When you think about the mission of a title insurance and escrow company, you may naturally focus on the service you provide to assist your real estate agents, lenders, homebuyers and sellers with the conveyance of property.
But the more significant underlying mission in our current cyber security environment is the protection of your client’s data and funds.
With the complexity of our systems, the password – well configured and protected – still remains one of the primary safeguards against intrusion. Unfortunately, according to one report, 80% of hacking-related breaches were linked to passwords and stolen credentials.
The challenge is the sheer proliferation of passwords due to the growing use of applications within a business. Multinational companies report managing hundreds of applications, with their accompanying passwords. Even small businesses use on average 40-50 applications, all requiring a password.
If you aren’t managing your passwords effectively, the truth is that you aren’t really managing your company effectively in this era of hacking, phishing and malware.
It’s time to take inventory of your password practices to ensure you have sufficient controls in place to protect your client’s data and escrow accounts.
Password management best practices
Teach your employees good password hygiene, including:
· Never share your passwords for any reason. This is especially important when accessing your escrow accounts.
· Make sure passwords are of sufficient length and complexity: 12 to 16-letter minimum with caps and lowercase, symbols and numbers. (If you want to know why this is necessary, check out this chart on the relative ease of hacking a short, simple password.)
· Use a different password for each application. (If an application gets compromised, all of your applications won’t fall prey to the hacker.)
· Avoid using personally identifiable words, pet names, or discoverable words from your social media, such as where you live, went to school or work.
· Instead of using a word found in a dictionary, make up a word that represents a passphrase you will remember such as “I Love To Vacation On The Beach” (iltvotb) along with numbers and symbols.
· Never write down or post passwords near your computer.
Take advantage of global controls to eliminate human error:
· Require employees to change passwords every 90 to 180 days to protect against intrusion.
· Use multifactor authentication, a system that employs a separate device such as a mobile phone to authenticate a password.
· Employ a password management system to store, synchronize and manage passwords across multiple systems and applications.
With the speed at which technology is changing and the growing threat of cyber intrusion, it’s imperative that title insurance and escrow companies make it an annual practice to conduct a password management audit of their company practices. In addition, adding password usage education to your annual escrow training regimen can go a long way to ensuring healthy password hygiene in your company.
At Positively Balanced, we are also committed to assisting you with safe and secure services to help you protect your escrow accounts and grow your business. Call us today to learn more!
Comments