Keeping Home Loan Documents Safe from Hacking

Cyber Crime

Your clients provide tons of personal financial data to mortgage companies during a real estate transaction. So how do you know your clients’ preapproval and home loan documents are protected, and what safeguards does their lender take? Many mortgage lenders have systems in place to keep sensitive financial data safe from hackers.

One of the best ways to help prevent personal data theft is continuous communication and education. Mortgage companies work to ensure their customers are aware of the prevalence and risk of online hacking and theft. The first step is to make sure home buyers know where cyber criminals are lurking and how to avoid them. Evelyn Freitas, a Loan Originator at Envoy Mortgage in Northern California, says that her company sends emails to customers reminding them to never wire funds without double-checking all information with their loan processor over the phone. Plus, Envoy loan processors have a disclaimer in their email signatures—written in red—that serves as yet another reminder. Additionally, loan applicants are sent videos throughout the transaction process educating them about loan document safety.

Mortgage lenders also have many electronic safeguards in place to protect sensitive customer data. For instance, they may use secure mail for collecting any non-public personal information, encrypted internal portals with password protection where clients can apply and upload their documents online, or a rigorous employee logon and password verification process with two-factor authentication. Mortgage lenders may have a clean desk policy stating that all file cabinets must be locked and documents must not be left out where they could be read or stolen. Mortgage companies may also employ data protection policies with encrypted computers and phones, or even add their company logo to programs like Office 365 so employees know they are accessing correct, secure information. Most also have cyber incident management policies in place to protect clients in the event of a security breach.

Lastly, many mortgage lenders require their employees to attend annual training where they learn to recognize phishing scams and understand the importance of cyber security. Employees are also asked to forward all suspicious emails to their company’s IT department for investigation. Freitas states that Envoy’s IT department periodically sends employees training emails disguised as phishing attempts. The goal, of course, is for the employee to spot the red flags and report the email to IT. If an employee believes the training email is legitimate and responds to it, the employee is notified of their error and sent to additional cyber security training. Mortgage lenders know the importance of informing employees whenever something new happens in the world of data hacking and cybercrime, so they may send information to keep them up to date on any new security issues.

Advise your clients to talk to their mortgage lender about their data security practices. A good lender should have strong systems in place to ensure the privacy and safety of all customers.

Learn more about keeping your clients safe from scammers.