Can your data security stand the heat?

The current hotter weather gives us all the perfect excuse to chill out, relax with friends and family. However, there’s one thing that you can’t be relaxed about during the summer – or at any time: data security. If you let that slip, you put both your and your clients’ information at risk.

Be sensible

First on your checklist should be backing up your data, because if something goes wrong and you don’t have a copy, you risk losing it all. Backing up your computer regularly will ensure you always have contingency, should the unthinkable happen. There is a variety of ways to do this. Perhaps purchase a separate hard drive that you keep on another premises or back up to a cloud – whatever you do, make sure that you do something.

You should also ensure that you update any computer programmes you use regularly. Whenever prompted, make sure you agree to the latest update so that your computer and other devices are protected with the most recent anti-virus software.

Be vigilant

It’s also a must to regularly update your passwords and ensure that you use a combination of symbols, letters and numbers (we know it’s tedious, but it does help) to ensure that they are not easy to crack. The best passwords are in fact completely random, but a variety of useful password manager applications can help you manage them.

Also make sure that all your devices are stored safely. Whether in office premises or in your own home, make sure laptops and computers are not easy to spot from outside prying eyes – and also being vigilant if transporting your laptop from A to B. Being careful in the first instance will help to ensure their safety – and will also mean that you don’t have to fork out costly amounts or claim on your insurance for replacement devices.

Protect the information, not just the device

Recent history shows that even the strongest passwords can be hacked – and an awful lot of information stored on our gadgets and computers could be worth a lot to someone with dishonest intentions. So phone numbers, sensitive files, important emails and messages are best encrypted, whichever device you are using. Here are a few examples of the best encryption software you can use for laptops – and apps for mobile phones.

It’s also sensible to investigate being able to ‘wipe’ (delete) your data remotely if ever your device is lost or stolen.

Our end of the bargain

Security of data and security of systems work hand in hand. Whilst you need to do your bit, we also do ours. So we work with well-known specialist providers offering Managed Cloud Services to ensure that we have the latest security practices in place. There are regular security updates made to all our systems, ensuring they are safe from potential cyber threats. Plus all the data stored in our systems is backed up to ensure that we have a secure copy for whenever you may need it. Firewalls are in place too, preventing hackers from gaining access to any data, and with our specialist security partners, we also regularly test our systems to spot any potential vulnerabilities.

Together we’ll remain protected

As long as we work together, we can ensure that both your data and various devices remain safe and secure. So back up your data, keep your systems up-to-date and take good care of them and we’ll continue to manage things our end. Then you can relax this summer, and in fact, all year round, safe in the knowledge that your data and devices are secure.

Find a handy cyber-security leaflet on our website, and contact the support team if you have further queries on 0208 665 3200.

Our Systems and GDPR

With the new General Data Protection Regulation (GDPR) coming into force this week, on 25th May, we’ve been working hard to ensure our systems are enhanced ahead of the new rulings, so that you can be confident that our technology will keep you compliant.

Our enhancements have addressed the main areas of GDPR relevant to the functionality of our systems and the way you use them: definition and handling of personal data, the right to be forgotten, recording of clients’ consent, data portability and the right to object. This blog explains how we have updated and improved each of our systems so that you can have complete peace of mind after 25th May.

Mortgage sourcing

Both MortgageBrain Classic and MortgageBrain Anywhere have had several improvements and enhancements in light of GDPR.

There is now much greater flexibility and control in client data handling, for example enabling you to choose various options when deleting client records or exporting client data – some of the main GDPR requirements.

Deleting data

As GDPR requires you to justify why you’re keeping client data, our sourcing systems now enable you to find dormant clients in order to delete their data or re-contact them if needed. There is a ‘find dormant clients’ option, which you can select to bring up the clients to review.

The new rules also state that no record can be kept of any client data which has been deleted. Therefore, your deleted clients list will only contain a unique client ID, who deleted the client, when, and why.

A ‘deleted clients’ list can be exported in a CSV file to another location allowing it to be saved as part of the GDPR record keeping process.

Exporting data

Another stipulation of GDPR is to be able to export client data in a common standard format. This is to comply with the ability to provide clients with their data so that they can check and confirm that what is being held is correct.

We have also now made it easy to export this data, with a new export button, which also allows you to save the data to a file which can then be given to the client.

CRM, back office support & compliance systems

The Key, our CRM system, stores a great deal of client data, so there is now additional functionality to ensure you can fulfil your GDPR responsibilities. The enhancements include the ability to record consent, and the right for clients to be forgotten.

There are multiple enhancements to recording consent located in the ‘consent manager,’ as well as the ability to record ‘processing consent.’ Users are also able to record marketing consent via mail, email, phone and text message.

All of the Key’s deletion processes have been reviewed to ensure all personal data is removed to comply with GDPR. We have included a new function, enabling you to select multiple client records to be deleted all in one go. You can also search free text recorded as notes in order to search for, and delete, personal data that isn’t stored in the main client record.

The Key’s data portability features have also been reviewed, so that all necessary personal data is available. Industry-standard formats are now used, and records of activity now kept within the Key.

Finally, we have also reviewed our Fact Find functionality and have ensured that amendment of dependents data is recorded to ensure compliance with GDPR.

Multi-lender mortgage application platform

MTE, our mortgage application system, as with our other products already fulfilled most of the GDPR requirements, with personal data being password protected and encrypted. However, we have made further enhancements ahead of this month’s implementation of the new rules, including the ability to delete applications permanently, export client data as a CSV file and the ability to keep a record of client data exports and deletions. Furthermore, we have introduced a new option to record a free text note when deleting a client.

Your responsibilities

While our systems enable you to be fully GDPR-compliant, there are still responsibilities which lie with you. These include ensuring your computers are running software which is fully secure, and operating systems supported by providers. Any applications you use should be kept fully up-to-date, as well as protected by strong passwords to ensure security of data you store. We also recommend using screensavers for when you’re away from your computer for added protection.

You can find details about GDPR and our privacy policy, terms and conditions and release notes for the latest versions of MortgageBrain Classic, MortgageBrain Anywhere, MTE, the Key and MortgageStream on the GDPR page on our website.

If you’d still like to read more about GDPR, with the regulations coming into place on 25th May 2018, a presentation on the topic can be found here.

Security: You are in safe hands with us

Whether we like to think about it or not, cybercrime is on the increase. In 2015, it was reported by Professional Adviser that 20,000 cyber-attacks were taking place each week, and that figure is expected to reach around 700,000 by the end of 2017.

Safeguarding data is of paramount importance, and so we want you to have peace of mind that the information stored in our datat centres will always remain intact. Hence why we dedicate a great deal of time and effort to our cybersecurity strategy and ensure that robust measures are in place to protect both your data and our systems against any potential threats or unauthorised access.

Regular security updates
All of our systems receive routine software updates to protect against any known cyber threats and provide resistance to potential future risks. What is more, we don’t support unsecure operating systems such as Windows XP which no longer receives any security updates from Windows.

Backing it up
We know that when you save information on our systems, you need and expect it to remain safe. Therefore we ensure that we regularly back up all your data and always have a secure copy of all our hosted data, and always have a copy of your files should any ever be corrupted. This also means that should you need to install the Key on a new computer or laptop, you can simply reinstall the application and continue you where you left off with little inconvenience.

Our own protection
We don’t simply safeguard your data, we also ensure that our own systems are protected by firewalls which will prevent any hacker attempting to gain unauthorised access. The recent WannaCry virus exploited a technique that is prevented by our security systems, meaning that any attempt to corrupt the data was useless.

Rigorous security checks are also regularly carried out. We use a specialist security partner to test our systems for any possible vulnerabilities and make any recommended changes to ensure that we are following best practice and doing all that we can.

Our internet hosts are also secure
Our systems are hosted by industry-leading internet services providers in highly secure data centres that offer virtualization technology, which provides another extra layer of protection.

All processes are in place
We also have systems that are on standby, designed to take over immediately in the event of any service interruption. This means that there will be a limited impact to your business, but your data will remain safe and secure.

How can you help?
Your own understanding of the potential and real threat to all of us by cybercrime is important. Just awareness is an important way in which we can all together prevent cyber-attacks affecting us.

Good cybersecurity practices include regular updates and back-ups, strong and frequently changed passwords, being careful when connecting to public Wi-Fi and being sensible when sharing information on social media or plugging devices into your computer. Secure messaging is also wise when sending sensitive data, which is a feature of our Client Portal within the Key.

Being aware that threats are out there and being prepared for them is something we at Mortgage Brain pride ourselves on.  Our aim remains to ensure that you can use our systems, safe in the knowledge that we have your data security and integrity taken care of and it remains an integral part of our service to you.