Keeping data and computer systems secure is important in every type of industry. It has a special importance in sectors dealing directly with finance, however, as data breaches can lead directly to fraud. Those worries have led to a push for more IT security and employee awareness in the mortgage sector, according to Mortgage Finance Gazette contributor Paul Brooks. He noted that the U.K.'s Fraud Management Authority has frequent trouble detecting illicit activity in the mortgage industry, further incentivizing good practices by individual firms.
Risk versus preparation
Brooks noted that international standards are a good place to start for security compliance efforts. He explained that the Information Security Management Systems guidelines have little traction with U.K. mortgage dealers but that adoption is on the rise, with his large employer achieving certification recently. The requirements involve both best practices in data handling and thorough recovery strategies.
According to Brooks, data security can go well beyond the actual digital systems containing data. He explained that companies should also focus on making sure workers know the procedures necessary to keep information safe. He also advocated for security systems that can keep facilities and property safe. Utilizing advanced penetration testing services can determine a firm's overall data loss readiness.
Standards and guidelines
Depending on the company and industry, there are a variety of standards and restrictions that can guide security decisions. One of the most prominent is the PCI standard for payment data. PCI compliance is mandatory for firms dealing with customer credit card numbers. TechTarget contributor Mark Chapple recently suggested that firms should treat certain parts of the code as baseline and go beyond them to make systems even stronger. Rather than either using app firewalls or performing vulnerability tests, he suggested doing both.