Data Security – What Every Mortgage Professional Needs To Know

Download Your Free PDF Copy of “Data Security – What Every Mortgage Professional Needs to Know” – Including Helpful Resources, Links, and Examples

By John Paasonen, CEO of Maxwell & Ken Kantzer, Co-Founder PKC Security

Mention data security to a mortgage executive and it’s enough to make them squirm. You can’t open a newspaper without reading about a security breach, even from some of the world’s most avantgarde technology companies.

Data is the heartbeat of the mortgage industry. Protecting it should be the priority for all organizations, no matter their size. And it’s time to size up to the reality that the conventional methods of security are no longer sufficient.

Featured Sponsors:


Ken Kantzer knows a bit about data security. He is the co-founder of PKC Security, a cybersecurity consulting firm. He has undertaken cybersecurity consulting and code audit efforts across multiple sectors: high-tech startups, financial services, oil & gas, industrial infrastructure, and high-security government systems.

Reduce Fractured Business Architecture

The way most mortgage companies work is fractured and insecure. Data resides on systems from the loan officer’s messaging app on their smartphone through to the LOS and everywhere in between. Data sits in Word documents. It lives in Outlook. And it’s transferred to third parties as part of the process every day.

Despite marketing promises to the contrary, there is no single all-in-one platform today. Indeed that may be an unrealistic utopia. What is realistic is a set of best-of-breed, modern systems that work together seamlessly.

Featured Sponsors:

“The best way to get hacked is to have systems on your hands that no one at your company understands,” says Ken. “Given the choice, opt for platforms that employ the most modern security measures, and simple interfaces between your systems.”

Protect Data Dynamically

The conventional castle-and-moat approach to data security is outdated. The financial services industry, particularly the mortgage vertical, must move beyond just firewalls, antivirus, content filtering, and threat detection. “The old idea of putting up a wall and standing watch just doesn’t hold true anymore,” says Ken. “The new approach to data protection focuses on resiliency — systems must ensure that even in worst-case scenarios where there is a data breach, the data can be rendered useless.”

Encryption is one such example of this approach. Mortgage companies can maintain control of their data, even when it is deployed in the cloud or in their data center. By moving security controls as close as possible to the data, a mortgage company can ensure that even after the perimeter is breached, the information remains secure. “At PKC, we always look at how cloud services use encryption, and how the encryption keys used by the service are protected. When encryption is properly implemented, it can be a huge help in strengthening the security of a service, but when it’s improperly implemented, it can actually hurt, by lulling users into a false sense of security.”

Featured Sponsors:

If you haven’t been breached yet, you’re either lucky or you don’t even know it happened. Only mortgage companies that adopt a combination of password managers, encryption-at-rest (using tools like BitLocker or FileVault), and two-factor authentication can be confident that data is useless should it fall into unauthorized hands.

Make Sales & I.T. Collaborate

Hopefully you do the basics: security awareness training, security policies that are enforced across the organization, and a consistent process of monitoring and reviews. Although these are necessary, they often feel like shackles for the sales team.

As many CIO’s realize, employees are often the weakest link. “The key to security is not a sexy new kind of technology, it’s not machine or deep learning,” says Ken. “Of all the awesome technology to deploy to catch bad things before they happen, it’s your frontline employees that will have the highest rates of detection.”

When IT team and sales collaborate, it is the opportunity to confer the feeling that owning security is their responsibility. The key to security is getting every person to care about it, to set a shared value that we must “protect our house” both at home and in the office.

Rather than IT attempting to shackle sales, have them arm the sales team with market-leading mobile communication and collaboration tools that solve their problems, make them more productive and are, by their very nature, secure.

Finally, use the best technology has to offer to reduce non-selling administrative or customer service aspects of a loan officer’s role. Too often, those activities take up more time than the selling loans, and sadly are often created by poorly designed technology tools themselves. Ken agrees: “A mortgage company that understands how to minimize the amount of time a loan officer and her team spends doing administrative tasks, such as data entry and chasing borrowers for documents, will win by helping them be more productive.”

Hack Yourself

It sounds counterintuitive if not downright scary: invite hackers to analyze your systems, looking for security holes, and pay out a “bounty” when they find them. But PayPal, Western Union, Square, Simple and other financial services companies that have created or worked with so-called bug bounty programs say they’re an effective supplement for the work done by sometimes-strapped internal security folks.

Outside the industry, it’s become a common-enough practice that even the U.S. government launched a “Hack the Pentagon” program. Hackers have already found 100 vulnerabilities in Department of Defense systems and the program has paid out $15,000 to 1,400 participants.

Pay hackers to take your side and work with you, and avoid the legal, privacy, intellectual property and cyberfraud issues that result when they go it alone.

Companies that have been using bug bounty programs for years see only benefit to them. Along with the many other types of security defenses mortgage companies need, offering a bug bounty, or undergoing a quarterly penetration test, is likely to become a best practice in the industry.

Empower Your Customers

Two in three customers said they’d cease doing business with a company that experienced a breach where financial information was stolen. Half of the respondents to the global survey by Gemalto said they’d stop doing business with a company where personal information was stolen. A quarter of people said they’d consider legal action against the breached company.

In fact, a mortgage company can even increase customer trust by telling borrowers about the security measures that they have put in place to protect their data. By being open about the efforts they are making with regards to data protection, like encrypting data in transit and at rest, they can be perceived as trusted innovators.

Mortgage companies can take this a step further and, as well as informing customers about what they are doing to protect them, can also tell them what to do in order to protect themselves and become safer users of their services — for example, instructing them not to send sensitive documents by email.


Security must be at the forefront of all decisions made by mortgage professionals. Rather than letting this slow you down or cripple your organization, use security as your asset to grow your business. Have your teams empower each other rather than limit the capabilities of each group. Challenge yourselves regularly.

Technology and proper processes unlock efficiencies and can improve not only the security of your clients information, but your bottom line as well.

About Maxwell

Maxwell is a lightweight digital mortgage platform, helping lending teams become more efficient and provide the digital experience borrowers expect. Maxwell was created on the principle that mortgage companies will win by betting on the augmentation of human ability, not by replacing it with faceless technology. At Maxwell, the power of the human relationship is core to how we build software.

Founded in 2015, Maxwell is a member of the Mortgage Bankers Association and the Colorado Mortgage Lenders Association. In 2017, we were named one of the most innovative companies in real estate by HousingWire Magazine. Every day, our software is used by originators across the U.S. to serve thousands of homebuyers.

Download Your Free PDF Copy of “Data Security – What Every Mortgage Professional Needs to Know” – Including Helpful Resources, Links, and Examples


Progress In Lending

The Place For Thought Leaders And Visionaries

Integration Makes Lender And Borrower Collaboration More Effortless

As mortgage lenders increasingly invest in modernizing their technology experience, Maxwell, a provider of digital mortgage automation software for small and midsize lenders, has integrated with LendingQB to make it easier for lenders and borrowers to collaborate effortlessly through the mortgage process.

Featured Sponsors:


LendingQB continues to extend its integrations through its web-based LOS system . The LOS’ open-architecture application program interface (API) enables lenders to select the tools that best help their efficiency. The LOS was cited in the STRATMOR Group’s December 2016 Technology Insights report as achieving an end user effectiveness rating of 93%, top marks amongst the major LOS providers.

Featured Sponsors:

“In this age of platform interoperability, LendingQB gets it — an open origination platform that empowers its users to optimize the experience for speed, security and delight,” said John Paasonen, CEO of Maxwell. “We’re thrilled to integrate with a likeminded partner as a showcase to Maxwell’s API that gives flexibility back to the customer.”

Featured Sponsors:

Maxwell automates the way that mortgage lenders work with their clients to close a mortgage, from the loan application to assembling a borrower’s file. Lending teams on Maxwell collaborate with homebuyers in a modern digital workspace, on any device, with connectivity to thousands of data sources. Designed by usability experts, Maxwell reports that loans on its platform close 22 days faster than the industry average.

The integration with LendingQB will enable Maxwell clients to seamlessly sync borrower data with the loan origination system, trigger automated notifications to borrowers and real estate agents, and securely exchange documents and information.

“The ability to provide innovative technology such as an open architecture API offers lenders an added value as their organizations continue to grow and evolve,” said Tim Nguyen, president of LendingQB. “This partnership with Maxwell affirms our commitment to streamlining our clients’ access to products and services that power their business. Innovation is accelerating in this industry and lenders benefit when they can utilize best-of-breed solutions to streamline the mortgage process.”

Progress In Lending

The Place For Thought Leaders And Visionaries