It’s one less stressor!
The more we use mobile technology, the more passwords we accrue. It’s not unusual for an individual to have more than 20 different sites — bank, social media, Netflix, home security — that she routinely enters. Add to this borage of passwords the lack of cohesiveness between websites. One password might require lower and upper case and numbers and punctuation, and another asks for your childhood street address.
How does one simplify the technology puzzle and avoid getting overwhelmed by too many passwords? Here are five steps to follow to keep the letters, numbers and punctuation that make up your internet profile easier to recall and more secure.
Step 1: Use passphrases instead of passwords
Many experts suggest length is key to preventing a hack. The longer the password, the better, even upwards of 20 characters. Use a phrase that is easy to remember such as a favorite cheer for a sports team or something that is second nature in response to you. Some examples might be I-need-my-coffee-at-8AM! or GoBadgerBasketball1984.
Step 2: Use a password manager
How many of you have snapped a photo of your passwords or a photo of a driver’s license to remember information. What happens when your cell phone is gone? Can you access this information? There are hundreds of password managers that can be utilized both via desktop or laptop and smart phone. Although the inputting passwords up front might take time, it’s the sense of organization that is the reward. It’s best not to use the same password for every site. It’s also nearly impossible to remember a different password for each site.
A password manager allows you to use one code to access all of your other codes. This helps secure credential storage as well. The manager can assist in synchronization across multiple devices.
Step 3: Use Two-Step Verification
This is also known as two-factor or multi-factor authentication. This means that a password and a secondary smartphone code are required for access. This might be something such as a finger print, face identification or other tech-savvy options. These are much more secure and nearly un-hackable. Individuals should enable this security whenever possible, especially for financial, email, and other secure and/or private accounts. This can also be enabled with a password manager.
Step 4: Do Your Research
Stay up-to-speed on current online hacks and breeches of data that have occurred. A good resource is https://haveibeenpwned.com to see if any of your online accounts have been compromised. This could be a healthy routine to visit the site once a month to check in on all online accounts and data that you want kept private.
Another easy safety device is to set up alerts on your phone or through Google, Yahoo, etc., that alert you to current scams or if any of your information has been violated. There are thousands of security breaches daily, and don’t panic if you are contacted; it does not mean your information has been compromised. Do your due diligence and determine if you need to go to your password manager to update information.
This information might seem overwhelming; however, being knowledgeable and proactive about passwords and data is crucial to a healthy cyber profile. Technology is constantly advancing. Use these nuances to your advantage. Streamline passwords and stay tech-intelligent.
Best practices to help keep your remote environment secure
While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.
Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.
Here are some best practices to keep your remote environment secured:
When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.
Equipment, Software and Hardware
Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:
- Broadband connection;
- Paper shredder;
- Secured office space or work area; and
- A lockable file cabinet to secure documents when unattended.
Remote users using personal equipment are often responsible for:
- access to the internet;
- the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
- ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.
Security and Privacy
Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:
- Log off and disconnect from the company’s network when access is no longer required, at least daily;
- Enable automatic screen lock (if available) after a reasonable period of inactivity;
- Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
- Enable a firewall at all times;
- Ensure virus protection is active and current; and
- Perform regular backups of critical information using a secure storage solution.
Additionally, companies often implement additional logical security procedures for remote users. These may include:
- Disconnect remote user sessions after 60 minutes of inactivity;
- Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
- Update the virus pattern on a regular and frequent basis;
- Provide a reasonable backup solution; and
- Perform regular audits of the company supplied equipment to ensure license and configuration compliance.
Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:
- Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
- Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
- Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.
It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.
For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at email@example.com or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy.
Now is the time to educate yourself.
In the chaotic economic and physical landscape of 2020, the last thing any individual should have to contend with is being taken advantage of when vulnerable. Nonetheless, scammers are still looking for loopholes to victimize the innocent. Their newest tactic is a scam call “smishing.”
What is smishing? How does one become educated and protected, and how can you be proactive for the next scam?
Smishing is the practice of sending fraudulent text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing is basically a “phishing” scam involving the exchange of text messages or SMS messages.
Common platforms and applications that the hacker might use include a built-in smartphone messenger, iMessage, Facetime, Facebook messenger, WhatsApp, Slack, Skype and other face-to-face mobile vehicles.
Sadly, this is quickly becoming an increasingly popular and successful means of deception. Smishing is especially confusing as people often believe their cell phones are safe from hackers and scammers. Junk text messages were a rarity in years past. Nowadays such texts are common, and many businesses, including doctors, routinely text individuals to confirm appointments or prescription refills.
Due to the newer nature of this scam, and lack of education about its pathway from spam to private information, many consumers, especially those more at risk, such as the elderly, or those without internet access, are prime targets.
In prior years, there was a massive effort to educate the public about not clicking on random links in their email, and that became extremely successful. Nonetheless, criminals are finding a new path, and that is through the technology that is closest to them — cell phones.
Now is the time to educate yourself on how to differentiate spam and phishing text messages from important communication. When receiving a text message from an unknown source, here are four things to think about before responding:
- If it seems too good to be true, then it is! If you receive a generous coupon code from a place you have never heard of or an amazing incentive from a popular brand like Target, McDonald’s, Nike or others, don’t respond. Instead, check a website from the company or call the main phone number to see if the offer is legit. Don’t call a number on the text message, and never respond to an offer by texting personal information.
- Time sensitivity. If you receive a text asking for personal information to fulfill a medical or business request, and they need it ASAP, it’s a scam. A reputable company, medical office or organization is going to pick up the phone and call an individual, not text.
- Long text messages from unknown sources, including a link, are also a good indication of smishing, or phone phishing schemes. Never, click on a link from an unknown source. The link can immediately allow phishers access to confidential and valuable information from your phone. Be vigilant for text messages asking for personal information, passwords or other sensitive information.
- Does the text message have grammatical errors or strange sentence structure? While many people use talk-to-text, it would never be a means of communication for a business to connect with a customer. Another red flag is when the pronoun to your name such as Ms., Mrs., Mr., Dr., etc., is incorrect or even used at all from a stranger. Don’t respond to these messages.
What to do once smished? Delete! And if necessary, block the sender. If you are truly questioning whether a text is legit, try logging onto the internet from a different device to do some investigative work. Bottom line: You do not want to compromise the security of your personal information to anyone via text.
Are you ready?
Can you spot when you’re being phished? One of the first steps is fully understanding what phishing is. Unfortunately, it’s not as fun as heading to the stream with your waders. Phishing can take place via phone call, text, or email, but the latter is the most common place. The attacker will pose as a legitimate institution in an attempt to get secure information from their target. Some examples include those spam calls you receive from the “IRS” robot asking for your social security number.
Over email, things can get a little bit more malicious. It’s common sense to know that an unsolicited robotic voice asking for your social security number isn’t legitimate. However, what happens when you receive an email with a link that you wouldn’t usually give a second glance to? Cyber attackers rely on that lack of attention to target vulnerable users. Here are some ways to tell if the email you’ve received is a phishing email:
- Remember that if it seems too good to be true, it probably is. Those flashy designs advertising expensive items for free could (and in all likelihood will) result in identity theft.
- Be mindful of emails from unknown senders insisting that you act urgently. The attacker is trying to pressure you into acting without thinking.
- Watch out for unknown hyperlinks and attachments. They’ve gained popularity over recent years. They avoid giving you all the details in the email to avoid looking immediately suspicious and urge you to click on the link for more information. Never click on a link from an unknown or untrustworthy sender.
All of that might seem like a lot, but knowing what to look out for is the first step in protecting yourself from cyber-attacks. After a while it will all become like second nature. There are also plenty of other preventative steps that you can take to ensure that you and your inbox are protected.
Spam filters can go a long way toward stopping malicious content from getting to your inbox at all, and you can update your browser’s security settings to block fraudulent websites from opening at all. Setting up two-factor authentication with your financial institutions and any website where your bank data may be stored can help protect you as well.
Jigsaw and Google have partnered to keep an up-to-date phishing quiz to see if you’re ready to identify phishing attempts that may come your way. You can take it here.
You can’t go wrong being educated, prepared, and mindful.
When writing about quality commitments we have two main goals: quality and excellence. Basically, we want to be sure we are producing superior commitments and policies.
But who decides whether or not we’ve attained these goals? The first answer is our underwriters. They’ll be looking to ensure that the quality commitment is written in a clear and unambiguous fashion so that all parties involved can easily see what’s covered by the policy and what isn’t.
Next up are the regulators. In my state of Texas, everything surrounding title insurance is regulated by the state, and the Texas Department of Insurance (TDI) routinely runs quality checks during audits.
However, our customers are the ultimate and most important judge of any of our business dealings, and it is up to us to ensure that the commitment for title insurance makes them feel reassured and enlightened rather than frustrated and confused. Buyers and lenders are looking for exceptions in a language that’s easy to understand, while owners want the language for requirements to be the clearest.
Let’s break down a commitment for title insurance. This step in the process comes after the receipt of a bona fide order and must be completed as soon as possible. The exception is when the company is unwilling to insure said order. In the event that the commitment is issued, liability and obligations end ninety days after the commitment’s start date.
When selecting the words to include in a commitment, it’s important to understand the distinction between language describing the insured land and language described as an exception from coverage. When describing an easement estate on Schedule A, we want the description to be as detailed as possible, because that limits liability. When describing an easement on Schedule B, we want to be as general as possible, because we limit our liability.
Requirements appear on Schedule C of commitments – and do not appear on policies. “Requirements” in this case reference items that must be resolved to the satisfaction of the underwriter before the policy can be issued. There may be instances when it’s necessary to tell a proposed insured something about the policy that will be issued. While there’s no standard way to give this type of information, the best practice would be to add a “note” – containing information. Remember, these “notes” are only used to include additional information about policies and never to provide information about the status of the title.
There are things that don’t belong on commitments. Some examples would be “affirmative” statements about what was found during the title search, instructions about how closing or escrow should be handled, information about transactions or policies outside of the outlined requirements, or details advising the insured about “rights of parties in possession” or amendments of the “area and boundary exception.”
With all of this information in mind, the question still remains: How do we achieve quality commitments and policies? The first step is education. Everyone in the organization must have appropriate training in the use of the escrow/closing and title production system(s). It’s critically important for each person to understand how the data they input is utilized by each process. The next step is the natural progression into preparation. Prep for quality starts with the setup process of the escrow/closing and the title production system.
At the end of the day, it’s about remaining mindful of the parties who will be reading your report or commitment and what it is they mean to do with it. If you go into the commitment process with that in mind and remain armed with the information you’ve gathered, you’re headed in the right direction.
Be educated in the process, be prepared for what you’re about to do, and be mindful of our clients and you can’t go wrong. If you would like to learn more about writing quality commitments, log onto our Alliant National Agent Resource Center and check out our Resource Center tab to view our new webinar on the topic.