9-29-17

www.marejournal.com

Real Estate Journal — Fall Preview — September 29 - October 12, 2017 — 9C

M id A tlantic

T itle I nsurance

By Matthew Cohen, Esq., Two Rivers Title Cybersecurity in the Title Industry

T

he advent of automa- tion in the title industry has brought with it wel-

Information such as social se- curity numbers, bank routing numbers, passwords, and credit card details are all examples of information typically entrusted to the settlement agent. Iden- tifying scams and taking mea- sures to stop them has become part of our daily routine. Wire Transfer Fraud has quickly become the most po- tentially devastating phishing scam affecting the title indus- try. In the case of wire fraud, the hacker obtains enough NPI and company information to pose as someone recognizable involved in a closing. The client,

usually the buyer, is contacted electronically and told there “has been a change in their wiring instructions” or “please send the following amount by wire ahead of the closing”. The wire transfer information is fraudulent and, if sent, the money can be lost. Unfortu- nately, these scams have had a lot of success. In the case of a California escrow firm, a 1.5 million “cyberheist” forced the company to close. https://kreb- sonsecurity.com/2013/08/1- 5-million-cyberheist-ruins- escrow-firm We recently experienced a

wire fraud attempt that was po- tentially catastrophic. An email was sent to a client impersonat- ing our company email. They noted the correct-date-time of the upcoming closing and re- quested a wire be sent ahead. An investigation showed they had hacked into a realtor’s email account who was involved in the transaction. Luckily, this client thought it suspicious that the email had come from me and not the Paralegal as- signed to the deal. They called to confirm the transfer and we stopped the attempt in its tracks. Had he not made that

call, the outcome could have been devastating. Preventing Cyber Scams Industry standards require measures be taken to secure NPI. Alta Best Practices Compli- ance, Pillar 3, calls for a com- prehensive analysis, written policy and security risk man- agement program. “The pro- grammust be appropriate to the Company’s size and complexity, the nature and scope of the Company’s activities, and the sensitivity of the customer infor- mation the Company handles.” continued on page 20C

come chang- es. Increased speed of com- munication, fewer human errors, and movement to- wards paper- less closings have created

Matthew Cohen

new standards and improved customer service. While it is im- perative to implement technolo- gy that enables us to meet these higher expectations, it comes with a unique set of risks. The extensive amount of NPI (non- public information) collected for each transaction has moved from traditional file cabinets to digital space shared by cyber criminals. Protecting customer information has always been a top priority at Two Rivers Title. In fact, all financial institutions are mandated to protect NPI. Federal and state guidelines have existed for decades. The Gramm-Leach-Bliley Act of 1999 mandated how finan- cial institutions must handle Nonpublic Personal Informa- tion (NPI) in order to protect consumers. More recently, New York has implemented legislation requir- ing enhanced security testing of cybersecurity procedures. The New 23 NYCRR 500, or the New York Cybersecurity Regulations for Financial In- stitutions went into effect on March 1, 2017 requiring all financial services institutions (as defined in the Regulations) to formally assess its cyberse- curity risks and establish and maintain a program to address such risks. Recognizing cyber threats and associated risks is the first step in reducing vulnerability. Cyber Threats Phishing Scams are the most common way hackers obtain information. Phishing is an electronic attempt to acquire NPI by pretending to be a familiar or trustworthy source. We see these every day. Staff members receive emails requesting NPI. Sometimes simply opening the email allows cybercriminals to infiltrate the system causing a data breech, or implant software which locks down the system followed by a ransom demand. This is par- ticularly threatening in a busi- ness that handles commercial and residential transactions.

A Multi-State Title and Escrow Company

Giving you and your clients peace of mind throughout the closing process

Residential

Commercial

• Government

Offering a Full Line of Insurance Products and Paralegal Support

www.tworiverstitle.com Offices Throughout New Jersey, New York, Pennsylvania, and Florida

Made with FlippingBook flipbook maker