TitleBytes News & Happenings

CYBER CRIME AND SECURITY – A Couple of Suggestions

Editor’s Note: I reached out to a couple of active MLTA members for their insight or tips relative to the lurking cyber problems and issues. Here is a combination of two articles, the first by Brian Roberts (ATA National Title Group) and the second from Brandon Hunt (Mid-American Title). Thanks, guys!

We are well aware of and hear the many stories our industry faces in the cyber security war every day in our operations. The message of, “I haven’t received my proceeds wire”, from the seller whose funds you wired a few days prior! Or “I wired you the money yesterday for the closing”, from the buyer who is sitting at the closing table, are all phrases that keep us up at night, worried that our company may be the next to deal with funds from a closing that are now missing. While there is no system or procedure that will completely shield us from wire fraud, there are steps we can take and steps we can encourage our customers (Realtor, Lender, Attorney, etc.) to implement, to help protect not only the NPI of the consumers but the wire information commonly sent amongst all the parties involved in a transaction when using one of the free e-mail service providers.

One of these steps is enabling Two-Factor Authentication for e-mail, more particularly on the free e-mail services that so many use for both personal and work e-mail. Two-Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that requires not only a password and username but also something that only that user or account owner has on them (i.e. a physical token or security code). This security measure is not a new concept. Think about your checking account and bankcard, you have a card and you have a pin to withdraw money from an ATM.
Did you know that most of the well-known email platforms like Gmail, Yahoo, and Outlook/Hotmail offer 2FA to help secure your e-mail? Here is a link to a quick YouTube video on how to enable the security for Gmail, https://www.youtube.com/watch?v=UVanCLIx2Aw&feature=youtu.be. Also, here is a link to a website that walks you through the setup for Gmail, https://authy.com/guides/gmail/. You can do the same thing for Yahoo e-mail; click https://authy.com/guides/yahoo/ for a link to walk you through the process. Outlook/Hotmail also offers this security service, click https://www.youtube.com/watch?v=VzZFKS8AfQU&feature=youtu.be for a video link walking you through the process to get setup.

This is not the end all be all solution to stop the hackers, but it’s another step that can be taken to help protect NPI. Instead of being reactive, let us try to become proactive as an industry! I would encourage everyone to use 2FA at least for your personal e-mail. As we know many of our customers (Realtors, Lenders, Attorneys, etc…) use the above-mentioned email providers for their “work” email, let’s help encourage and educate them how they can use this security for e-mail, to hopefully start limiting the opportunities for wire fraud we are seeing in our industry.

Think Like a Criminal

Cybercrime seems to be the buzzword in all off our industries publications, seminars, and trainings these days. The warnings we receive do have plenty of statistics to back them, such as the Internet Crime Complain Center(IC3) annual report which listed business email compromise(BEC) and email account compromise(EAC) as two of their largest problems with reported losses of $263 Million in 2015 due to BEC and $11 Million in losses due to EAC.

So, what can we do to help protect ourselves? The FBI, IC3, and security professionals have all stated that you can put the best hardware and software in place, but that alone cannot protect you. The reason is those items are not the greatest weakness, that weakness is us, the human being that makes the decision to accept wire instructions without verification; the employee that clicks on an email link to update a login password; the agent that clicks the “download now” popup on their computer. The weakness is the person that doesn’t recognize these red flags, who doesn’t stop to ask questions, and who doesn’t think like a criminal.

As the CBS TV Series Criminal Minds or NBC’s The Blacklist display, sometimes it takes a criminal to catch a criminal. Now I am not advocating that we charge out and start hiring criminals. But, I would advocate that you open your mind, and try and think like a criminal. Ask yourself, if you wanted to commit a cybercrime on your own company where would you start? Who would you target? Why? As you ask yourself and your team these questions you might reveal the very same vulnerabilities the Cybercriminals are exploiting. Through this exercise you may see where policies & procedures need to be changed & created, or where more training is needed. What you will realize is just like the experts have stated, your vulnerabilities most likely aren’t hardware or software related. They are human.

In the security industry they use the term “Harden the Target” and that is essentially what this process is aimed to do. If a burglar walks down a street trying every front door and finds all the doors are locked except one; which house do you suppose will get burglarized? Cybercriminals, as sophisticated as they may be, also follow the same trend. Criminals look for soft targets. The harder you make it for them the more likely they are to just move on. They are looking for that digital unlocked door. If you keep your doors locked, and consistently make sure they are still locked, you put yourself in a much more secure position. Otherwise you are leaving that digital door wide open …