The world is awash in data. And business owners must protect their customers.
Anyone who has been paying attention over the last couple of decades knows that data is all around us. We can’t see it. We can’t touch it. But it is everywhere, informing how we work, shop, explore and entertain ourselves. Data is also extremely valuable. Advertisers covet our data. And bad actors often weaponize it for identity theft and illicit financial schemes.
It is imperative that business leaders protect their customers’ data. Not only is it the ethical thing to do, but it is also pragmatic. The way businesses use and protect customer data is rightly coming under increasing scrutiny. Additionally, businesses that mismanage customer data can experience significant consequences to their brand and reputation. With such high stakes, it’s important to be knowledgeable on best practices for data protection. Here are some tips to get you started.
Conduct an Audit
The first step toward a comprehensive and proactive approach to protecting your customer base’s data is to gain a full understanding of the various types of data your business holds. Is it social security numbers? Credit card information? Online account passwords? Real estate and title insurance professionals often deal with large amounts of sensitive data. Conduct an audit to ensure that you have a full accounting for everything you and your employees hold.
Understand the Legal Basics
Data protection laws vary depending on where your business is and the industry in which you work. It is wise to invest the time and resources to gain a full understanding of the basics as required by law and as they apply to your specific enterprise. For instance, most people know about the Health Insurance Portability and Accountability Act (HIPAA), the 1996 federal law that stipulates that healthcare insurance industries must protect customer health information from fraud and theft. However, other state-level laws apply to all industries. Become apprised of what is required of you by law when designing data protection policies for your business. There are ample resources online that can serve as an effective primer.
It’s all well and good if you want to take a proactive and fastidious approach to your customers’ data, but if you have employees, you are going to need their buy-in and compliance as well. If a chain is only as strong as its weakest link, then a business can only take a comprehensive approach to data security if it treats it as an organizational priority rather than a siloed effort.
If Possible, Throw it Out
Only keep data you need. Schedule routine reviews of the customer data you are holding and have a process in place to decide when you can safely dispose of it. Considering that you have an ethical and often legal obligation to safeguard customer data, this can be a great strategy for limiting your company’s exposure.
Do What You Can
Protecting customer data can be an expensive and time-consuming effort. In fact, major corporations often spend millions of dollars to secure this information. You may not have access to such resources. However, there are still practical steps you can take to operate a more data-secure shop.
Consider, for instance, limiting employee access to data, only giving them as much information as they need to effectively do their jobs. Be sure to also have a process in place for properly destroying and disposing of both physical and cyber versions of customer data. Lastly, you could even consider looking into a designated server for your most sensitive data. While using a shared server might be more economical, it carries a security risk.
Go the Extra Mile
We know that running a title agency is no easy matter. Time is always tight, resources thin, and sometimes it can feel as if taking on a new initiative will be the straw that breaks the proverbial camel’s back. Still, it’s important to remember that customers are worth the effort. As title professionals, our customers entrust us with some of their most sensitive data, and we must do our best to protect it.
You just received an unusual email from your boss. Better answer it, right? Not so fast.
As an internet user, you likely have some awareness of cyberattacks, and chances are, you may have already been impacted by a cyberattack in one form or another. This is particularly likely considering some of the massive data breaches that have affected large companies over the past few years.
One cyberattack you may be less familiar with, however, is called CEO fraud. CEO fraud is a targeted type of email attack where the scammer poses as the boss and tricks an employee into taking a detrimental action. CEO fraud can affect any type of business, from a large corporation to a small agency. Essentially, if you have a job or work for a company that is larger than just yourself, you are vulnerable to this type of malicious behavior. Here’s how you can be prepared to stop CEO fraud and avoid jeopardizing your company.
The Internet Weaponized
Let’s say you work for a small title agency. There are only a few employees in addition to you and the CEO. A cyber attacker will use the internet to research who your boss is and then create an email pretending to be them. What makes these types of emails especially dangerous is that they don’t contain any malicious links or infected attachments that your average email filtering software will catch. Instead, they appear like your average, ordinary email.
A Fraudulent Sense of Urgency
One of the most defining features of a fraudulent email is urgency. They will urge you to take a specific action right away. These requests are often fiduciary, like handling an invoice, changing payment information, or instructing you to send documents that contain sensitive information.
Two Different Scams
It’s important to take a more granular look into how these scams often work. The first way is wire fraud, a particularly pertinent subject for anyone working in the field of real estate or title insurance. When a cybercriminal is attempting to pull off a scam like this, they will usually spend time identifying those who handle accounts payable and then send them an email pretending to be their boss. The email will direct them to change something about an upcoming money transfer, typically the account where the money will eventually go.
The second way this scam occurs is in the form of tax fraud. In this instance, a similar process will play out, where the criminal will again send someone within your business or organization a fraudulent email pretending to be a superior. The difference this time, however, is that the email will urgently instruct its recipient to send employee tax documents, sensitive information that could be extremely damaging if it fell into the wrong hands.
Stay Vigilant and Stay Safe
Faced with the possibility of such threats, what can an average worker do to practice due diligence and protect themselves or their company from becoming victimized? Most of the time, exercising common sense will be sufficient. But there are also some common signs that can alert you to an email not being on the up-and-up.
Fraudulent emails will almost always be short, with the message consisting of only a few lines of text. They will also mention that the email was sent from a mobile device. They will include instructions that run contrary to your business’s policies, basically conveying that you should ignore standard procedure for the sake of urgency. The actual email address that the message was sent from will also be a dead giveaway. Be on the lookout for any email ending with a common domain name like “@gmail.com” or “@yahoo.com” instead of your company’s email domain name. If you’re in charge at your organization, encourage your employees to give you a call to double check any emailed request from you that may seem out of the ordinary. Practicing these easy steps will go a long way toward helping avoid any potentially dicey situations. Even better, they will alleviate unnecessary stress and let you focus on far more important professional priorities.
We’re buried under data – both tangible and digital. Do you have a plan for disposing of it securely?
By Bryan Johnson, IT Director, Alliant National Title Insurance Company
We live in a world of data. The internet runs on it. Companies and governments collect it. Each person carries around a tiny data collection device in their pocket in the form of a smartphone, which catalogs our spending, socializing and travel habits.
Unsurprisingly, personal data is an important part of real estate transactions, and the business can involve the exchange of names, employment information, contact numbers, email addresses and, of course, financial information. Considering that trust is critical to any given transaction, real estate professionals should make all possible efforts to safeguard this personal information and properly secure or dispose of it as appropriate once a transaction is completed. Trash can on a laptop. 3d illustration stock photo
Formalize Your Policy
When thinking about customer data and how it should be handled, start from the beginning. Set up a formalized policy that will be the standard across your agency. Having a clear, step-by-step process will make it easier to reduce mistakes when handling data. It will also streamline your ability to bring people up to speed on your processes and procedures – ultimately saving time and money.
Local vs. Network Drives vs. Cloud Storage Services
Once you start actually disposing of your customers’ files, keep in mind that data can live in multiple locations. You may have files on your local work computer that also live on your company’s network or on a cloud storage service. To ensure a given file is gone for good, you need to erase it in all locations. Many network and cloud storage solutions will also still retain copies of deleted files in what is commonly called a recycle bin. If you intend to permanently delete your files, you will need to make sure they are purged from the recycle bin as well.
There is a lot of information stored on hard drives. Once you no longer need a particular drive, it is always a good idea to enlist the services of a professional data destruction company. Most major cities will have several companies from which to choose. These businesses can either physically shred your hard drives or even degauss them, which involves an incredibly powerful magnetic field that completely erases all data.
A Not So Paperless World
Although personal computing has been commonplace for more than 25 years, we live in a world where paper still flows and customer information still exists in a tangible form. Be sure to treat your clients’ physical information with the same care as you do their digital. To dispose of paper data, deploy a good shredder. After that, it is ideal to use the services of a professional recycler or data destruction provider.
Increased access to data is one of the great double-edged swords of the information age. While it has made conducting business easier, faster and more convenient, it has also left individuals and companies vulnerable to data breaches and fraud. By leveraging data effectively and safely, you will be able to conduct your real estate transactions with greater speed and dexterity. Just be sure you don’t mistakenly end up putting private information at risk!
When shopping online, make sure the only “steals” you experience are great prices.
Even before the outbreak of the coronavirus, shopping online had become the norm for millions of people. From avoiding crowds to being able to access a wider range of products, it’s not difficult to see the benefits or understand its appeal.
But online shopping is not entirely without risks, particularly as it involves entrusting websites and applications with sensitive financial information. Still, there are many ways to protect yourself when shopping online. Implement the following tips to reduce risk and keep your shopping fun and worry-free.
Safe Sites and Due Diligence
One great way to reduce your risk is to restrict your shopping to sites you absolutely know are safe. Bookmark these sites for future use. If you think you may be on an imposter site, verify that the domain is correct, scrutinizing it down to whether any letters have been maliciously replaced with a number. If you do decide to branch out, conduct research into a site’s reputation, and look for keywords that are glaringly negative like “fraud,” “scam, “fake,” etc.
Create Thoughtful Passwords
On any e-commerce site you frequent, use a unique password. A strong password typically includes a combination of letters, numbers, and special characters. Avoid common personal information like your birthday, your name, or your address. If you struggle with remembering multiple passwords, consider employing a password manager.
It can be tempting to give large, well-known e-commerce sites your complete trust; but don’t let your guard down! Large online stores frequently include third-party sellers who may have less than noble intentions. Before handing over any of your personal or financial information, take a close look at the seller’s reputation, including reading any comments or reviews that are available. It is also always a good idea to review the store’s policies regarding third-party sellers and be wary of any sellers who are new to the site or who are listing their products at an exceptionally low price.
Keep a close watch on both your personal and professional credit cards for any suspicious-looking charges. It’s prudent to also set up alerts for any charges that are out of the ordinary or that do not match your usual spending patterns and habits.
When shopping online for personal items and especially when conducting your business shopping, do not use a debit card. Debit cards take money directly from your bank account, and if you are unlucky enough to become a victim of fraud, you will have a much more difficult time getting it back. If you are hard at work trying to build your independent agency, having a business credit card can also have numerous advantages. It is far easier to keep track of your business expenses with a company card, and many providers will even send you a monthly expense report that you can keep for your files. A business credit card often offers an additional level of protection than a normal consumer card. Some examples of extra protection include travel accident coverage, identity theft coverage and other various misuse policies.
Whether you shop online for personal reasons or business needs, everyone can benefit from being mindful of the potential risks involved when conducting online financial transactions. Scammers are plentiful, and there is no way to guarantee that your purchases will always be secure. But by being aware of the dangers and implementing a few easy security precautions, you can reduce your risk of becoming a victim and continue leveraging the power and convenience of the online marketplace.
What exactly is malware, and how can you safeguard against it?
You’ve heard the term. You’ve seen the warnings. You may have even been unlucky enough to experience an attack. But what exactly is malware, and what can you do to safeguard against it?
Malware: A Catch-All Term
Malware is an umbrella term for any type of malicious software. This can include anything from computer viruses, worms and Trojan horses (a malicious piece of software disguised as a legitimate program) to ransomware, spyware, adware or scareware.
Typically, anything that secretly works against the interests of a computer user can be classified as malware. Malware can infect almost any type of computer or digital device. Some but not all machines that are vulnerable to malware include: Windows computers, Macs, iPhones, iPads, Android devices and network servers. Viruses and worms are the most common types of malware, and both are spread by becoming embedded in executable software.
Why it Matters
Malware is used by hackers to gain access and pilfer the personal, financial, business or governmental data of unsuspecting individuals or organizations. Once this information is acquired, cybercriminals frequently seek to exhort money from their victims – either directly through ransoms (where the criminal blocks access to files or programs until the victim pays them money) or by engaging in identity theft.
Recent studies indicate that cybercrime is on the rise. A 2019 report revealed a 67 percent increase in security breaches over the past five years.[i] The cost of these attacks is truly staggering. According to the White House, “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.”[ii] The average cost of a data breach is $3.9 million according to IBM.[iii] While it may be tempting to think that only large multinationals are the targets of these attacks, 43 percent of breach victims were small or medium-sized businesses.[iv]
What Can be Done?
As with other industries, identity theft, fraud and other crimes are increasing throughout the insurance and financial services sectors. Still, there are numerous actions you can take to better safeguard your data.
A great first step is to purchase high-quality anti-virus software and install it across your devices. It is essential to purchase one from a well-known and trusted provider, and to have it consistently run scans on any machine that may be vulnerable.
You should diligently update both your operating systems (Mac/IOS, Windows, Android, etc.) and internet browsers (Internet Explorer, Google Chrome, Firefox, Safari and Microsoft Edge). Not only do these updates patch security holes, but they also better protect your data and offer enhanced features that can make your work life easier and more enjoyable.
When safeguarding your devices through the previous steps, it is always a good idea to back up your data and store it on an external hard drive where it will be retrievable in the future. By taking this precaution, you will ensure that you do not lose access to your most valuable data even if you are unlucky enough to experience a malware attack and have to consult a professional to repair your device.
Avoiding Phishing Scams and Ensuring Safe Title Transactions
One of the most common threats that occur during real estate transactions is a phishing scam, where criminals seek to gain access to nonpublic personal information (NPI), place malicious code on your device or convince you to change wiring instructions. To protect yourself from these scams, agents should be mindful of the following warning signs within a suspicious email:
- Poor spelling, grammar and generic greetings
- Requests for personal information
- An unusual sense of urgency
- Instructions to change wiring information
- Questionable-looking attachments or links that encourage a click.
Additionally, agents can reduce risk by transmitting data through encryption, using two-factor email authentications, maintaining a contact log for all transaction participants, eliminating the need for urgency and performing a risk assessment to identify security gaps.
Commit to Safety
Considering the fiduciary responsibilities that title agents possess, data security is of the utmost importance. Of course, no system is foolproof, but by knowing the risks and taking necessary precautions, agents can make significant progress toward protecting the integrity of their clients’ transactions.