Category: Blog

According to the FTC, the Safeguard Rule’s clear purpose “is to strengthen the data security safeguards that covered companies must put in place to protect customers’ personal information.” The change is in line with the global regulatory emphasis on how companies handle personally identifiable information (PII), and is the latest effort in a series of attempts to prevent issues like data breaches.

The Rule applies to financial organizations within the FTC’s jurisdiction under section 505 of the Gramm-Leach-Bliley Act. The FTC website provides a comprehensive list of covered businesses, but it’s important to bear in mind that their definition of financial institutions isn’t limited to traditional banks alone. Mortgage lenders of all sizes are likely to be affected, so be sure to consult the official document if you’re unsure whether the Rule applies to your business.

• Ensure the security and confidentiality of customer data
• Protect against likely threats or hazards to the integrity or security of private data
• Protect against unauthorized access to information which could harm or inconvenience customers

Companies covered by the Rule will need to develop and roll out a comprehensive information security program — and quickly. There are nine core elements of the program, as indicated by the FTC:

• Designate a Qualified Individual to oversee the program.
• Perform a risk assessment to determine internal and external risks and threats to the confidentiality and integrity of customer data.
• Develop and implement safeguards to mitigate identified risks. (Note that this step is broken down further into a separate eight-step process, including data encryption, multi-factor authentication, and the secure disposal of customer data.)
• Consistently monitor and test the effectiveness of safeguards.
• Educate staff with security awareness training and perform routine follow-up training.
• Monitor any service providers and ensure they also have appropriate safeguards in place.
• Keep your information security program up-to-date.
• Create a written incident response plan unique to your business’s specific needs. (This plan is further broken down into seven elements, outlined under Section 314.4(h) of the Safeguards Rule.)
• Have your Qualified Individual report to the Board of Directors and provide annual written reports, which must include an overall assessment of the company’s compliance with the information security program.

If your mortgage company hasn’t already put efforts in place to comply with the FTC Safeguards Rule, it’s not too late to prepare. Here are five steps to consider as you develop your plan for compliance.

As mentioned above, the FTC Safeguards Rule requires a Qualified Individual who will oversee the development and maintenance of your business’s customer information security program. While there may be someone within your organization who fits this role, it’s also possible to appoint an outsourced service provider. The core requirement for the title is experience in managing security operations.

Before you can determine whether you have the appropriate data safeguards in place, you must first identify all internal and external assets with access to customer information. Known as digital footprint mapping, this can be a drawn-out process and may require cross-functional collaboration. Be sure to include previous third-party vendors.

Aside from simply knowing which assets hold customer data, you’ll also need to evaluate how data flows throughout your organization. Consider the lifecycle of customer data from the very first encounter, and identify points of collection, transmission, storage, and destruction. While the FTC Rule mostly pertains to sensitive financial data, such as credit card numbers and Social Security numbers, it’s also advisable to incorporate basic contact information, as these details could be used for phishing scams or other types of cybercrime. As you perform this data mapping exercise, consider apps, systems, devices, departments, and cloud solutions that may collect, process, or store data.

The next step is to review your data security policies and practices and compare them against the updated FTC Safeguards Rule through a comprehensive risk assessment. If you spot gaps or vulnerabilities, don’t panic. Identifying these issues now still gives you time to implement safeguards before the compliance date takes effect. Yet, you don’t want to wait too long — even if the compliance date isn’t until June, waiting to act still leaves your company vulnerable to cyber threats which could have devastating consequences.

Unfortunately, most traditional data security risk assessments are too broad to identify weak points through the lens of FTC compliance. You should therefore implement the help of a specialty cybersecurity firm, who will not only uncover vulnerabilities, but implement effective solutions to safeguard your data for both compliance and overall business protection. If your mortgage company needs assistance FTC Safeguards Rule compliance, contact IT ArchiTeks for customized solutions or book your FTC Safeguards Strategy Session today!

As a business owner, you most likely know the importance of being able to set your company apart from the competition when it comes to your marketing plans. Whether it’s by strategic marketing tactics, a viral/word-of-mouth campaign, or tried-and-true advertising techniques, factoring in the various ways to market your business as efficiently and cost-effectively as possible is always at the forefront of your thinking.

What might not always be considered is the cost and effort to manage and deliver your IT services. IT infrastructure plays a major role in ensuring your business is efficient and productive. However, as many business owners can attest, simply just setting up an IT environment is not enough to make the most of the technology to make your business successful.

Over the past few years, many companies have come to realize the enormous cost of building and maintaining their IT infrastructure, and that they do not have the resources, know-how or people to run it.

That is where a Managed Service Provider, or MSP, comes in. Increasingly acknowledged as a strategic outsourcing partner that can remotely manage a company’s IT services, this valuable resource is becoming a more viable option for the talent and technology knowledge that many businesses simply lack.

You and your staff should be focused on the daily tasks that drive profits and grow your business. Partnering with a knowledgeable managed service provider can act as an extension of your existing team, providing great value and helping your business succeed.

A managed service provider (MSP) delivers a variety of IT-related services through ongoing active support on customers’ premises, in their MSP’s data center (hosting), or via a third-party data center. MSPs assist organizations by providing necessary technical services and active monitoring that keep your day-to-day operations running.

Managed service providers come in a variety of sizes and service capabilities. Some may have thousands of clients and an extensive supply of tools available to support a business globally, while others may specialize in a specific network system and are better suited to support smaller or more local organizations. But no matter the size or scope, your selected MSP must be able to allocate their resources, knowledge, time, and employees toward serving their customers and their unique needs.

There is no one-size-fits-all solution when it comes to IT. Your MSP should understand the needs of both your industry and your organization as well as any specialized software and regulatory compliance that may apply.

An MSP can take on a wide variety of tasks that are imperative to the success of a business but are not necessarily consumer facing. Many companies decide to enlist an MSP to outsource these technical or operational processes due to a lack of expertise or to make processes more efficient so they can focus more on the everyday tasks for the company.

The services provided by an MSP can be offered at a client’s place of business or fully remote. The first step to deciphering the type of services your MSP will provide is to determine what technologies and services are specifically needed for the business.

• Data center management
• Network management and monitoring
• Mobile Device Management
• Infrastructure management
• Backup and Disaster Recovery
• Communication management
• Security management
• Hardware maintenance
• Cybersecurity
• IT training for staff

The use of MSPs and other outsourced IT providers offer a cost-effective way to access needed technology experience and resources that a company may not have in-house, producing desired results for a fraction of the costs versus permanent in-house personnel.

However, unlike many traditional IT providers, an MSP is comprised of a specialized team of professionals who understand your specific needs, creating custom solutions and processes designed to boost efficiency and productivity versus traditional IT outsourcing which serves as an IT department, fulfilling multiple needs at once. Many MSPs work via a contract or agreement that is more suited to fit both your company’s technological needs and budget. Your selected MSP should primarily be focused on the end result for the service/services that you have retained them for.

At the end of the day, when it comes to your selected MSP, you want to be sure it’s managed in the most effective way to ensure you are receiving a high ROI. It’s critical that your MSP provides the appropriate technical personnel who can handle the numerous tasks related to your specific IT needs and the infrastructure is a proven asset to your business.

According to NTT’s 2021 global managed services survey, there are many benefits associated with the use of a managed services provider. Some of these benefits include reduced costs, access to top technical and industry expertise, and valuable insight as to how your business is run.

1. Cost savings.
   Outsourcing with a managed service provider allows business owners to reduce the cost of dedicated employees working in-house as well as the technology, tools, and other resources required to handle any number of IT-related tasks. An MSP can also offer variable billing models which offer businesses flexibility and scalability.
2. Experience and knowledge.
   MSPs have the experience, expertise, and knowledge in the targeted services being provided that allow for greater accuracy and a reduction of risk. Ensure that your selected MSP is fully compliant with government regulations and industry standards.
3. Best-in-class tools, technology, and resources.
   The knowledge and experience supplied by your MSP will help in streamlining a number of processes and procedures. MSPs are accustomed to investing in the latest technologies and have extensive expertise in ways that individual companies may not, often resulting in greater efficiency and performance.
4. Valuable business insight.
   As a business owner, you may gain greater visibility and more insight into how your business is run and the IT services you require from your MSP. This in turn can lead to better and more strategic decision making based on real-time information and analyses.

When you outsource your managed services, you can set your focus more on your business rather than the IT services behind the scenes. The additional benefits gained from partnering with a managed service provider will help you oversee your business to the best of your ability.

IT ArchiTeks is your one stop solution for managed IT services. One of the leading IT service providers in Dallas, Plano, McKinney, Irving and Frisco, Texas, we successfully take care of the IT management, monitoring and maintenance needs of your business.

Click here for more information about our managed services plan and get in touch with IT ArchiTeks today to enjoy the benefits of IT without worrying about the crucial backend tasks.