"When you have records of clients who are involved in buying/selling homes, there is always a danger that information can be stolen and those very same clients targeted."
Tackling attempts at fraud may not be particularly high on the agenda of most mortgage advisers, certainly when compared for example with lenders and conveyancing firms, however given their critical role within the mortgage and home-buying process, it should certainly be taken seriously and the right systems and controls put in place to deal with it.
Just a few weeks ago, we all saw the devastating impact a worldwide cyber attack can have on businesses and organisations. The ransomware attack in May effectively put large numbers of NHS trusts, hospitals and practices out of commission and was a clear example of the damage that can be wrought by hackers and criminals.
Much has been made about the increase in threat to financial services firms, and it’s true that within our sector, given the large amounts of money involved, there are many more attempts at cyber fraud and cyber crime, especially when it comes to the conveyancing profession. ‘Friday afternoon fraud’ is now a real danger and a growing number of individuals have lost sizeable amounts of money, and their chance to purchase a new home, because they (or the conveyancing firm) have been duped by the fraudsters.
As mentioned, for mortgage advisory firms, the threat of having thousands of pounds fraudulently taken from you (or your clients) is less, but every single business in the country is open to being hacked, and when you have records of clients who are involved in buying/selling homes, there is always a danger that information can be stolen and those very same clients targeted.
If you think you’re immune to this, then think again. The Government issued a paper recently which suggested that over half of all financial firms have been the victim of a cyber attack in the last 12 months. And if the attack on the NHS has taught us anything, it’s that firstly, any firm can find themselves in the crosshairs of the fraudsters, and that when it comes to technology, relying on what we might define as ‘legacy’ technology is perhaps not wise. In the NHS attack, for instance, much was made of the fact that many of those worst affected were those who were using older software and had not updated.
Now, no-one is suggesting that every single advisory firm has to go out and upgrade their software and hardware to the very newest kit, because this clearly comes with a cost and, in many instances, it might not actually be needed. However, you will know yourself whether the software systems you are running, and the hardware you’re running them on, might actually be starting to run past their sell-by date, or if you simply need to upgrade to those systems that may offer slightly better protection.
Let’s be honest, when it comes to the tech we use, we can all be pretty conservative. Having used the same laptop/computer, or run the same systems, for a number of years means that you have a high level of familiarity, you know how they work, where everything is, and you can work your way round them with a minimum of fuss. But, could this tech actually stand-up to the increasingly sophisticated (and not so sophisticated) techniques that the fraudsters are employing? I think deep down most of us will know when it might be the time to change or upgrade.
The good thing about the technology industry is that upgrades are always available, so the first thing to do is run a review of what you have, what it does, where there may be gaps, and what is available to fill those gaps. Once this review is complete, you’ll have a much better understanding of what needs to be done, and how to go about this in the most cost-efficient manner but also ensuring that you’re as up to date as you possible can be (budgets allowing obviously). Make sure you prioritise your tech needs and work through those priorities to cover the areas where you are likely to be most exposed, and where the most significant damage could be done.
If you’re an AR of a network, then make sure you engage with your Principal to be clear on their requirements and where they can help you. Minimum standards are fine, but if you are taking on this project now, it could also be worthwhile doing as much as you can to future-proof your business’ tech needs. One thing is for certain, the fraudsters are not going to be stopping anytime soon, and therefore you may well need to educate yourself and your staff about how they work now, but also how that might evolve in the future.
Overall, this is likely to be a significant issue for all businesses – as mentioned, it’s not going away; indeed our reliance on technology makes it far more likely that you’ll eventually be targeted even if you’ve been lucky enough up until now. Therefore, make sure you’re set up in such a way that, at the very least, you’re making it very difficult for a fraudster to be successful.