Opinion: The title of The Great Resignation’s the cybersecurity risk

Opinion: The title of The Great Resignation’s the cybersecurity risk

While retention, engagement and automation are the hottest topics emerging from a growing labor shortage, employee turnover can also cause cyber risks and other operational issues for title companies.

The Great Resignation and the lack of available manpower has been a hot topic in the general media for some time now. It is significantly impacting the title insurance industry now and will only become more prominent as the baby boomer workforce continues to retire.

Financial and operational headaches

While this conversation naturally turns to big issues like retaining existing talent or digitizing menial tasks, there are other big threats that come from this labor shortage that aren’t widely discussed, like cybersecurity or wasteful spending.

Forgotten passwords and VPN connections of former employees working from home, while difficult to manage or track, are prime targets for sophisticated cybercriminals. Ghost licenses, unmonitored portals, or abandoned software-as-a-service (SaaS) application accounts as a result of employee departures can cause financial and operational headaches at a time when most are looking to fight the margin compression.

The solution to these growing threats, as is the case with most cyber defense strategies, is proactive planning, monitoring, and training. But before title companies can forge effective plans, they must understand the nature of these threats.

Data exfiltration threats

The exodus of skilled labor from the title industry, whether through retirement, resignation, or even layoff due to changing market cycles, creates its own set of unique threats. While the industry and business owners remain focused on the threat of cybercriminals, there is another prominent threat lurking in the shadows: the insider threat.

It comes from current or former employees in the form of data exfiltration. Too often, employees with access to sensitive documents, nonpublic information (NPI), passwords, and business data can still have access to those assets days and even weeks after they leave or are asked to leave the company.

If the termination is on bad terms, it is all too common for former employees to access and take customer contact lists or exclusive knowledge to another company.

the solution is simple

Fortunately, as common as the problem of exfiltration is, the solution is simple. Employers must have a proactive and comprehensive policy for employees who leave work. Passwords must be canceled and access to programs, databases, portals and other entry points to company data must be terminated before the employee has left the office on their last day. It’s amazing what a motivated or disgruntled former employee can do in a short period of time when allowed to maintain access to confidential information.

Monitoring and management

Another big threat resulting from employee departure involves oversight and management. Too many title companies fail to accurately document their software assets, services, processes and operational policies. Even when the documentation is in place, neglecting to monitor the people managing those business assets can be just as damaging.

We all know that a title agency is chaotic, especially at the end of the month. It’s not uncommon to see staff members use tricks, workarounds, or shortcuts to solve the emerging problems that so often threaten closure. When that person leaves, it may not be apparent to management or the person’s successor that they were creating new files or manually changing the workflow until months later, when a customer requests a file or a claim is filed.

The solution is to create a structured cross-training program for employees. Regular required PTO or even rotation of staff through different elements of the workflow is a great way to accomplish this. And of course, clear monitoring and documentation starts with thoughtful management and training.

Third Party Application Tracking

Another challenge for title companies looking to protect their NPI and data systems stems from the many commonly used online portals and third-party software or services. The problem, in many cases, is that such applications or portals can be difficult to track at the management level.

Great examples include Sales force, adobe package, quick books online, and the like. While these tools are popular with title companies for their cost and ease of use, it can become challenging to track usage, especially in times of increased employee turnover. Some companies continue to pay license fees or similar costs because the finance team assumes they are necessary costs and does not relate the number of licenses to the employees (or former employees) who use them. As a result, a lot of unnecessary spending goes on licenses that haven’t been used in weeks, months, or even years.

Have a clear exit plan

Finally, the little things can really mean a lot when left unattended. That’s especially true when an employee leaves the organization without a clear plan, leaving a virtual hole in the company’s cyber defenses. Examples could include usernames and passwords that are not canceled or locked; or “fake” third-party applications or tools used by individual employees without company approval, but which create access to company-approved systems without management’s knowledge.

Even new employees create a cyber risk when they are not properly onboarded. Sophisticated cybercrime syndicates can easily spot new staff coming into a title business. They just need to monitor LinkedIn or the specialized press, in many cases. New hires often gain extensive access to a company’s cyber infrastructure almost immediately.

Without effective and immediate onboarding, these employees can often inadvertently accommodate ransomware, data breach, or business email compromise (BEC) within hours or days of joining the organization. The solution is to have a complete, effective and up-to-date onboarding plan. Consulting with cyber defense and IT experts is a great way to create, review, or update such plans.

As is the case with almost any type of business threat, whether it be fraud, data exfiltration, or preventable loss, there is no perfect solution. While flaws in technology can create the gateway for such threats, it is the people using that technology who are targeted. Consequently, the best way to mitigate the risks of a business is the use of common sense, effective and informed planning, clear policies that are regularly updated and, above all, constant monitoring and compliance with these policies. Whether it’s onboarding, offboarding, or changing access, it all starts at the top.

As the Great Resignation continues, compounded by the industry’s complete turn toward a competitive buying marketplanning and executing these policies and procedures can protect your business and create a substantial competitive advantage.

Kevin Nincehelser is Premier One’s Chief Operating Officer.

This column does not necessarily reflect the opinion of the HousingWire editorial department and its owners.

To contact the author of this story:
Kevin Nincehelser in [email protected]

To contact the editor responsible for this story:
Sarah Wheeler in [email protected]

Leave a Comment