Accounting and advisory firm Richey May announced Thursday it launched a new cybersecurity services practice to help lenders and servicers protect themselves against online fraud and data attacks.
Richey May Technology Solutions provides IT infrastructure and control analysis to its clients. After the assessment, Richey May will make recommendations to the company and assist with implementation. Clients that do not have information security professionals can hire Richey May to act as a chief information security officer on a contract basis, the company explained in a press release.
The company also selected John-Thomas Gaietto, an information security expert, as the executive director of Richey May Technology Solutions. Gaietto, who joined Richey May last fall, has more than 18 years of experience in enterprise information security and risk management services, most of which he spent working in the financial services industry.
Nathan Lee, a partner with Richey May, explained in a press release that the large-scale cyberattacks on Equifax, JPMorgan Chase, Yahoo and other companies in recent years have created growing anxiety among the company’s mortgage clients.
“There’s a sense that, if it can happen to a giant credit reporting company like Equifax, it can happen to anybody,” Lee said. “The problem is many companies in the mortgage industry do not have the internal resources they need to protect themselves, which is why we’re offering to help.”
“No industry works with as much sensitive consumer data than the mortgage industry,” Gaietto said. “They have everything about a borrower’s finances, from paystubs to tax returns to the Social Security numbers of their children. They’re also required to retain this data for years, which compounds the challenges of storing it securely and keeping it out of the hands of cybercriminals.”
“Since a growing number of lenders now use loan origination systems and other software over the Internet, and are migrating IT infrastructure to the cloud, they are often unaware of how their borrowers’ data is being protected, let alone where the data is physically located. Many assume their cloud providers oversee protecting data as well, when it is typically a shared responsibility between the lender and the provider,” he added.