Richey May, an accounting and advisory firm serving the financial services and real estate industries, has launched a cybersecurity services practice to help lenders and servicers protect themselves against the growing risk of online fraud and data attacks, the company announced.
Through Richey May Technology Solutions, the company’s clients can receive an assessment of their IT infrastructure and controls. After the assessment, Richey May will make recommendations to the company and help implement them. Lenders and servicers that do not have information security professionals on staff will be able to hire Richey May to act as a chief information security officer on a contract basis, the company said.
With the growing number of data breaches on companies such as Equifax, JP Morgan Chase and Yahoo, John-Thomas Gaietto, an information security expert with Richey May, said mortgage lenders should be worried.
“No industry works with as much sensitive, consumer data than the mortgage industry,” Gaietto said in a release. “They have everything about a borrower’s finances, from paystubs to tax returns to the Social Security numbers of their children. They’re also required to retain this data for years, which compounds the challenges of storing it securely and keeping it out of the hands of cybercriminals.”
Nathan Lee, a company partner, said large-scale in recent years have created growing anxiety among the company's mortgage clients.
“There’s a sense that, if it can happen to a giant credit reporting company like Equifax, it can happen to anybody,” Lee said. “The problem is many companies in the mortgage industry do not have the internal resources they need to protect themselves, which is why we’re offering to help.”
Mortgage lenders must also face an increasing number of cybersecurity regulations. In 2017, according to the release, New York enacted one of the country’s strongest cybersecurity regulations in the nation. It requires mortgage companies to conduct cybersecurity risk assessments, train staff, and put controls in place to protect consumer data.
“Since a growing number of lenders now use loan origination systems and other software over the Internet, and are migrating IT infrastructure to the cloud, they are often unaware of how their borrowers’ data is being protected, let alone where the data is physically located,” Gaietto added. “Many assume their cloud providers oversee protecting data as well, when it is typically a shared responsibility between the lender and the provider.”
“Our assessments can really be eye-opening for lenders, because they don’t really know where their data is, how frequently they’re being targeted, or how vulnerable they are,” Lee said. “All it takes is for one staff member to do the wrong thing, and you're in big trouble.”