Our own Aaron Davis was approached recently by National Mortgage News for his thoughts about business disruption plans—a very timely topic. (Subscription required). It’s a great read, and you should check it out if you can. It’s a great reminder that business disasters can come in many forms. Cybersecurity is only half of the battle. Sometimes, even the most secure systems get breached by persistent and sophisticated criminals determined to get in. If you don’t have a flexible, updated, and robust business continuity/disaster plan, your cybersecurity plan could go for naught.
You may recall that, just a few years ago, our industry had a fairly robust conversation about cyber-security and business continuity planning when ALTA unveiled its Best Practices. For the title industry, SOC 2 and/or Best Practices certification became not only a security need, but a way of differentiating to lenders. Of course, not everyone went the distance with their planning, and the Best Practices, while welcome, did not get extremely specific. At the time, hacking, hurricanes, fires, and the like were considered the primary threats. Over the next few years, wire fraud became the dominant topic—something that, while definitely a threat that requires cybersecurity planning, really doesn’t dovetail with disaster planning or business continuity. And so, it’s quite possible that some of those who put together great plans then, but haven’t regularly reviewed and updated them since, have some weaknesses in their system today.
If you jump ahead of that original conversation five or six years to 2021, one pandemic and one massive ransomware attack now behind us, things have changed. Ransomware is now a widespread threat. Cybercriminals have evolved along with the systems designed to thwart them. Clearly, it’s time to revisit, dust off or, if you didn’t have one already, build a solid disaster recovery and cybersecurity plan.
You may not know this, but FAN had one of our offices damaged in a fire not long ago. You wouldn’t know it unless you were there or told by someone. That’s because we had a business continuity plan—updated regularly—in place. And our data was securely cloud based. So we followed our plan: leveraging alternate technology from an alternate location and resumed the work week seamlessly. Now, a cyberattack is a very different thing than a fire. But remember this as well: the most successful cybercriminals go for the easiest targets most of the time. Odds are, if you’re up to date with a professional security system and effective business continuity plan, you’ll be in good shape.