Posts Tagged ‘information security’

AI looking at colorful data with an eye of a security badge and lock.

Harnessing the Power of AI for Better Antivirus Protection

Harnessing the Power of AI for Better Antivirus Protection

Endpoint Detection and Response (EDR) is a next generation cyber security solution that provides more advanced and comprehensive protection for your devices compared with traditional, static antivirus applications that only address simple signature-based malware threats. While traditional antivirus programs detect and remove known malware, EDR is designed to detect and respond to more complex and sophisticated threats that often bypass or get through traditional antivirus protection. A good EDR solution can identify existing threats already hiding on a network, which is important as current threats are often undetected for several months. Since most malware intrusions originate at the end-user, it is critically important to have the very best antivirus protection on individual computers and laptops.

Here are some reasons to consider EDR as a preferred antivirus solution:

Smarter Detection: Traditional antivirus programs rely on pre-defined signatures to identify known threats. However, EDR takes a different approach. It uses behavioral analytics to detect suspicious activity in real-time, even if there are no known signatures. By monitoring file changes, registry modifications, and network traffic, EDR can detect and respond to the latest, advanced threats faster than traditional antivirus programs.

Complete Visibility: EDR provides security teams with a centralized management console to monitor and investigate activity across all devices in an organization. This makes it easier to deploy and manage security policies. Some vendors offer a fully managed model for businesses who cannot or do not want to deal with the administration or management of the EDR tool. With EDR, you don’t need to worry about manually updating antivirus software on individual devices. The central console ensures that the latest EDR protection is deployed, saving time and effort. In case of a security breach, EDR allows for a coordinated and rapid response to investigate and minimize the damage.

Real-time monitoring and continuous threat-hunting: EDR keeps a constant watch over servers, laptops, and mobile devices in real-time. It allows security teams to proactively identify and address threats before they can breach the system. By analyzing suspicious behavior, EDR can act before a breach occurs, reducing the risk of data loss or compromise.

Monitoring of servers, laptops, and mobile devices by EDR is critical to allow fast and effective solutions to threats before they breach, and in the event of a breach, to contain and solution the threat before there is contagion throughout the network. EDR has a proactive threat hunting feature that allows security teams to identify threats before they become an incident. Suspicious behavior is analyzed and reacted to before a breach occurs.

Forensic Capabilities: In the event of a security breach, EDR provides forensic capabilities that assist security teams to investigate and understand system events and scope of the attack. Detailed logs are available showing system events and user behavior. The logs may be used to identify the source of the attack, measure the extent of damage or intrusion, then develop a plan to prevent a future, similar attack. This is very useful to provide evidence of rapid response and the scope, extent, and timing of an event that is required with many state breach notification requirements.

Integration with other security solutions: EDR seamlessly integrates with other security solutions, enabling automated incident response workflows, event logging, and monitoring across multiple platforms. This integration enhances the overall effectiveness of your cybersecurity infrastructure.

With the rapid evolution of advanced threats and sophisticated malware, relying solely on traditional antivirus programs isn’t enough. Having a robust EDR solution provides the best available antivirus resource, deploying a tool that uses artificial intelligence to reiterate and continually evolve an endpoint defense. The combination of advanced detection, rapid response, real-time central monitoring, and enhanced forensic features provides a powerful tool to protect and secure your organization’s critical and sensitive data. Antivirus protection is a vital cyber-security shield on the frontline of defense, and it is imperative that defense is effective, today more than ever.

Interested in learning more about EDR? Notable companies that offer EDR solutions include SentinelOne, CrowdStrike, and Cisco. If you have questions about EDR and other tools and strategies to protect your networks and your business, feel free to contact me: tweyant@alliantnational.com

Blue binary code background with isometric padlocks in foreground.

Protecting Customer Data

The world is awash in data. And business owners must protect their customers.

Anyone who has been paying attention over the last couple of decades knows that data is all around us. We can’t see it. We can’t touch it. But it is everywhere, informing how we work, shop, explore and entertain ourselves. Data is also extremely valuable. Advertisers covet our data. And bad actors often weaponize it for identity theft and illicit financial schemes. 

It is imperative that business leaders protect their customers’ data. Not only is it the ethical thing to do, but it is also pragmatic. The way businesses use and protect customer data is rightly coming under increasing scrutiny. Additionally, businesses that mismanage customer data can experience significant consequences to their brand and reputation. With such high stakes, it’s important to be knowledgeable on best practices for data protection. Here are some tips to get you started. 

Conduct an Audit 

The first step toward a comprehensive and proactive approach to protecting your customer base’s data is to gain a full understanding of the various types of data your business holds. Is it social security numbers? Credit card information? Online account passwords? Real estate and title insurance professionals often deal with large amounts of sensitive data. Conduct an audit to ensure that you have a full accounting for everything you and your employees hold. 

Understand the Legal Basics 

Data protection laws vary depending on where your business is and the industry in which you work. It is wise to invest the time and resources to gain a full understanding of the basics as required by law and as they apply to your specific enterprise. For instance, most people know about the Health Insurance Portability and Accountability Act (HIPAA), the 1996 federal law that stipulates that healthcare insurance industries must protect customer health information from fraud and theft. However, other state-level laws apply to all industries. Become apprised of what is required of you by law when designing data protection policies for your business. There are ample resources online that can serve as an effective primer. 

Gain Buy-In

It’s all well and good if you want to take a proactive and fastidious approach to your customers’ data, but if you have employees, you are going to need their buy-in and compliance as well. If a chain is only as strong as its weakest link, then a business can only take a comprehensive approach to data security if it treats it as an organizational priority rather than a siloed effort. 

If Possible, Throw it Out 

Only keep data you need. Schedule routine reviews of the customer data you are holding and have a process in place to decide when you can safely dispose of it. Considering that you have an ethical and often legal obligation to safeguard customer data, this can be a great strategy for limiting your company’s exposure. 

Do What You Can

Protecting customer data can be an expensive and time-consuming effort. In fact, major corporations often spend millions of dollars to secure this information. You may not have access to such resources. However, there are still practical steps you can take to operate a more data-secure shop.

Consider, for instance, limiting employee access to data, only giving them as much information as they need to effectively do their jobs. Be sure to also have a process in place for properly destroying and disposing of both physical and cyber versions of customer data. Lastly, you could even consider looking into a designated server for your most sensitive data. While using a shared server might be more economical, it carries a security risk. 

Go the Extra Mile

We know that running a title agency is no easy matter. Time is always tight, resources thin, and sometimes it can feel as if taking on a new initiative will be the straw that breaks the proverbial camel’s back. Still, it’s important to remember that customers are worth the effort. As title professionals, our customers entrust us with some of their most sensitive data, and we must do our best to protect it.

Trash can on a laptop. 3d illustration stock photo

Proper Data Disposal

We’re buried under data – both tangible and digital. Do you have a plan for disposing of it securely?

By Bryan Johnson, IT Director, Alliant National Title Insurance Company 

We live in a world of data. The internet runs on it. Companies and governments collect it. Each person carries around a tiny data collection device in their pocket in the form of a smartphone, which catalogs our spending, socializing and travel habits.

Unsurprisingly, personal data is an important part of real estate transactions, and the business can involve the exchange of names, employment information, contact numbers, email addresses and, of course, financial information. Considering that trust is critical to any given transaction, real estate professionals should make all possible efforts to safeguard this personal information and properly secure or dispose of it as appropriate once a transaction is completed. Trash can on a laptop. 3d illustration stock photo

Formalize Your Policy           

When thinking about customer data and how it should be handled, start from the beginning. Set up a formalized policy that will be the standard across your agency. Having a clear, step-by-step process will make it easier to reduce mistakes when handling data. It will also streamline your ability to bring people up to speed on your processes and procedures – ultimately saving time and money. 

Local vs. Network Drives vs. Cloud Storage Services

Once you start actually disposing of your customers’ files, keep in mind that data can live in multiple locations. You may have files on your local work computer that also live on your company’s network or on a cloud storage service. To ensure a given file is gone for good, you need to erase it in all locations. Many network and cloud storage solutions will also still retain copies of deleted files in what is commonly called a recycle bin. If you intend to permanently delete your files, you will need to make sure they are purged from the recycle bin as well.

Hard Drives

There is a lot of information stored on hard drives. Once you no longer need a particular drive, it is always a good idea to enlist the services of a professional data destruction company. Most major cities will have several companies from which to choose. These businesses can either physically shred your hard drives or even degauss them, which involves an incredibly powerful magnetic field that completely erases all data.

A Not So Paperless World

Although personal computing has been commonplace for more than 25 years, we live in a world where paper still flows and customer information still exists in a tangible form. Be sure to treat your clients’ physical information with the same care as you do their digital. To dispose of paper data, deploy a good shredder. After that, it is ideal to use the services of a professional recycler or data destruction provider.

Final Thoughts 

Increased access to data is one of the great double-edged swords of the information age. While it has made conducting business easier, faster and more convenient, it has also left individuals and companies vulnerable to data breaches and fraud. By leveraging data effectively and safely, you will be able to conduct your real estate transactions with greater speed and dexterity. Just be sure you don’t mistakenly end up putting private information at risk!

White background graphic with blue-lined house bearing a sign that read's "SOLD(almost)". Above the house are 3 circles. The left circle is bright green with a sign that reads part 1. The middle circle is faded pink with a sign that reads part 2. The right circle is faded yellow with a sign that reads part 3.

Common Closing Issues – Part I

Agents should prepare themselves to handle these routine scenarios.

Real estate closings require a delicate balancing act. Not only is speed of the essence, but closings also require accuracy and professionalism. Often there is no time to correct errors, and customers need to feel confident that their transactions are being carried out correctly.

Many issues can arise during the closing process. The following is the first of a three-part series that will explore some of the most common scenarios agents need to keep in mind.

Fiduciary Responsibilities

As escrow officers, title agents have fiduciary responsibilities and must act as neutral third parties, impartial arbitrators of contractual arrangements with conditions agreed to by both the buyer and seller. Escrow officers do not make decisions regarding a transaction and do
not advocate for any one party. Instead, they ensure that written instructions are carried out properly.

Authority Issues

Within this purview, there are a variety of common issues that may arise during closings. Issues can and do vary state-to-state. In Texas, for example, one such issue is determining who has authority to act for an entity, with a pertinent example being an LLC. When dealing with this type of entity, agents will need to review operating agreements. In the absence of an agreement, a certificate of authority can be examined. These certificates are helpful when dealing with sole manager and member LLCs. 

For corporations, agents should examine bylaws and subsequent amendments, and shareholders may be required to sign an affidavit. Nonprofits and churches conduct business differently. But in each context, the agent only needs to be concerned about authority when money is being borrowed or the entity is the seller.

Another authority question is power of attorney (POA). This is also mandated by state law. In Texas, agents must accept, reject or request a certification when presented with one. In reviewing a statutory durable power of attorney (DPOA), agents need to analyze if the powers have been limited, if it is durable and review the revocation clause. It is advisable to rely on a DPOA until there is a notice of revocation. As a best practice, certification for statutory DPOA should be required. The agent should also call the principal to verify if they are alive, that the POA has not been revoked and that a POA is being used to sell property. With trusts, it is prudent to maintain a full copy, and in its absence, obtain the certification of the trustee.

Information Security

Given the sheer volume of paperwork in real estate closings, data security is important. When possible, personal customer information should be heavily redacted. And all company policies should also be adhered to when processing this information. 

Spouses and Marital Status 

First, each state has its own spousal and/or marital law that dictates how agents must address issues. Be sure to familiarize yourself with the laws of your state.

In Texas – again, as one example – agents must be prepared to address transactions where only one spouse is listed in the title. Anyone with an interest in the property should be checked for involuntary liens and sign the deed. The marital status of the parties should be questioned if only one party is given as the seller, buyer or borrower.

With a married couple, both spouses must sign a deed of trust. If an agent is insuring a purchase money lien and one spouse is taking the title, an agent may accept a deed of trust signed only by the purchaser. The warranty deed is also required to include the vendor’s lien language. If the property belongs to one spouse while the other spouse lives in another property, one signature can be accepted and a Homestead Designation and Disclaimer will be executed.

In a sales transaction, agents should investigate the possible homestead character of the property, inquiring if there is an exemption and if the property address is the mailing address of the individual(s). The residency of the individuals should also be established. Sometimes a deed will be accepted signed solely by the spouse in the title, especially if permission is received by underwriting beforehand. It is necessary, though, to discern that the property to be insured is the separate property of one spouse and not the other spouse’s home, and a Homestead Designation and Disclaimer will need to be executed. 

When dealing with spouses, it is always important to compare the sellers and buyers on the contract with the grantors and grantees on the deed – and to resolve differences. Some examples are:

  • The contract shows the buyer to be Joe Smith, but the grantees on the deed are Joe and Mary Smith. 
  • The title is vested in and signed by Fred Farmer. The deed of trust is signed by “Fred Farmer and Susan Farmer pro forma to perfect the lien as to her homestead interest only.”
  • The title is vested in Harry Jones, but the note and deed of trust are signed by “Harry Jones and Cindy Jones.”

In the first example, the contract should be amended to add Mary Smith if she plans to take title. The case of Fred and Susan Farmer would be acceptable if there is evidence on file that the property is Fred’s separate property – either acquired before his marriage to Susan or inherited. Lastly, there is not much to worry about regarding Harry and Cindy, as this is a preferable way to handle the situation.

Conclusion

Numerous issues can pop up during closings, from entity authority to navigating transactions involving spouses. Agents can do a lot to circumvent any thorny problems. It starts with understanding the most common scenarios that arise during the closing process and then being prepared to take prompt and deliberate action. The next part of this series will continue to explore various challenges agents may face during closings, covering items such as funding and family transactions.

Multi-colored post-its with different passwords covering a computer monitor.

Streamline and Simplify Passwords

It’s one less stressor!

The more we use mobile technology, the more passwords we accrue. It’s not unusual for an individual to have more than 20 different sites — bank, social media, Netflix, home security — that she routinely enters. Add to this borage of passwords the lack of cohesiveness between websites. One password might require lower and upper case and numbers and punctuation, and another asks for your childhood street address.

How does one simplify the technology puzzle and avoid getting overwhelmed by too many passwords? Here are five steps to follow to keep the letters, numbers and punctuation that make up your internet profile easier to recall and more secure.

Step 1: Use passphrases instead of passwords

Many experts suggest length is key to preventing a hack. The longer the password, the better, even upwards of 20 characters. Use a phrase that is easy to remember such as a favorite cheer for a sports team or something that is second nature in response to you. Some examples might be I-need-my-coffee-at-8AM! or GoBadgerBasketball1984.

Step 2: Use a password manager

How many of you have snapped a photo of your passwords or a photo of a driver’s license to remember information. What happens when your cell phone is gone? Can you access this information? There are hundreds of password managers that can be utilized both via desktop or laptop and smart phone. Although the inputting passwords up front might take time, it’s the sense of organization that is the reward. It’s best not to use the same password for every site. It’s also nearly impossible to remember a different password for each site.

A password manager allows you to use one code to access all of your other codes. This helps secure credential storage as well. The manager can assist in synchronization across multiple devices.

Step 3: Use Two-Step Verification

This is also known as two-factor or multi-factor authentication. This means that a password and a secondary smartphone code are required for access. This might be something such as a finger print, face identification or other tech-savvy options. These are much more secure and nearly un-hackable. Individuals should enable this security whenever possible, especially for financial, email, and other secure and/or private accounts. This can also be enabled with a password manager.

Step 4: Do Your Research

Stay up-to-speed on current online hacks and breeches of data that have occurred. A good resource is https://haveibeenpwned.com to see if any of your online accounts have been compromised. This could be a healthy routine to visit the site once a month to check in on all online accounts and data that you want kept private.

Another easy safety device is to set up alerts on your phone or through Google, Yahoo, etc., that alert you to current scams or if any of your information has been violated. There are thousands of security breaches daily, and don’t panic if you are contacted; it does not mean your information has been compromised. Do your due diligence and determine if you need to go to your password manager to update information.

This information might seem overwhelming; however, being knowledgeable and proactive about passwords and data is crucial to a healthy cyber profile. Technology is constantly advancing. Use these nuances to your advantage. Streamline passwords and stay tech-intelligent.

Let's Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM