Posts Tagged ‘ALTA’

ALTA ONE 2019 - UNbound

ALTA One 2019

Must-See Educational Sessions at ALTA ONE 2019

ALTA ONE is next week, October 22-25th at the Fairmont Hotel in Austin, Texas. It’s an important event bringing together leaders in the title industry to swap new ideas and business practices in educational sessions that really work.

As always, there’s a lot of content! ALTA ONE will cover a range of hot topics, so which sessions are a must-attend?

We enlisted the help of Nathan Marinchick, Director of Research and Educational Programming at Alliant National, to help identify the top 10 education sessions you may want to place on your ALTA ONE dance card next week.

Wednesday, October 23, 2019

9:00 am – 10:00 am OMNI SESSION: THE POWER OF PURPOSE

ALTA’s CEO, Diane Tomb, will share her vision for the coming year and what she sees as the industry’s greatness opportunities and weaknesses. And Entrepreneur, author and “ad man” Roy Spence will help ignite your “epiphany of purpose” during this keynote — Have you found your purpose? What motivates you? What truly drives your company? Discover and fulfill your purpose.

10:30 am – 11:30 am NOTABLE: TEXAS TITLE AGENTS ARE ROCKING WITH RON

In 2018, Texas became the 3rd state to permit remote online notarization. This session will provide a first-hand perspective on implementing RON in your operation. As RON becomes legal in your state you won’t want to miss this opportunity to learn from early adopters.

1:00 pm – 1:30 pm ENGAGEMENT LAB: COMMERCIAL BUSINESS: GETTING YOUR FEET WET WITHOUT SINKING THE BOAT

This lab is designed to demonstrate how your title and closing skills and experience have given you a solid foundation to explore the world of commercial real estate transactions with confidence.

2:00 pm – 3:00 pm NOTABLE: RESPA 411

This session will review the latest cases and enforcement actions on RESPA, affiliated businesses, and marketing services agreements. Come with your questions and discuss the latest trends in RESPA compliance. Experts will address the future of the CFPB and enforcement actions.

3:30 pm – 4:00 pm ENGAGEMENT LAB: BUILDING A FLEXIBLE WORKFORCE

Our industry is facing significant changes from a staffing standpoint. How do you face the challenges of finding new people when you have a retirement or just the everyday turnover? What does flexibility in your workforce look like and how can you successfully adapt your business to recruit and retain new staff through these changes? Join this lab to discuss these challenges and brainstorm solutions.

3:30 pm – 4:00 pm ENGAGEMENT LAB: CULTURE AUDIT WITH ALLIANT NATIONAL’S BOB GRUBB

Culture is central to the health of an organization. However, it is often invisible to those in it, making it difficult to understand what our culture is, and more importantly, what areas require improvement. This is why a culture audit is a good idea. Join this lab to learn how this process works and what to do with the results.

Thursday, October 24, 2019

8:45 am – 10:00 am OMNI SESSION: FROM THE DARK WEB TO WALLSTREET (SPONSORED BY INCENTER TECHNOLOGY)

Wire Fraud keeps us up at night. Listen to two local law enforcement detectives involved in a headline-making case in which money was stolen, then recovered, through a wire fraud incident. Additionally, an Austin based Realtor will discuss how unsuspecting clients can fall victim to wire fraud schemes. And Cybersecurity is top-of-mind for all of us, whether we’re thinking about our professional or personal lives. The director of cybersecurity for Morgan Stanley Wealth Management and Investment Technology, Rachel Wilson, knows exactly the dangers you face. Wilson will share her expertise on how best to protect your business and avoid falling prey to scams and attacks.

10:30 am – 11:30 am NOTABLE: PROPOSED ALTA POLICY FORMS – WHAT’S COVERED, WHAT’S NOT?Title insurance is what we sell, so it’s imperative to know when coverages change. Hear from two ALTA Forms Committee experts about the proposed updates to the 2006 policies. You will be introduced to the new versions, know why changes were made, and what they mean for your business.

12:30 pm – 1:30 pm NOTABLE: THE UNEXPECTED BENEFITS OF DIGITAL CLOSINGS

Often when we talk about digital closings, we talk about what’s in it for the consumer or lender. But you should also focus on the benefits that digital closing can bring to your operation. In this session, learn how digital closing technology can change your workflow and improve efficiency – while also providing the more convenient and prompt closing your consumers and lenders want.

12:30 pm – 1:30 pm NOTABLE: 8 LEGIT WAYS TO MARKET YOUR CULTURE TO HUMANS UNDER 40

If you’re job searching and under the age of 40, you’re probably not going to get excited about a job that offers “competitive benefits” and a “standard work week” with “two weeks of paid vacation.” Sorry, title pros! The new wave of employees has different expectations and you do have to adapt and market your values differently. Take home 8 great ideas to attract talented employees for your business.

Bob Grubb speaker at ALTA ONE Culture Audit

Is it time to reexamine your company’s culture?

Culture is the lifeblood of every organization.

It is created through a language and customs, arts and practices that are shared by a particular work group. Culture is an identity, and it can attract or repel engagement with your organization.

All companies have a culture, whether it is one that develops on its own or is deliberately nurtured. The questions is do you have the culture you want?

Does your culture revolve around how your people respect each other and your customers? Does your culture foster the experience you want your customers to have? Is it time to be more deliberate or even make a bold change?  

In a recent Gallup poll, 53% of workers reported they are “not engaged.” From Gallup’s employee engagement report: “They may be generally satisfied but are not cognitively and emotionally connected to their work and workplace; they will usually show up to work and do the minimum required but will quickly leave their company for a slightly better offer.” That same poll reported that 34% of workers are “engaged,” and it’s the highest number since this Gallup poll was created in 2000. Only about one-third of our workforce feels engaged, and that’s an improvement.

Imagine the change possible if we could reverse these numbers? Gains in productivity, increases in job satisfaction – wins for everyone! And that’s just a start.

To improve employee engagement, it may be time to reexamine your company’s culture. Do you know what your people really want and what is important to them? Have you asked them or are you making assumptions?

Each employee brings his or her own unique personality, life experiences, skills, talents, work history and world view. We act, behave and influence others based on who we are – and what we have gone through in life.

How people work together can either happen by chance or by deliberate action. Culture allows us to find commonalities among our differences, to align the group’s focus on a single objective to achieve success.

I look forward to exploring company culture with you during the Engagement Lab: Culture Audit at 3:30 p.m. on Wednesday, October 23 during the ALTA One conference in Austin, Texas.

businessman punching and breaking the word RISK

Increased Risk Means We Need to Increase Training

Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.

A cyberattack is a malicious and deliberate attempt by and individual or an organization to breach the information system of another individual or company, seeking benefit from the disruption, ransom, or theft of data.

This electronic threat is increasing in frequency and complexity and has become very expensive to remediate or to recover from.

Here’s the surprise – almost 90 percent of cyberattacks are caused or allowed by human error from the internal staff of the entity attacked.

This includes failure to follow security rules and protocols, sharing passwords, using weak or default settings, and falling victim to social engineering.

Even the large events such as the hacking at Equifax and Target, were caused by failure to follow the rules regarding administrative password settings, human error.

So whether your business is large or small, you need ongoing, strong training and testing to counter the threats.

Recent survey results of a survey of title insurance professionals by the American Land Title Association show a surprisingly small amount of agents are conducting ongoing staff training, and most do it once when they hire an employee.

This is a recipe for eventually becoming a victim of electronic fraud.

There are simple yet effective steps to take to counter the increasing threats by taking a strong defense, and it starts with regular training and testing to remove or reduce the human error element.

Here is what to do to put a training and test plan into action:

  • Ensure new hires are introduced to and educated on information and data security policies and procedures as well as how to protect nonpublic personal information (NPI) and sensitive information. Emphasize to them the “why” so they fully understand the shared responsibility nature. This should be a core part of their orientation and on-boarding.
  • Set and schedule ongoing training for all employees at every level commensurate with the size of the staff and complexity of your business. This should be monthly, quarterly or semiannually.
  • At a minimum, cover controls over access (passwords; pass phrases; multi-factor authentication), network and data distribution (including never using non-secured networks for conducting business such as those in cafes/hotels/airports), phishing and spear-phishing, and never use a general email service like Yahoo or Gmail when sending NPI or sensitive information; social media and social engineering.
  • Require security measures for smart devices (smart phones, and in particular Androids, account for a large percentage of data breaches).
  • Explain the implications of data loss, which includes reputational hits and potential fines and penalties and law suits.
  • Focus on all media forms – hardcopy as well as electronic – and include proper handling and protection from receipt through handling to secured destruction.  
  • Training may be done with internal documents or you may use a third party to conduct the training (i.e. Data Shield; KnowBe4).

  • After the training, use a quiz to gauge how well your employees understood the material.
  • Develop or use a third party to conduct ongoing, regular internal testing such as phishing or spear phishing testing (i.e. KnowBe4 is one vendor who can provide you this tool). Depending on the results, you may then make appropriate changes and re-focus your training to deal with any weak or weaker topics or areas.
  • Provide a single point of contact the employee may turn to with questions or to report any suspected suspicious attempts to obtain information or data (electronic or by phone).
  • Keep records of the training and attendees and testing results. This will be needed to demonstrate good faith, to meet many state requirements – and it’s a best practice.

Last, keep up-to-date on emerging threats and vulnerabilities and provide updated training to employees to be sure they understand new risks or new controls and why they are important; employees must know how to recognize and report threats to stay vigilant.

This will keep your training and testing current and fresh and serve as a continual reminder to your staff. Remember, this is a marathon, not a sprint. Threats are constantly evolving and your training and testing must also evolve to counter these threats and keep your defense robust.

Written-cyber-security-and-response-plans-Just-do-it

Written cyber security and response plans: Just do it

Despite the rising threat, recent survey results show a surprisingly small number of agents are prepared, as most do not have a written cyber security and response plan.

A cyberattack is a malicious and deliberate attempt by and individual or an organization to breach the information system of another individual or company, seeking benefit from the disruption, ransom, or theft of data – and such attacks are increasing in numbers and complexity.

Despite the rising threat, recent survey results show a surprisingly small number of agents are prepared, as most do not have a written cyber security and response plan.

A written cyber security and response plan is essential to be prepared, organized and to execute appropriate and prompt actions when an attack occurs.

The plan does not need to be complex. To be effective, it should be simple and clear and present key information. It should also be built commensurate with the size of the organization.

Key elements of the plan must include:

  • Perform a risk analysis to mitigate all risks, covering administrative, technical, and physical controls. Simply put, this is what could be vulnerable, what could go wrong and what is or should be done to try to avoid or contain the threat(s).
  • The cybersecurity program must protect the security and confidentiality of nonpublic information, protect against threats or hazards to the security or integrity of information, and protect against unauthorized access.
  • Define a schedule for the retention of data and a mechanism for its secure destruction when data is no longer required.
  • Designate an individual, third party, or affiliate who is responsible for the information security program.
  • Be sure existing controls in place – access controls, authentication controls, and physical controls to prevent access to nonpublic information. Encryption (or an alternative, equivalent measure) should be in place to secure data stored on portable electronic devices and for data transmitted over an external network.
  • Identify and manage devices that connect to the network – a simple inventory.
  • Adopt secure development practices for in-house applications if applicable. Alternatively, obtain this assurance from your service provider that performs the development for you.
  • Use multi-factor authentication to prevent unauthorized accessing of nonpublic information.
  • Regularly test and monitor systems for actual and attempted attacks, maintain audit trails, and implement measures to prevent the unauthorized destruction or loss of nonpublic information.  
  • Keep up-to-date on emerging threats and vulnerabilities and provide ongoing training to employees to be sure they understand existing controls and why they are important; employees must know how to recognize and report threats.

The response plan must include the following elements to be effective:

  • Date of the cybersecurity event.
  • A description of how the information was exposed, lost, stolen, or breached,     including the specific roles and responsibilities of third-party service providers, if any.
  • How the cybersecurity event was discovered.
  • Whether any lost, stolen, or breached information has been recovered and if so, how this was done.
  • The identity of the source of the cybersecurity event.
  • Whether you filed a police report or notified any regulatory, governmental or law enforcement agency and, if so, when such notification was provided and by whom.
  • A description of the specific types of information acquired without authorization, which means particular data elements including, for example, types of financial information, or types of information allowing identification of the consumer.
  • Time period during which the information system was compromised by the cybersecurity event.
  • The number of total consumers affected by the cybersecurity event, or a best estimate.
  • The results of any internal review identifying a lapse in either automated controls or internal procedures, or confirming that all automated controls or internal procedures were followed.
  • A description of efforts being undertaken to remediate the situation which permitted the cybersecurity event to occur.

Don’t wait until an event occurs. It’s a chaotic time full of financial and emotional high stress. Do it now and provide yourself the peace of knowing you are prepared.

email threat

Title Industry’s Cyber, Escrow Fraud Preparedness Needs Improvement

A national survey of title agents conducted by the American Land Title Association shows that our industry has farther to go when it comes to formalizing cyber and escrow security plans.

Results of the survey also hint that the threat landscape is becoming increasingly perilous for title agents, consumers and others involved in real estate transactions.

Of the survey’s more than 750 respondents, 63 percent said the number of cybercrime attempts targeting their company increased between 2017 and 2018. Roughly one-third of respondents also observed increases in fraud attempts targeting buyers, sellers and real estate agents over the same period.

Many title agencies have sought to combat the worsening cyber and escrow fraud threat by means of employee awareness.

More than half of respondents said their company reminds employees about the need to remain vigilant on about a weekly basis. More than 25 percent said those employee reminders are made on a monthly basis.

However, more than 20 percent of respondents reported that their company offers no training at all on cybercrime trends or red flags.

More troubling, however, is that despite the apparent increase in fraud attempts, just 62 percent of respondents said their company has a written cybercrime response plan.

Additionally, more than 40 percent of agents were not aware of or have not implemented ALTA’s Rapid Response Plan for Wire Transfer Fraud.

Smaller agencies — those with gross annual income below $1 million — were also somewhat less likely to have formal cyber response plans, wire retrieval plans or training programs than were larger agencies.

Survey results also show that cybercrime insurance coverage among title agents of all sizes is not as prevalent as one might expect given the apparent increase in fraud attempts. More than 27 percent of respondents said their company does not currently have a cybercrime insurance policy.

While most industry participants have made strides when it comes to protecting escrow funds and sensitive information, the survey clearly shows that gaps remain.

The survey also provides an opportunity for all of us to redouble our efforts, particularly when it comes to formalizing cyber response plans.

To help, we’ll be posting a blog series in the coming weeks that will provide simple, actionable tips for improving and formalizing response plans, as well as plans for wire retrieval and staff training.

We’ll also talk about the importance of cyber insurance and provide insight on how to get the right coverages for your business.

In the meantime, check out the growing library of cyber fraud resources on the Alliant National Education page. Alliant National agents can also watch our brand new Texas Continuing Education webinar on information and escrow security.

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for the Independent Agent®