"Let’s be honest here, the biggest threat may not come from cyber-criminals, it might actually come from your own workforce"
One of the major fears of modern communication has to be that feeling when you send an email which should never have been sent.
I’m sure we’ve all been there – the angry email response when you should have just cooled down a bit, the email reply to all which should have only gone to one person, the text message which has used auto-correct and now reads very differently to how it should have, the email or message which went to the wrong person, and many variations on this particular theme.
In a personal setting, these can be absolutely mortifying and can provide plenty of repercussions to work through but, in our line of business, the misjudged email/reply to all/the wrong person receiving the communication, etc, can result in significant damage not just to the business itself in terms of reputation and service, clients in terms of upset but can obviously cost thousands of pounds given the money that flows around the housing and mortgage market.
It’s for this latter reason that the industry is constantly fighting a battle against housing/mortgage fraud and why individuals/firms who are involved in the process can find themselves in the cross-hairs of fraudsters who are looking for weak links within the chain in order that they can perpetrate the fraud.
Google ‘mortgage fraud’ and you’ll find any number of extremely sad tales which seem to beggar belief in terms of their simplicity; most involve the hacking of a client’s email, or the hacking of a solicitor’s email, and some are simple requests for money to be transferred to a different account number. Once done, the fraud is done and dusted and it leaves a trail of destruction behind it.
All because the email system was simply not cyber-secure enough to deal with, what is, a very basic fraud. And it would seem that, in the age of Covid-19, attempts at fraud have rocketed – even back as early as mid-March the City of London Police was reporting a 400% increase in scams. And, let’s be honest here, the biggest threat may not come from cyber-criminals, it might actually come from your own workforce inadvertently carrying out one of those examples mentioned above.
All this in the age of GDPR where breaches of personal information and data need to be reported to the Information Commissioners’ Office (ICO); since 2018 the ICO has seen such breaches increase by 75% and apparently a massive 88% have been attributable to human error, including the sending of emails to the wrong recipient.
In other words, there are two fronts that we might be fighting on here, and advisory firms are just as susceptible to any other practitioner active within the housing/mortgage process. So, it’s a case of arming yourself against those criminals who actively target you and your clients, and it’s also a case of protecting yourself against the inadvertent acts/mess-ups which are not born out of malice but happen because people make mistakes.
If we work from this basis then you’ll soon come to realise – as indeed we have recently – that you’ll need an extra layer of security in place in order to cope with both of these ‘assaults’. And, in a sector in which there is lots of personal and private information flowing around, and where access to that information by the wrong person can make life very difficult for all concerned, then perhaps we all need to think doubly about what we are doing.
To that end, we recently partnered up with a firm called Beyond Encryption who have a product called Mailock, which – certainly when it comes to emails – helps mitigate the risks of not just having your emails intercepted by fraudsters, but also of having sent an email to the wrong person. The product encrypts the emails, and all attachments, meaning that the identity of the recipient can be challenged to make sure they are the correct person, plus it provides a date/time stamped audit trail, security ‘nudges’ and a full ‘revocation option’ to recall those emails which have been sent to the wrong person, or shouldn’t have been sent at all.
Again, working as advisers with potentially many clients, with a real need to keep personal/financial information safe and secure, and working in a high-risk sector where the ‘rewards’ for fraudsters are large, it really pays to have that extra level of security which should hopefully give everyone (including the firm owner) a much greater peace of mind that security is not being routinely breached or communications are not going to the wrong person.
Mistakes will happen, fraud attempts will continue – that is something we all have to live with. However, with the right products and processes in place, we can all ensure that such risks are kept to an absolute minimum and that we are all protecting our greatest assets, our staff and clients.
