notarizing documents. Some have done both.”
In December of 2020, ALTA reported that RON use had increased 547 percent during the year compared to 2019. If you are a “Star Trek” fan, the lightning-fast adoption of RON – as well as alternative remote closing methods such as Remote Ink-Signed Notarization (RIN) – has felt like the title industry has gone from cruising to warp speed in a nanosecond. It can even feel tempting to utter one of the show’s classic lines like “Beam me up, Scotty!” when thinking about such transformative change.
But let us back up a bit. As the automobile was invented and became a commonplace form of transportation, society built an accompanying infrastructure – including roads, highways, bridges and tunnels. The same is needed for RON. However, it takes time to develop secure and accessible technology that everyone can use. It requires effort to garner the acceptance of the county recorders who must be ready, willing and able to record native electronic instruments. Creating uniform laws to ensure interstate legal recognition and consumer confidence is also no easy matter.
Properly building out RON infrastructure necessitates the continuous collaboration of numerous parties, including individuals, industries and organizations. For example, MISMO, the Mortgage Industry Standards Maintenance Organization, has been working on standards concerning credential analysis, borrower identification, audio-visual requirements (including the recording of the electronic notarization process) and audit trails. PRIA, the Property Record Industry Association, has been developing national standards and best practices for the land records industry. ALTA and the Mortgage Bankers Association (MBA) have also joined forces to establish model RON legislation. Finally, there are numerous other stakeholders not identified here who have, and are, tirelessly working to enable the requisite RON infrastructure.
Currently, the federal Senate bill (SB) 3533, the Securing and Enabling Commerce Using Remote and Electronic Notarization Act of 2020 (otherwise known as the SECURE Notarization Act), is pending. If passed in 2021, the SECURE Notarization Act will permit RON across the nation and provide for minimum standards and interstate recognition. To track the progress of the SECURE Notarization Act, click on the link provided for SB 3533.
Another good resource for tracking the evolution of RON is the DLA Piper financial services alert, which is constantly updated. You can also subscribe to their mailing list to receive alerts via email.
During this time of rapid transition, it is important to keep abreast of the latest RON developments, to “boldly go” forth and not end up like another classic science fiction show: “Lost in Space.”
The future is here; let’s embrace it!
As technology advances, so does the deception
The pandemic has amplified the number of scams and email attacks on individuals, companies and organizations. People are already in vulnerable places emotionally, socially, physically and mentally; Covid has only intensified fright and flight instincts. We are constantly interrupted by additional stressors.
What might have easily caught your attention on an invoice, bill or receipt, can now slip by when the mind is overwhelmed with the stress of daily life. The way people receive goods, bills, invoices and confirmations has changed during the pandemic.
Be proactive and take one worry off the list by preparing yourself and educating your clients, friends and family about current email scams. Here are four ways to identify obvious scams when shopping for company or personal resources.
When opening an email, especially one that is unexpected make sure to check the sender address. This can be the first and last stop when identifying a scam. Do you order from Amazon or Office Depot often for your business? Typically, large companies have a very streamlined and identifiable confirmation process. It might have a logo, a reprint of your order, package tracking information, etc.
Most companies have emails such as a “confirmation@” or “receipt@”, and then the company. If your typical confirmation is now coming from a different sender or source, this is a red flag. Most purchases are automated; therefore, an email about a package and confirmation that is not expected or sent at strange times is also a red flag.
The schoolteachers’ philosophy holds true: If it isn’t written correctly, it’s not correct. Many scams originate from outside of the United States and come from people who have never spoken English, or who might have only slight knowledge of English grammar and mechanics. This lack of familiarity with the language or even cultural communication can be extremely evident from the outset of the email. Unusual forms of personal address or improper labels are a signal of deceit.
Legitimate order confirmation emails should be free of spelling and punctuation errors, or words swapped for one another such as “their” and “there.” If you find such an error, take it as a signal that this email is likely a scam.
Many people are already well versed on email scams that direct you to a link. Most know not to click the link. Use this same strategy when reviewing your confirmation and order. You are usually able to scan over the item or photo and it should direct you back to the home site, whether you were shopping on Home Depot, Office Depot or Amazon. If it directs you to another site, and you can confirm this by hovering your mouse over the link, then it’s a scam. Contact your original purchaser immediately.
Most online retailers have the shopping, shipping and receipt process dialed in. Communications are auto-formatted and the email confirmation arrives in a clear, itemized order. Often items – the exact photo of the item and its link – can be found on an email confirmation.
Order receipts or requests for further action that are formatted in a strange manner should raise your suspicion. Are they asking you for additional shipping payments? Did they add your taxes incorrectly and are trying to collect? Do not fall victim to these scams. Your receipt of purchase should be clean, neat and easy to read and reference. If something is strange, then this is an identifier of a scam. In the end, trust your instincts. If something looks off, it likely is. Don’t be afraid to back out of an email or a link that feels like it might be fake. You know when something looks and behaves unlike the norm. Trust that and help yourself and your business stay safe.
How to appropriately address clients amid the pandemic
The pandemic has changed almost every nuance of our lives; however, it shouldn’t change your communication with customers. Now — more than ever — is a critical time to reach out to your clients, family and friends, and effectively show compassion and interest in them. Many individuals have more time than ever before to reflect and communicate.
Be authentic in your approach and seek creative ways to safely stay in touch with your clients. People appreciate the reassurance of being connected to familiar networks. Just because many aspects of life have stopped, do not let your connection to customers falter.
There are three key components of empathetic and appropriate communication during Covid. A genuine approach that is on target for your intended demographic is a thoughtful and ideal bridging of the lack of in-person communication. This effort also helps to maintain existing online and virtual relationships.
Now is the time to engage and reaffirm relationships with customers. What worked in the past with you and your clients? Was it a phone call, in-person, a facetime call, email, text, or even snail mail? Whatever was working, never abandon that line of communication. Don’t suddenly start texting a client who up till now only communicated with you in person. Rather, educate your clients on the many options they have for engaging with you.
If your client base is on a newsletter system, this is an excellent source to reiterate ways to get in touch with you. Create a menu of options for clients and let them pick the communication method that is best for them.
Don’t recreate the wheel. Use the same information on all the types of communication that you have available, and make sure it is up to date on your website. If you have a physical address, you can always check in with Google address, Yelp, Yahoo, etc., to make sure all of your information is up to date.
You need not wait for a website to fail or a phone line to go down for a client to become extra stressed. Create multiple means of communication to ease your clients’ potential stress. This way, there is a consistency to your relationship and they will have numerous ways to get ahold of you in emergency and non-emergency scenarios.
Customers have been inundated with robotic communications, automated messages, spam phone calls, excess emails, random texts, etc. Make your communication channels honest and simple. A customer in crisis does not want to wait on hold for 20 minutes only to be connected to another operator for assistance. Be extremely up-front and honest about how you want people to communicate with you during business and non-business hours.
Society is stressed. Individuals are stressed. Now is not the time to add to your customers’ agendas. When you reach out to communicate needs, wants or even future plans, be clear about timelines and expectations.
Communication is how we maintain human relationships. While in-person meetings and group sessions are not possible, clients still want to communicate. Use your existing resources like eblasts, newsletters, phone calls, and social media to reiterate the numerous ways you want to engage with your audience. The result will be that when the pandemic passes — and it will — you and your company will have maintained a seamless and helpful communication line with your clients. They will be happy and you will too.