The Trusted Adviser
September 2017 | Volume 10 · Number 6

Stay Secure Online, Stay Informed, and Strengthen the Weakest Links

by Christine M. Sparks, ATG Senior Vice President – Chief Operating Officer

REAL ESTATE ATTORNEYS: Some content is password protected for ATG agents only. Learn about more benefits of ATG agency and how to apply at Agency Program Benefits.

Christine M. Sparks photoThe recent Equifax data breach is a stunning reminder of how vulnerable nonpublic personal information (NPI) is—even when it resides with a century-old, three-billion dollar company whose business is...data. From a large scale hack to an everyday phishing scam, we all need to be mindful both at work and at home.

The effects of such a data breach are yet to be completely understood. At a minimum, someone is out of a job, many consumers are more concerned than ever about identity theft, and first-time home buyers trying to obtain credit and apply for mortgages will feel the strain. The effects of those last two will be evident in our industry in the coming months.

ATG posts on this topic on a regular basis. We warn about wire transfer fraud, email phishing schemes, adhering to Best Practices by protecting NPI and, most recently, mortgage closing scams. As ATG Senior Vice President Jerry Gorman said when commenting on a recent ATG CLE program, Practical Ways to Protect against Fraud and Cyber Threats, "From the day the first fraudsters stole money electronically, we have been in a brutal cycle: Cyber thieves find a way to get our funds or information, we find a way to block them, only to have them blindside us from another direction, starting the process all over again. To stay secure online, we must stay informed."

To refresh your recollection please take a look at our earlier communications:

Relatedly, a September 2017 recent post from the American Land Title Association (ALTA) included an article, What You Can Learn From FTC Data Security Actions Against Uber, TaxSlayer, which touches on recent enforcement actions levied by the Federal Trade Commission (FTC) against those two young companies and how those are a reminder to financial institutions (including title insurance companies and agents) about their duty to safeguard customer data and disclose data-sharing practices to customers.

According to the law firm Sidley Austin LLP in its case summary (Data Matters, August 23, 2017) the settlement shed greater light on what the FTC means by "reasonable data security" measures that companies should implement and underscores the importance of maintaining a robust insider threat prevention program. The roadmap of reasonable security measures that the FTC may expect companies to have in place stresses the importance of limiting access to data in accordance with employee roles and responsibility, multi-factor authentication, and encryption of sensitive data, even when stored at-rest or in back-up tapes.

The above is consistent with ALTA Best Practices, which we encourage all agents to review. All seven "pillars" of ALTA's Best Practices are important, but security and data protection are at the heart of the matter, as outlined in Best Practices #2 and #3:

Nine Tips to Review and Remember

Users and administrators should take the following preventative measures to protect their computer networks from viruses and attacks, and make employees aware of email phishing scams:

  • Do not follow unsolicited web links in email messages or submit any information to webpages in links.
  • Use caution when opening email attachments. Refer to Using Caution with Email Attachments, for more information on safely handling email attachments.
  • Maintain up-to-date anti-virus software.
  • Perform regular backups of all systems to limit the impact of data and/or system loss.
  • Apply changes to your intrusion detection and prevention systems and firewalls to detect any known malicious activity.
  • Secure open-share drives by only allowing connections from authorized users.
  • Keep your operating system and software up-to-date with the latest patches.
  • See Recognizing and Avoiding Email Scams for more information on avoiding email scams.
  • See Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

What is Your Weakest Link in Information Security?

ALTA's Title News, September 19, 2017, reported that two days before Equifax divulged its cyber breach, the Identity Theft Resource Center reported there have been 975 data breaches this year, exposing nearly 19.4 million records. Companies are unsuccessful at preventing cyber-attacks because they fail to address the weakest link in the information security chain: the people. According to leading industry and government reports, more than 90 percent of successful cyber-attacks happen due to human error. Could this happen in your office? Could your firm afford a data breach and potential loss of escrow funds due to an employee mistake? This webinar recording addresses IT security risks you face every day, how to identify phishing emails, what to do if you receive a fraudulent email, and how to layer security and avoid falling victim: Cybersecurity Awareness Training.

ATG's Training and Procedures Department Can Help

ATG Agents: Consultants from ATG's Training and Procedures Department are available to assist you with many of the issues and safeguards title agents must implement to keep customer data safe and protect from all types of cyber attack. Read about our Agent Implementation Tools and feel free to call the ATG Training and Procedures Department, 312.752.1249 or email us with questions and concerns.

As always, we appreciate your business and your support of ATG.

[Last update: 9-28-17]

Back to Issue

Print this page