Posts Tagged ‘information security’

White background graphic with blue-lined house bearing a sign that read's "SOLD(almost)". Above the house are 3 circles. The left circle is bright green with a sign that reads part 1. The middle circle is faded pink with a sign that reads part 2. The right circle is faded yellow with a sign that reads part 3.

Common Closing Issues – Part I

Agents should prepare themselves to handle these routine scenarios.

Real estate closings require a delicate balancing act. Not only is speed of the essence, but closings also require accuracy and professionalism. Often there is no time to correct errors, and customers need to feel confident that their transactions are being carried out correctly.

Many issues can arise during the closing process. The following is the first of a three-part series that will explore some of the most common scenarios agents need to keep in mind.

Fiduciary Responsibilities

As escrow officers, title agents have fiduciary responsibilities and must act as neutral third parties, impartial arbitrators of contractual arrangements with conditions agreed to by both the buyer and seller. Escrow officers do not make decisions regarding a transaction and do
not advocate for any one party. Instead, they ensure that written instructions are carried out properly.

Authority Issues

Within this purview, there are a variety of common issues that may arise during closings. Issues can and do vary state-to-state. In Texas, for example, one such issue is determining who has authority to act for an entity, with a pertinent example being an LLC. When dealing with this type of entity, agents will need to review operating agreements. In the absence of an agreement, a certificate of authority can be examined. These certificates are helpful when dealing with sole manager and member LLCs. 

For corporations, agents should examine bylaws and subsequent amendments, and shareholders may be required to sign an affidavit. Nonprofits and churches conduct business differently. But in each context, the agent only needs to be concerned about authority when money is being borrowed or the entity is the seller.

Another authority question is power of attorney (POA). This is also mandated by state law. In Texas, agents must accept, reject or request a certification when presented with one. In reviewing a statutory durable power of attorney (DPOA), agents need to analyze if the powers have been limited, if it is durable and review the revocation clause. It is advisable to rely on a DPOA until there is a notice of revocation. As a best practice, certification for statutory DPOA should be required. The agent should also call the principal to verify if they are alive, that the POA has not been revoked and that a POA is being used to sell property. With trusts, it is prudent to maintain a full copy, and in its absence, obtain the certification of the trustee.

Information Security

Given the sheer volume of paperwork in real estate closings, data security is important. When possible, personal customer information should be heavily redacted. And all company policies should also be adhered to when processing this information. 

Spouses and Marital Status 

First, each state has its own spousal and/or marital law that dictates how agents must address issues. Be sure to familiarize yourself with the laws of your state.

In Texas – again, as one example – agents must be prepared to address transactions where only one spouse is listed in the title. Anyone with an interest in the property should be checked for involuntary liens and sign the deed. The marital status of the parties should be questioned if only one party is given as the seller, buyer or borrower.

With a married couple, both spouses must sign a deed of trust. If an agent is insuring a purchase money lien and one spouse is taking the title, an agent may accept a deed of trust signed only by the purchaser. The warranty deed is also required to include the vendor’s lien language. If the property belongs to one spouse while the other spouse lives in another property, one signature can be accepted and a Homestead Designation and Disclaimer will be executed.

In a sales transaction, agents should investigate the possible homestead character of the property, inquiring if there is an exemption and if the property address is the mailing address of the individual(s). The residency of the individuals should also be established. Sometimes a deed will be accepted signed solely by the spouse in the title, especially if permission is received by underwriting beforehand. It is necessary, though, to discern that the property to be insured is the separate property of one spouse and not the other spouse’s home, and a Homestead Designation and Disclaimer will need to be executed. 

When dealing with spouses, it is always important to compare the sellers and buyers on the contract with the grantors and grantees on the deed – and to resolve differences. Some examples are:

  • The contract shows the buyer to be Joe Smith, but the grantees on the deed are Joe and Mary Smith. 
  • The title is vested in and signed by Fred Farmer. The deed of trust is signed by “Fred Farmer and Susan Farmer pro forma to perfect the lien as to her homestead interest only.”
  • The title is vested in Harry Jones, but the note and deed of trust are signed by “Harry Jones and Cindy Jones.”

In the first example, the contract should be amended to add Mary Smith if she plans to take title. The case of Fred and Susan Farmer would be acceptable if there is evidence on file that the property is Fred’s separate property – either acquired before his marriage to Susan or inherited. Lastly, there is not much to worry about regarding Harry and Cindy, as this is a preferable way to handle the situation.

Conclusion

Numerous issues can pop up during closings, from entity authority to navigating transactions involving spouses. Agents can do a lot to circumvent any thorny problems. It starts with understanding the most common scenarios that arise during the closing process and then being prepared to take prompt and deliberate action. The next part of this series will continue to explore various challenges agents may face during closings, covering items such as funding and family transactions.

Multi-colored post-its with different passwords covering a computer monitor.

Streamline and Simplify Passwords

It’s one less stressor!

The more we use mobile technology, the more passwords we accrue. It’s not unusual for an individual to have more than 20 different sites — bank, social media, Netflix, home security — that she routinely enters. Add to this borage of passwords the lack of cohesiveness between websites. One password might require lower and upper case and numbers and punctuation, and another asks for your childhood street address.

How does one simplify the technology puzzle and avoid getting overwhelmed by too many passwords? Here are five steps to follow to keep the letters, numbers and punctuation that make up your internet profile easier to recall and more secure.

Step 1: Use passphrases instead of passwords

Many experts suggest length is key to preventing a hack. The longer the password, the better, even upwards of 20 characters. Use a phrase that is easy to remember such as a favorite cheer for a sports team or something that is second nature in response to you. Some examples might be I-need-my-coffee-at-8AM! or GoBadgerBasketball1984.

Step 2: Use a password manager

How many of you have snapped a photo of your passwords or a photo of a driver’s license to remember information. What happens when your cell phone is gone? Can you access this information? There are hundreds of password managers that can be utilized both via desktop or laptop and smart phone. Although the inputting passwords up front might take time, it’s the sense of organization that is the reward. It’s best not to use the same password for every site. It’s also nearly impossible to remember a different password for each site.

A password manager allows you to use one code to access all of your other codes. This helps secure credential storage as well. The manager can assist in synchronization across multiple devices.

Step 3: Use Two-Step Verification

This is also known as two-factor or multi-factor authentication. This means that a password and a secondary smartphone code are required for access. This might be something such as a finger print, face identification or other tech-savvy options. These are much more secure and nearly un-hackable. Individuals should enable this security whenever possible, especially for financial, email, and other secure and/or private accounts. This can also be enabled with a password manager.

Step 4: Do Your Research

Stay up-to-speed on current online hacks and breeches of data that have occurred. A good resource is https://haveibeenpwned.com to see if any of your online accounts have been compromised. This could be a healthy routine to visit the site once a month to check in on all online accounts and data that you want kept private.

Another easy safety device is to set up alerts on your phone or through Google, Yahoo, etc., that alert you to current scams or if any of your information has been violated. There are thousands of security breaches daily, and don’t panic if you are contacted; it does not mean your information has been compromised. Do your due diligence and determine if you need to go to your password manager to update information.

This information might seem overwhelming; however, being knowledgeable and proactive about passwords and data is crucial to a healthy cyber profile. Technology is constantly advancing. Use these nuances to your advantage. Streamline passwords and stay tech-intelligent.

Graphic of a simply drawn blue house with a whit pad lock on front of it

In the Age of COVID 19 – Be Safe and Secure While Working Remotely

Best practices to help keep your remote environment secure

While working remotely at home provides flexibility and social distancing in this time of COVID-19, it may also open the door to unexpected and unwanted security issues and breaches. By taking a few simple and important steps, you can securely work and have peace of mind that your business is continuing to operate without introducing added risks.

Risks that present themselves range from nuisances and disruption, such as with “Zoombombing” [a disruptive intrusion by hackers into a video conference call], to device and network compromise with viruses, spyware or ransomware.

Here are some best practices to keep your remote environment secured:

Teleconferences

When using Zoom or other remote meeting sites that provide audio and video connectivity, be sure that the security settings are activated to only allow screen sharing by the host, or designated others who have a need. Also be sure to use access passwords or codes available only to the invited participants that are provided in the invite prior to the meeting.

Equipment, Software and Hardware

Often the organization does not provide all equipment or supplies necessary to ensure remote access. The proper protection of information to which the user has access involves connection to the Internet, local office security, and the protection of physical information assets. Below are some of the additional items that may be required:

  • Broadband connection;
  • Paper shredder;
  • Secured office space or work area; and
  • A lockable file cabinet to secure documents when unattended.

Remote users using personal equipment are often responsible for:

  • access to the internet;
  • the purchase, setup, maintenance or support of any equipment or devices not owned by the company; and
  • ensuring current and active antivirus, firewall and malware protection is installed, functioning and updated regularly.

Security and Privacy

Organizations often have policies regarding user logical security responsibilities. Here are a few such responsibilities, which should translate to the work-from-home environment:

  • Log off and disconnect from the company’s network when access is no longer required, at least daily;
  • Enable automatic screen lock (if available) after a reasonable period of inactivity;
  • Do not provide (share) their user name or password, configure their remote access device to “remember me,” or automatically enter their username and password;
  • Enable a firewall at all times;
  • Ensure virus protection is active and current; and
  • Perform regular backups of critical information using a secure storage solution.

Additionally, companies often implement additional logical security procedures for remote users. These may include:

  • Disconnect remote user sessions after 60 minutes of inactivity;
  • Access to company owned technology applications to use commercially available encryption technologies, such as multi-factor authentication, or use of a Virtual Private Network (VPN);
  • Update the virus pattern on a regular and frequent basis;
  • Provide a reasonable backup solution; and
  • Perform regular audits of the company supplied equipment to ensure license and configuration compliance.

Company policies regarding physical security should also carry over into the remote-office. Here are some steps to consider:

  • Maintain reasonable physical security of your remote office environment. This includes access to both company and personal technology equipment and documents;
  • Limit the use or printing of paper documents that contain sensitive, confidential or non-public private information (NPI), and restrict requests for and handling of NPI to only what is essential to perform your job; and
  • Ensure documents containing sensitive, confidential or NPI are shredded and rendered unreadable and unable to be reconstructed.

It is entirely possible to work remotely. A home office can be made secure by adhering to the steps above. Bear in mind that working at a hotel or a cabin or anywhere internet service allows for access presents security issues that may compromise privacy.

For further information, reach out to Tom Weyant, Director, Risk Management & Continuous Improvement, CQA, CFE, directly at tweyant@alliantnational.com or visit www.alliantnational.com/newsroom for additional information and articles related to cyber security and internet privacy. 

The only title insurance underwriter in nation to obtain ISO27001 certification

Alliant National Achieves ISO27001 Certification

Alliant National is the sole title insurance underwriter to achieve this information assets security certification

LONGMONT, Colo. – Alliant National Title Insurance Company, the nation’s largest title insurance underwriter with no direct or affiliate operations, today announced another successful completion of the International Organization for Standardization (ISO) 27001 certification for information assets security controls. ISO 27001 is a specification for an information security management system (ISMS), while an ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. The purpose of Alliant National’s ISMS is to consistently and effectively manage and protect the non-public information (NPI) it receives and processes in the course of providing title insurance underwriting services. NPI is received from Alliant National’s agents and employees, processed and then stored with a third-party co-location. Alliant National earned its first ISO27001 certification in March 2015 and completed successful surveillance audits conducted by an independent party affiliated with ISO in 2016, 2017 and 2018 to maintain the certification. “Alliant National is the only title insurance underwriter in the nation to obtain an ISO27001 certification,” said David Sinclair, Alliant National’s chief operating officer. “For the fourth consecutive year, Alliant National is proud to achieve this validation that we adhere to rigorous ISO requirements.”

MEDIA INQUIRIES

Cathie Beck Capital City Public Relations e : cathie@capitalcitypr.com p : 303-241-0805
Alliant National is the largest title insurance underwriter in the country with no direct operations to compete against its agents and puts the interests of its agents first. Bolstered by financial stability, strong underwriting capability and independent agents’ in-depth knowledge of local markets, the company has established a nationwide network with deep roots in local communities and a wealth of expertise that is flexible, nuanced and continuously growing. Alliant National’s CEO, Bob Grubb, can be reached at 303.682.9800 x300 or bgrubb@alliantnational.com. Visit joinalliantnational.com for additional information.

About Alliant National Title Insurance Company

As The Independent Underwriter for The Independent Agent®, Alliant National believes in putting other people first. The company protects the dreams of property owners with secure title insurance and partners with 400+ trusted independent title agents as a licensed underwriter in 22 states, with annual revenues exceeding $120 million.

###

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM