top of page

Three Security Related Questions to Ask Before Implementing Software

When it comes to mortgage lending we know that maintaining a secure borrower relationship is key to a lender's continued success.

When choosing a client facing software solution, keep in mind that this third party experience represents you, especially when it is a white labeled experience. If software is hacked or compromised in any way, that could harm your future relationship with borrowers and risk potential future business. To ensure you are choosing the right third party vendor, make sure you are asking these three questions.

Who has access to my client's sensitive data?

Ask about who can view or download your sensitive data as well as how it is stored. If you have specific requirements about who should and should not have access to stored data, you should spell that out to your potential software provider. Additionally, ask what happens to your data if or when your partnership ends.

If your software were to go down, what experience do you have in place for our clients?

Recently, Fidelity National Financial (FNF) fell victim to a cyberattack. Not only were homeowners confused about what exactly happened to their information but they were also worried about what this meant for their mortgage payments. LoanCare, a subservicing solution owned by FNF, was unable to collect payments online and it was also noted that customers were unable to reach customer support via the phone. The lack of available information is not only a terrible experience for borrowers but it also reflects poorly on any lender utilizing the LoanCare solution.

Do you regularly assess for malware vulnerabilities?

No company asks to have their data breached but the truth is it is not a rare occurrence. According to Astra, 46% of small businesses fell victim to some sort of cyber attack (this can include everyday phishing attacks) . That is a staggering number and you want to be sure you are aligning yourself with a software company that is regularly running penetration tests of their product and educating and alerting their staff of common attack tactics. Not only is this good practice, it also shows that they take security seriously.

Aside from the basic questions above, it is also nice to know if there is a team dedicated to responding to any reported issues and how a breach would be communicated with you. Ultimately, you want to be able to control the messaging that goes out to your clients. If a software company doesn’t give you the impression that they would provide an open line of communication when needed, it might be best to look into other solutions.


If you are interested in viewing a demo or learning more about how Willow can help your company, click here.


bottom of page