8 Free Things You Can Do Today to Get Started on the Road to Best Practices
|August 8, 2013
By Gregory McDonald
Title companies are a virtual treasure trove of information for the would-be identity thief. Information such as names, street addresses, Social Security numbers, drivers’ license numbers and bank account information are extremely valuable to identity thieves.
We owe it to our clients, lenders and to ourselves to protect the valuable information these individuals and entities entrust to our custody. Each one of us must do our part. A common misconception among title professionals is that most of what we handle on a daily basis is of public record. This is a dangerous assumption. While data associated with a transaction, buyer, seller, address, etc., may one day become public record, it is considered by the government and the lender to be private until the point at which it is recorded. This means we as an industry are charged with the protection of much more than just a Social Security number, but rather almost every detail in the file.
“But we’ve always done it this way" no longer cuts it.
Lenders are liable for damages resulting from a security breach. If title agents fail to protect sensitive information, it will not bode well for us as an industry, and may lead to increased regulation and oversight. Remember, the Consumer Financial Protection Bureau (CFPB) funds itself by fining anyone found to be in violation of the law. And just because others in our industry aren’t playing by the rules, doesn’t make it legal to ignore them. Compliance is not optional. It’s mandatory.
Here are eight free things you can start doing today to ensure we as an industry meet our obligations to buyers, sellers, lender and ourselves. They’re simple, easy to do, and will ensure your title company is on the road to best practice.
- Secure and Shred: Identity theft remains one of the fastest-growing crimes in America according to the Social Security Administration. Statistics indicate that 88 percent of identities are stolen from information obtained Dumpster diving. Documents containing any information used for the purpose of conducting a financial transaction are considered to contain sensitive non-public personal information. Throwing documents in the trash, or into a “to be shredded box” is not good enough. Documents should be shredded IMMEDITELY, or placed in a locked personal document container. Personal document containers are available online from All Source Security Container. A great free solution is to place documents that need to be shredded into a locked drawer or file cabinet.
- Lock your Door: Building managers, cleaning staff, clients and guests should not have access to your files. If your desk is behind a lockable door, then lock it. It’s yet another free step that can be taken to protect valuable information.
- Encrypt your Computer: FACT: A normal Windows password can be bypassed in less than 10 minutes. Bank robbers break into banks to steal money and identity thieves break into offices to steal identities. By encrypting your computer, you are taking an important step in the protection of valuable information. Most drive-encryption software offers military-grade encryption that is all but foolproof. One of the best whole computer encryption products is from TrueCrypt and can be downloaded for free at TrueCrypt.com.
- Password Protect your Phone: The smart phones we carry in our pockets and purses can contain as much information as our office computers. Although password protecting mobile devices is a good start, it’s not enough. It was recently proven, at Defcon 2012, an annual hacking convention, that it is fairly easy to hack passwords on both Apple and Android devices. This is because most people protect their phones using a simple four-digit numeric pin. Though a four-digit pin offers up to 10,000 possible password combinations, a determined hacker can still gain access in a matter of hours. The answer to this dilemma is to enable the “complex password” option on your iPhone or device-level encryption with Android. Remember, your password needs to be strong. How strong? We recommend a minimum of 10 characters with at least one upper case letter, one number and one special character. Enabling features to erase the phone after a certain number of failed attempts provides an extra layer of protection.
- Take it With You: When traveling with sensitive documents, treat them as if they were cash. You wouldn’t leave a pile of cash in your car, or hotel room would you?
- Protect your home computer: If you are like most of us, you take work home with you at the end of the day. It is important to be mindful that using email, reading documents and accessing certain websites may place certain non-public personal information on your home PC. It is highly recommended that if you work from home, use a company-owned laptop and not the family computer. Any computer containing non-public personal information should be password protected and encrypted.
- USB Thumb Drives: Portable hard drives, USB thumb drives and other forms of removable media are a convenient option for storing and sharing files. If not encrypted however, these easy to lose drives provide a wealth of information to a would-be criminal. FACT: Cyber criminals have been known to intentionally drop virus infected USB thumb drives in the parking lots of office buildings they are targeting in hopes of infecting computers. Never use a USB thumb drive that you didn’t purchase yourself or know the origin of.
- Be Alert: The easiest way to gain access to valuable information is to just ask for it. In a process known as pre-texting, a common technique used by criminals is to call up the victim pretending to be from a known technical support or software provider. Smart criminals take the time to research your business and often times know exactly who is providing your IT services as well as specific names of individuals working at those organizations with whom you may be familiar. If you receive a phone call asking to remotely access your computer, reset a password or anything else; trust but verify. Ask for a return telephone number, then check to make sure they are who they say they are. Never provide access or passwords to anyone whose identity cannot be confirmed.
Get started today. Look around. What can you do differently?
Gregory McDonald is founder and CEO of Cloudstar Consulting Corp. He can be reached at 800-340-5780 or gmcdonald@CloudstarCorporation.com.