Tag Archives: Chuck Matthews

cybercrime

WGM expands cyber security efforts

Recognizing and responding to growing online threats and information security breaches, WGM Associates, a Scottsdale-based information technology consulting, security and application development firm, has expanded its information security services and added key talent to manage the increased demand for cyber-related management and IT services.

WGM Managed Information Security Services will enhance WGM’s focus on intelligence-driven security programs aimed at reducing cyber liability risks which have become commonplace in today’s business environment. To lead the team, WGM has hired industry technology veteran, Scott Shedd as Practice Leader. Shedd brings high-level certifications and security technology skill sets to help WGM clients understand and assess risks, mitigate vulnerabilities and defend against ongoing technology threats.

“As larger organizations continually fortify their security defenses, small- and medium-sized businesses are increasingly being targeted by cybercriminals, cyber-spies and hacktivists,” said Chuck Matthews, CEO of Scottsdale-based WGM Associates. “Unlike larger organizations, smaller businesses typically lack adequate in-house security defenses, knowledgeable resources and the expertise and ability to effectively protect confidential and valuable data residing on their networks.”

WGM’s Security Services division will provide security program assessments, policy development, response readiness planning, vulnerability management, gap assessments and remediation services in addition to managed networking security, application security, web and mail security, mobile device management and client administration portals. Targeted industries include financial services, health care, nonprofits, legal firms, education, real estate and other businesses handling sensitive client or customer information.

Founded in 2011, WGM Associates is a local provider of consulting, security, managed IT services and application development for small- and medium-sized businesses. WGM’s leadership team works with clients and businesses to play an integral role in all IT decisions including technology platforms, information governance, regulatory compliance, strategic initiatives, future requirements and budgetary planning.

A huge benefit afforded by Managed Information Security Services, WGM will remotely monitor and manage critical systems 24/7 throughout the Southwest via its secured network operations center.  The new WGM division will help bridge the gap between risk and limited internal resources, which can leave sensitive customer and employee records and intellectual property inadequately protected and at risk for theft or exploitation.

“Every organization must comply with a host of security and privacy issues surrounding the sharing of sensitive information. They need an increasingly fortified process to manage security and privacy more effectively,” Matthews added. “Our new division makes the development and administration of a security program seamless by providing the business with a keen understanding for security expertise and technology to minimize the risk.”

Matthews observed that many small- to mid-sized businesses feel immune to attacks, but instead face a multitude of destructive threats. Another common tactic involves hackers who target smaller businesses to obtain entry to their larger business partners and weaknesses in their cyber security as well.

“Currently, there is a huge void in the market for this service and WGM has the expertise and solution-set knowledge to help businesses handle these ongoing changes,” said Matthews.

cybercrime

Protect mortgage credit information from cyber threats

Hardly a day goes by without the revelation of another information security breach leaving thousands of consumers’ private information exposed to hackers and for sale to the highest bidders. Major retailers, financial institutions and educational institutions continue to be favorite targets of cyber criminals. As was seen in the recent breech with mega-retailer Target Corporation, hackers have found it easier to focus on less secure business partners to gain access. In the Target case, the retailer was compromised through a third-party vendor with access to Target systems. It’s also a scary fact that this may be the case with your financial institution as well.

According to the Office of the Comptroller of the Currency (OCC), a division of the U.S. Treasury, the risk of cyber threats is growing and electronic bank fraud is increasing. The OCC reports cyber threats are growing in sophistication and frequency, and require heightened awareness and appropriate resources to identify and mitigate the associated risks. “The costs and resources needed to manage the risks continue to increase; at the same time, the tools and knowledge to conduct the attacks are more readily available. Additionally, institutions’ early adoption of new technology and their growing reliance on third-party providers may expand the overall system’s vulnerabilities to these attacks,” the OCC reports.

What can homebuyers do?

In this environment of increasing risk, what can you as a homebuyer do when purchasing a new home or refinancing to ensure that your private information is well protected? Is all the information the bank or lender asked for protected? What about all of the other people involved in the transaction? After all, loan documents contain every possible piece of sensitive information about you and your spouse. Just imagine if that data fell into the wrong hands.

You can take some comfort that new, recently-adopted federal rules with large penalties for non-compliance and industry best practices are intended to help protect you. However, you would be well-advised to ask whether your providers – lenders, banking partners, etc. – are complaint with these rules because not all are and you need to protect yourself and your data as best as possible.

In 2010, the Dodd–Frank Wall Street Reform and Consumer Protection Act created the Consumer Financial Protection Bureau (CFPB) and provided authority for the CFPB to supervise financial institutions for compliance with federal consumer financial laws, including existing laws intended to protect your non-public personal information or NPI. Providing real estate settlement services to one of these regulated financial institutions (like your bank or mortgage lender) is deemed to be providing financial products or services under the Act. As a result, the CFPB can bring enforcement actions directly against a real estate settlement services provider (such as your title insurance agent) for a violation of a consumer financial protection law – if they fail to protect your documents and security information.

Title Companies and ‘Best Practices’

In response, the American Land Title Association (ALTA) created a detailed program of industry “best practices” intended to put settlement service providers (title agencies and escrow firms) in compliance with the CFPB regulations. On July 19, 2013, ALTA published its version 2.0 of “Title Insurance and Settlement Company Best Practices,” setting forth industry guidelines for business procedures and service levels. The best practices address seven main areas ranging from internal controls regarding trust accounts to protecting customers’ personal information and responding to complaints. However, Best Practice No. 3 deals specifically with protecting Non-Public Personal Information or NPI. In addition, Best Practice No. 3 includes requirements and procedures for physical security of computers, “clean desk” policies, risk management, disaster recovery, information security practices and methods for the encryption of private data.

For instance, loan and closing documents emailed to you containing NPI must be encrypted. Collectively, these practices are a means for settlement service providers to address the need for increased lender oversight and to ensure necessary safeguards to protect consumers. The implementation of the Best Practices is voluntary but an important means to ensure reduction of risk in the overall financial system and to protect against identity fraud. Banks, including large national institutions like Wells Fargo, have embraced the Best Practices Program.

Under the ALTA Best Practice Program, settlement service providers perform a detailed review and assessment of their operations — typically using an experienced third-party expert. The resulting “Best Practice Certification Package” is then used to certify to consumers, mortgage originators and mortgage servicers that the assessment found the firm to be in compliance with the ALTA Best Practices in all material respects and represent that the firm will remain in compliance for the next two years.

So back to the original question – what can you do to ensure that your mortgage loan data is kept safe and secure? One thing you can do is to ask your title agency about its participation in the ALTA Best Practice program and whether it has undergone a Best Practices Review. If not, you may want to ask for another title agency.

Chuck Matthews is a 30-year veteran of the banking and real estate industries. He is the Chairman and CEO of WGM Associates LLC, a Scottsdale-based information technology and security consultancy.