Everyone with data is a target. The question is not if you are a target. The question is how are you defending yourself.
Good internal controls need to extend to IT security of the Loan Origination System (LOS) and all related systems.
Every LOS has known security “exploits.” These exploits are vulnerable to compromise from internal employee collusion and/or outside attacks. Good IT security can ensure that customer and internal confidential data is not compromised by any internal or external actors.
Vendor management review and internal controls should be applied to every vendor that has access to your network or confidential data. Particular attention should be paid to the vendor’s security procedures, and whether they have liability and data breach insurance.
Internal data can be compromised by a lender’s employees. Branch pipeline or loans in process data can be compromised when loan officers or branch managers leave the company. Control must be maintained over operations to ensure that only authorized loan officers, brokers or correspondents have access to company IT resources. Administrator privileges should be confined to the fewest number of administrators who have a need to access broad system functions. Poor control over administrator privileges is one of the most frequent security exploits that leads to losses for lenders.
Here is an article I wrote for ‘Mortgage Compliance Magazine’ about Cybersecurity Best Practices in Mortgage Banking.
Cybersecurity Best Practices in Mortgage Banking – Jim Deitch
