A Mortgage Broker’s most valuable asset is their network. Most of your network’s details: contact info, financial records, private correspondence, etc. are stored digitally, so it’s prudent that you have a sound digital security plan in place.
Either you have a cloud-based email and file storage solution, or you’re still making the mistake of storing things locally (trusting your devices to be the only way to backup, store and secure your data). Whatever your choices for how you maintain your precious data, a little digital security knowledge goes a long way. We asked our VP Engineering Rafe Hatfield to give us his tips for how Brokers can better store their data safely:
Don’t share it, don’t write it down, change it regularly, understand how password complexity really works. Use a reputable password manager – 1Password, Dashlane and Lastpass all feature well here – and make sure to use them so you have a different password for every service you use. If you are hacked on one account, those account details will be then be applied to many other popular services – if you use the same password on multiple accounts and you get hacked, you are extremely likely to find yourself hacked on all those other accounts very shortly after.
Use Multi-factor authentication (2FA) whenever possible. If you’re considering trusting a service with data that matters to you and they don’t have 2FA available, consider your alternatives. It takes a little getting used to, logins are a little more involved (there is one extra step to log in to your service), but the security gain is more than worth it.
For additional security when it’s available, make sure to use an authenticator service or app, such as Google Authenticator, in preference to something like an SMS message.
Then, store the encryption key in a safe place. All major operating systems offer this as a setting you can enable, and there is no excuse for not doing it. If your laptop is ever stolen or ‘borrowed’, it is extremely unlikely that anyone will be able to access your data.
Make sure that you have your screensaver set to come on after a short period of inactivity (recommend no longer than 10 minutes, preferably shorter), and make sure that you need your password to deactivate it. If you leave your computer to go to a meeting and you haven’t done this, you are vulnerable for the entire time you’re away.
This should be self-evident in this day and age, but run a virus checker, and keep it up to date, no matter what operating system you use (this means you too, Mac users). Make sure it runs a full scan of your computer at least once a week, and that it is automatically updating itself for the latest patches.
Bitdefender is what all the cool kids are using these days. It rates highest for virus coverage with minimal computer impact.
Here at Lendesk, we take security very seriously. To maintain our SOC2 (Service Organization Controls Level 2) compliance, we have forced password changes, we do monthly security discussions and quarterly surveys, and we run security monitoring processes daily on our servers. All our staff follow the tips above, and we have a number of other in-office security protocols that we follow.
Follow the steps above, and sleep more soundly knowing that your data is secure. There is no such thing as being too careful, especially when you are handling your clients’ private financial data.