Growing number of data breaches on companies such as Equifax, JP Morgan Chase and Yahoo have lenders rightfully anxious
—Richey May Technology Solutions will offer everything from risk assessments to chief information security officer services—
Denver, Colorado – March 8, 2018 – Richey May, an accounting and advisory firm serving the financial services and real estate industries, has launched a cybersecurity services practice to help lenders and servicers protect themselves against the growing risk of online fraud and data attacks.
Through Richey May Technology Solutions, Richey May clients can receive an assessment of their IT infrastructure and controls. After the assessment, Richey May will make recommendations to the company and help implement them. Lenders and servicers that do not have information security professionals on staff can hire Richey May to act as a chief information security officer on a contract basis.
John-Thomas (J.T.) Gaietto, an information security expert who joined Richey May last fall, has been named executive director of Richey May Technology Solutions. Gaietto has more than 18 years of experience providing enterprise information security and risk management services, most of which he spent working in the financial services industry.
Nathan Lee, a Richey May partner, said large-scale cyberattacks on Equifax, JP Morgan Chase, Yahoo and many other companies in recent years have created growing anxiety among the company’s mortgage clients. “There’s a sense that, if it can happen to a giant credit reporting company like Equifax, it can happen to anybody,” Lee said. “The problem is many companies in the mortgage industry do not have the internal resources they need to protect themselves, which is why we’re offering to help.”
Gaietto says mortgage lenders have a right to be worried. “No industry works with as much sensitive consumer data than the mortgage industry,” he said. “They have everything about a borrower’s finances, from paystubs to tax returns to the Social Security numbers of their children. They’re also required to retain this data for years, which compounds the challenges of storing it securely and keeping it out of the hands of cybercriminals.”
Recent shifts in how mortgage lenders use technology have increased the risks as well, Gaietto added. “Since a growing number of lenders now use loan origination systems (LOSs) and other software over the Internet, and are migrating IT infrastructure to the cloud, they are often unaware of how their borrowers’ data is being protected, let alone where the data is physically located. Many assume their cloud providers oversee protecting data as well, when it is typically a shared responsibility between the lender and the provider.”
Mortgage lenders must also face an increasing number of cybersecurity regulations. Last year, New York enacted one of the country’s strongest cybersecurity regulations in the nation. It requires mortgage companies to conduct cybersecurity risk assessments, train staff, and put controls in place to protect consumer data.
“Our assessments can really be eye-opening for lenders, because they don’t really know where their data is, how frequently they’re being targeted, or how vulnerable they are,” Lee said. “All it takes is for one staff member to do the wrong thing, and you’re in big trouble.”