There is an old saying, “a chain is only as strong as its weakest link.” No matter how strong the other links are, it will be the weak one that breaks and causes failure.
This same concept applies to keeping your personal information safe.
Zoom Mortgage Pros, Inc. (ZMPI) exceeds the regulatory requirements to ensure your data stays safe.
It is common knowledge that mortgage brokers work with highly sensitive financial information and are often the targets of malcontents trying to steal it.
To keep your information secure, we have incorporated some of the same systems and software (backbone, storage, encryption, etc.) that companies like PricewaterhouseCoopers, Salesforce.com, and HP use.
We have specific and different protocols that are employed depending on the type of information and the method it is sent.
- Portal Upload & Storage are transmitted via SSL and stored on SSAE16 SOC 2 Type II certified data centers.
- Emails we send are encrypted using Transport Layer Security (TSL), the industry standard for safety. A great article that explains this in detail is TLS Basics.
While we are confident of our data security, as again it meets or exceeds regulations, it is still possible to have a related breach, and when that occurs, it will be the weak link of the chain.
Should a breach occur it is often the end user (in our case usually the Borrowers) lack of security that will cause a leak of information.
We take guarding your data seriously, and you should as well.
Here are 7 things you can do to keep your data safer.
- Use Complicated Passwords
Yes, it’s a necessary pain in the butt. But the strategy below makes it simple, keeps every site with their own password (see #2), and makes your passwords easy to remember.
Take the chorus of your favorite song (let’s Amazing Grace (chorus is Amazing Grace How Sweet The Sound)
Year of Birth (say 1972)
The website you’re using the password for (Say Gmail).
Now combine them:
- Use the first letter of each of the chorus words in Capitals (AGHSTS)
- Use the first 2 digits of your birth year (19)
- Use the last two of your birth year WITH THE SHIFT KEY) in this case shift 7 is & and shift 2 is @ so (&@)
- Use the first 3 letters of your site name in reverse (gma) and combine them
This would give us the password of AGHSTS19&@gma
If the site was amazon.com the password would be AGHSTS19&@ama
It would take nearly 1 trillion years to brute force crack these passwords. (Thank you to https://www.betterbuys.com/estimating-password-cracking-times/ for the calculations)
- Do not use the same password at more than one site.
By using a formula that includes the name of the site each of your passwords will be unique.
Hackers know people will often use the same password on multiple sites, and they rely on that to exploit you when the figure out one password, they will try your main email address and the password they have discovered to gain access.
- Install System Updates
Simple as it sounds, but do it on your computers, your routers, your mobile devices. Many times, the reason for an update is that a vulnerability has been discovered and the software provider has corrected the weakness.
- Use a VPN
A VPN is a low-cost way of keeping your information secure (usually $25 a year or less). In super simple terms it creates an insulated line of direct communication between 2 points (i.e. your laptop and the internet). It makes your computer invisible to the rest of the internet while your using the internet.
- Don’t Use Public Free Networks Or Public Computers.
Free WI-FI are considered open networks. Most people are just happy for the service, but sometimes those connections are not as secure as they may seem.
Two of the favorite hacker tools used in open networks are capturing the information your computer is sending over and unprotected network (sniffing) or steering you to a fishing site where they drop a payload of malware or capture your login credentials.
FREE WI-FI is just not worth the risk (with a VPN it is much safer).
- Verify Known Senders
A good habit to get into, is to take a quick second and click on the drop down box to look at the sender information.
The domain should match the sender you expect it to be.
Example
If you get an email that appears to be from McAfee. Click on the drop down arrow (where the Red Arrow is pointing)
If you expect this to be from McAfee (as indicated by the green arrow) it should have mcafee.com in the sending domain information (gray arrows).
Additionally… mcafee.com should be on the right of the @ symbol AND in the most right position.
Correct | Incorrect & Dangerous |
info@mcafee.com | info.mcafee.com@gmail.com info@mcafee.com.security.uk |
Remember it is the last two text combonations separated by the right most period that make up the domain (where the information is going to).
While info@mcafee.com.security.uk at first glance has the words we expect, this email is going to someone at security.uk which has nothing to do with McAfee.
By doing a quick drop down on the email addressing information, you can weed out phishing attempts and keep your information more secure.
Personal Note:
I deal with someone with an extremely unique name at an escrow company. While in the middle of a transaction I received and email that just didn’t look right with the subject line, Here’s the payoff you requested.
My spam filters (and we have world class spam filters) did not tag this as a phishing attempt.
It looked right, but I already had the payoff.
It wasn’t until I reviewed the addressing information that I saw it said uniquenfullname.escrowcompany@gmail.com when it should have said uniquefirstname.lastname@escrowcompany.com.
Checking the addressing information minimizes mistakes and protects our clients.
- Destroy Old Computers and/or Hard Drives
Have you ever wondered why it takes so long to save files on your computer but it only takes a split second to erase a file?
The reason is when you delete a file (even from your recycle bin so you cant recover it), the data still exists. Deleting the file simply removes the file information from the file system.
Think of it like this.
The data file system is like the old Library Card Catalogs. (for those of you who are too young watch this video start at 45 seconds… a library card catalog was a file of 3×5 cards that had the name of a book on them. They were in alphabetical order, so if you knew the name of the book, you could look it up on the card catalog and it would give you the Dewey decimal number of book then you could go find the book).
When you erase a file, all your doing is removing the card from the card catalog. The book still exists. It will continue to exist until the storage device decides it needs that space to write something.
Even then, it may just write a small bit leaving the rest of the file intact (so you have a slightly less perfect file).
If you want to donate or sell your computer find a program that can do a DoD Wipe and use it. Do a search for D0D 5220.22M on google and choose one of the programs that is compliant.
We do everything we can to keep your data safe, but our efforts are futile if YOU, “the user” do not do your part.
These tips when followed will increase your data security and make all links of the chain equally strong.
0 Comments