THE EPIDEMIC OF CYBERCRIME has made nonpublic personal information (NPPI) a hot topic — and that is especially true for Notary Signing Agents and everyone else working in the mortgage lending industry.
While protecting a borrower’s personal information has always been a priority, lenders, title companies and settlement services firms have ratcheted up their efforts to keep NPPI out of the wrong hands. Virtually every piece of information you receive — from the closing confirmation to the loan package — should be considered sensitive information. How Signing Agents treat that information has never been more crucial. Items such as the borrower’s phone number, loan amount, interest rate and email addresses now fall under the umbrella of NPPI. Just knowing that a person is refinancing and who their lender is could be considered NPPI. There are a number of practices we should follow to help keep our customer’s information safe and protect ourselves from suffering a data breach. They fall under two broad categories.
Technology Practices Computers, mobile devices and the internet have been a boon to business transactions the world over. But the convenience and efficiency of technology has also made it easier for criminals to target high-value transactions, such as mortgage originations. All it takes is a single lapse, and hundreds of thousands of dollars can be directed into the wrong hands. So the companies that contract with NSAs expect us to be diligent. The following practices will go a long way toward meeting those expectations:
• Never take a picture of a borrower’s ID. I cannot stress this enough. You should never store any personal information about a consumer on your phone. It could accidentally be saved to a SIM card or your Dropbox account, or you may just forget to delete it. If your phone is hacked or stolen, a thief will get a photo of someone’s driver’s license. Many Notaries email the photo of the license from their phone. If you use a public Wi-Fi network or unencrypted email, that email could easily be intercepted and fall into the wrong hands. • All emails with NPPI should be either encrypted or password protected. • Never send documents back to title or the lender by email unless they are password protected. If you don’t have the ability to do so, then faxing is the better option. • Pay close attention to the emails you receive from the title company, lender or anyone else involved in the loan. Does the sender’s address look correct? Does the signature line look correct? Are they asking you for something that seems a bit off? When in doubt, call the sending party and verify. • Use strong passwords that involve lower case and upper case letters, numbers and special characters. Don’t use the same password over and over, but try to use a new one each time. Also change your passwords frequently, at least every 180 days. • Never write your passwords down where someone can find them. • All technology items should be password protected, including computers, smartphones and tablets. • Your computer should be set to lock out automatically after a short interval of time, such as 15 minutes. • Make sure to encrypt the data on your smartphone. Many phones have encryption options, and there are numerous apps that can be downloaded. • Do not use public Wi-Fi access because it typically is not secure. You should also hide your home Wi-Fi network and change the default password to a more secure one. • Many NSAs are tempted to print or copy loan packages at Staples, OfficeMax or other retail stores. But most printers and copiers have hard drives that store information long after you have departed. That allows multiple parties to access your borrower’s information. • Limit access to any technology you use for work. That includes keeping your home computer and other devices secure from you own family. They might inadvertently do something that exposes NPPI. It’s also a good idea to avoid surfing the web on the same computer you use for work because that can increase exposure to viruses,
malware and other cyberattacks, which could lead to a potential breach.
Low-Tech Practices Not every risk comes from a cybercriminal. And not every data breach involves the internet. A borrower’s NPPI can be compromised by a variety of old-fashioned lapses. • Any documents you print, such as the closing confirmation or loan package, should be stored securely in a locked cabinet — but only as long as you need them. Once those documents are no longer necessary, dispose of them using a shredder or reputable shredding service. A loan package in your trash can is a data breach waiting to happen. • Use caution with utilizing outside services such as computer repairmen, shredding services and copier repair companies. Make certain you have fully vetted them, and limit their access to what could be considered NPPI. • Never share details of a closing with someone outside of the transaction. Saying something as simple as, “Hey I closed a loan for Mrs. X. Remember her? She was our old lunch lady,” could be considered a breach of information. • Make sure you handle all of your packages yourself, and keep them secure until you drop them. Never leave them with a receptionist who keeps a stack of packages on their desk or with a friend who is going drive by FedEx anyway. Documents should be locked in the trunk of your car or in a locked file cabinet at all times. Try to use a FedEx or UPS location instead of a drop box whenever possible. Finally, take a look around your work space on a regular basis. Review your processes. Ask someone else to take a look and share their thoughts. Try to find potential weaknesses and tighten up your security. A data breach could have disastrous results — from destroying your reputation, to a financial loss for your customers to a potential lawsuit. Most breaches of technology are not covered under your E&O insurance and the expense of defending a lawsuit could be exorbitant, and potentially close the doors on your business. Don’t let that happen to you. One of the best ways to approach protecting your customer’s information is to treat it as though it were yours.
About the author: Marcy Tiberio is an NNA 2015 Notary of the Year Honoree and owner of Professional Notary Services, Inc., in Rochester, New York. She can be reached at email@example.com.