In this month’s MReport cover story, Threat Assessment, we outlined the top five ways hackers are gaining access to sensitive data that not only comprises mortgage companies but consumers as well. Now, we are going beyond the pages to give you even more insight into this complicated topic by going straight to a respected expert in the field—Ramesh Davare, who manages security applications at IndiSoft.
MReport // In what ways is consumer data is being compromised?
Davare // There are numerous ways consumer data gets compromised including when it is accessed by unauthorized users, is not disposed of securely, is handled improperly (not maintained in a secure enough environment) which leads to data leaks, and when computer hard drives are not properly erased before the equipment is retired.
MReport // How will well-known hacks, such as with Equifax, impact consumers' willingness to provide their data?
Davare // The Equifax data breach along with other breaches through retailers such as Target and Whole Foods has shown us just how vulnerable data can be. Consumers are willing to provide data when they trust an organization, however these recent data breaches have shaken customer confidence and are likely to affect how willing consumers are to provide data in future. Now more than ever companies need to take the federal and state data protection laws seriously.
Mortgage professionals should learn that secure data storage and disposal is just as crucial as secure data collection. Data storage requires the appropriate secure control mechanism for complete protection and it can be achieved. Another important aspect of data protection is securely and completely destroying data from unused servers and computers. When a customer’s trust is lost, it is difficult to regain it in a short period of time. Therefore, it is important that mortgage professionals create and maintain trust around privacy, security, and data protection.
MReport // How are you ensuring IndiSoft’s data is secure?
Davare // There are several ways we ensure our data is secure including requiring strong password login access to folders on our system and organizing data in separate categories so that needed folder permission can be assigned based on sensitivity of the data. We also encrypt some data so unauthorized users cannot access it. As discussed, proper data destruction is key so we employ rigid controls for it—instead of using the delete command, we always use secure data removal tools. In addition we do some basic things that some companies sometimes overlook such as using anti-virus, anti-malware protection, disabling Wi-Fi, Bluetooth, and cameras when they are not being used and of course not downloading or installing apps from unknown sources.
MReport // What common mistakes do you see companies make in the way they secure their data?
Davare // There are few common mistakes made in the way companies secure their data including:
- Inappropriate domain account set up
- Using default password instead of setting up new password
- Not changing password regularly
- Not having strong password
- Sharing administrative password or privileges with others
- Sharing folders with others without setting up appropriate access permission
- Not implementing complete solutions for data protection and encryption
- Not setting up data retention and data disposal guidelines properly
- Computers/servers not upgraded to latest technology
- Not performing enough network and application vulnerability and penetration testing
- Using old operating system versions, which does not provide enough protection for data
- Not applying security patches timely
- Not aware or follow recent security challenges
- Not testing network or access controls for negative scenarios
- Not reviewing wired and Wi-Fi network regularly for unauthorized access or loop holes
- Not reviewing and refining access control regularly
- Not implementing needed data protection laws recommended by federal/state government
- Not implementing privacy, security, data protection and non-disclosure policies
To learn more, be sure to read MReport’s November Data & Analytics issue, available now.