About two years ago, the American Land Title Association (ALTA) published a set of best practices for real estate transaction professionals which included a heavy focus on data and information security.
With the new TILA-RESPA requirements increasing time pressures on the exchange of settlement documents now in force, it’s a good time - maybe high time - all real estate professionals assess how they exchange documents with lenders, agents and borrowers. Leveraging the time and cost efficiency, as well as the ubiquity, of email services makes sense – but only if it can be done securely.
Why? Government regulation and compliance laws related to the handling of personally identifiable information that can be used to perpetrate identity theft and wire fraud are ever expanding – and rightly so.
Identity theft and massive data breaches are an increasing problem as we all conduct more of our personal and professional business on-line. Any professional or professional service organization handling personal identity and financial information needs to stay in compliance with regulations to protect themselves, their customers and business partners from data theft and compliance fines.
And be warned - unencrypted email is not secure – the content and attachments are electronically visible and discoverable. In most cases, once you hit send, your email with attachments leaves your email service, traveling through many public server-to-server Internet hops on its way to the recipient.
This is where the security issue is. At any one of these server hops, the content you sent is electronically viewable and available for misuse without your knowledge.
Consider this analogy for unencrypted email; it’s like sending private information on the back of a postcard through the postal service. Anyone along the delivery path could intercept and read the content – it’s not hidden.
But with email it’s worse and easier to see because a hacker can tap into a public server anywhere along the email delivery route, and from anywhere, and steal non-public personal information (NPPI) or other sensitive financial data.
ALTA specifies the use of secure delivery methods when transmitting NPPI – names, addresses, driver’s license numbers, SSNs, account numbers, credit info, etc. ALTA’s decision to make data security a foremost pillar in its published Best Practices guideline is a direct result of the Consumer Finance Protection Bureau's increasing concern for the consumer during the real estate settlement process. It recognizes most email users don’t realize the risks of sending NPPI in email bodies and attachments.
In fact, ALTA’s Best Practices Pillar #3 recommends organizations with a hand in transferring a land title to adopt and maintain, in writing, a privacy and information security program to protect NPPI.
Pillar #3 requires everything from a disaster response plan to established training and documentation of the steps taken to protect NPPI – and this includes the proper protocol for transmission of secured information.
Fortunately, it is fairly easy to secure email and attachments by using encrypted email and file transfer solutions. These solutions work with existing email addresses and require little or no “IT guy” involvement to setup.
Typically the user selects when they want to send an encrypted message right from their email client, and the recipient can easily retrieve the encrypted message and attachments with very little complexity, even from Apple and Android mobile devices. A quality solution will work with virtually any email client or service, including Office 365, Gmail, Thunderbird and others
Budget-wise, there are a number of ways to cost-effectively get started. For small to mid-sized offices, cloud-based encryption services are generally offered as inexpensive subscriptions on a per user basis – a simple credit card transaction and you’re good to go. No software license fees, hardware or installation is required.
There are also automatic email encryption solutions – a pre-set filter that scans all email and attachments for NPPI and encrypts discovered messages automatically. This may take more time and experience to setup, and therefore cost more to implement, but once in place, the automated encryption policy can take some human error out of the equation, eliminating the “oops – I forgot to encrypt that email!”
Either way - an encrypted email service is the best protection against data breaches and fraud when sending sensitive documents and messages via email. Also known as secure mail – it is a valuable service for real estate professionals to use – and another measure that elevates a professional organization’s status as a trusted business partner and advisor in the transaction process.