BUILD-A-BROKER
The Looming Threat In Your Computers Effective vendor management comes home to roost in the wake of COVID-19. BY JACKIE DRZIAK | SPECIAL TO NATIONAL MORTGAGE PROFESSIONAL
I
n recent years, the background screening industry has called for screening firms to manage vendors. Ideally, vendor management efforts should include an assessment for risk within the relationship along with a review of the firm’s policies on data security and business continuity. It would seem like most consumer reporting agencies have the internal processes to keep track of third parties. The reality is that no organization can function without the products or services from a third party. Imagine for a moment that your brokerage needed to continue operating without any vendor relationships while staying competitive with pricing and turn times. The short answer is, it couldn’t. That said, these vendor relationships introduce all sorts of risk to your operation. Vendors can play havoc on your reputation, your operations, your P&L, your compliance with applicable law and with your data security. This is a lot of risk to manage, even in the easiest of times.
LEARN FROM PAST Target suffered a data breach in 2013. This one unfortunate incident caused large financial and reputational hardships on Target and yet the breach was a result of a third-party credit card processor’s lack of security protocol. There are numerous other examples of data security breach scenarios involving third parties that have caused immeasurable harm. Your goal should be to really know your vendors --
not just the account executive, but their business philosophies, their security protocols, their business continuity plans and more. Having service providers with realistic, thoughtful and proven business continuity plans is of great assurance in times like these. It is critical in the supply chain that CRA’s have sound service providers who can quickly and easily continue business operations under any circumstances. It is also critical that third parties have thoroughly designed protocols to ensure data security. The more vendors used by any organization, the risk of data compromise increases. The following six questions should always be asked when evaluating third parties: • Does this party need to access our systems? • What data do we share with this party? • Where is the data stored by the party and for how long? • Who within the third party has access to the data? • What measures does this party employ to secure data? • What kind of proof can they provide that data is safe with them?
CYBER THREATS MOUNT In the current national emergency, cybercriminals are hard at work plotting their next moves to take advantage of vulnerabilities in your data security protocols. According to the National Cyber Security Alliance (NCSA), global crises often correlate with an increase in
cybercrime. Cybercriminals will seize the COVID-19 pandemic as an opportunity to manipulate people based on their fears and insecurities. Lately, these “bad actors” have been sending email, text and social media messages claiming to provide a link to new information about the virus – which, of course, leads the victim to take actions that give the cybercriminal access to their network. With more staff working remotely, organizations should be particularly vigilant of their own data security protocols. And don’t forget about third party relationships- Ensure all third parties are also taking appropriate actions to keep systems and data secure. It is not unreasonable to ask your third parties to identify the processes they are currently using to safeguard data. The following questions should be asked of your vendors now: • Are your employees working within the office environment or working remote? • Have you provided employees with remote worker training on network security, remote access, phishing emails and secure internet connection? • Has anything changed in the collection, storage or delivery of data? • Describe the security protocols currently in use to safeguard data Now is not the time to let your guard down. Instead, be certain you and your third parties have sound business continuity and data safeguarding practices. Take the time to know your vendors as part of your own risk mitigation strategy.
Jackie Drziak is founder of All In Compliance.
PEOPLE ON THE MOVE //
> US Real
Estate Services, Inc. promoted Garrett Mays as the company›s vice president of valuations and vendor management.
16
| NATIONAL MORTGAGE PROFESSIONAL MAGAZINE
> Susan
Stewart, CEO at SWBC Mortgage Corporation, was sworn in as chairman of the Mortgage Bankers Association.
> Planet Home
Lending hired Jerrold David as regional sales manager for the company’s West Coast operations.
> Equity Prime
Mortgage promoted Julie Rhodes as the company›s retail underwriting manager.
