Cybersecurity best practices and how such measures protect title insurance companies’ data and reputations were shared by Shawn Fox, chief revenue officer at Premier One, during the 2024 Association for Title Information Management conference.
"Data protection is paramount in this industry," Fox told attendees. "Every title company I've talked to operates multiple legacy platforms, sometimes up to five, and you have to hold on to that data forever. The fragmented nature of these systems complicates data management and security.
“Trust and reputation are everything in this little group we call the title industry. You don't want to be the victim of a ransomware attack because it can devastate your reputation and impact mergers, acquisitions and joint ventures."
Fox shared statistics to emphasize the growing cyber threat landscape, saying there are now roughly 2,200 cyberattacks per day, or one every 39 seconds.
Sixty-one percent of small businesses were affected by cybercrime in 2023, and the average cost of a corporate data breach is now $4.4 million, he added.
Social engineering, where scammers manipulate individuals into divulging confidential information, is another significant piece of the puzzle.
"Ninety-eight percent of cybercrimes are based around social engineering," Fox explained. "Attackers use information from social media and other sources to craft convincing emails and other communications. My wife once clicked on a fake Amazon link, and it got into her bank account. It was a nightmare. Even in my own house, I'm constantly training people to be cautious."
In late-June, retail software provider CDK Global was hit with cyberattacks and ensuing system outages that essentially shut down roughly 15,000 car dealerships across North America.
Soon thereafter, CDK advised dealership employees to be cautious of phishing scams and take precautions to secure sensitive information such as passwords, according to multiple news outlets.
Strategies for Enhancing Cybersecurity
Fox outlined several practical steps title companies can take to bolster their cybersecurity:
- Cybersecurity Awareness Training: "Training employees to recognize and prevent breaches is crucial," he said. “Programs like KnowBe4 can help staff identify phishing attempts and other threats.”
- Strong Access Control Measures: Ensuring that only authorized personnel have access to sensitive data.
- Configuration and Patch Management: Regularly updating software and systems to patch vulnerabilities.
- Implementing robust email security measures.
- Backup and Disaster Recovery: "Always ask your IT provider about your backups," Fox advised. "When was the last time they were tested? Are they secure?"
- Managed Detection and Response (MDR) and Security Operations Center (SOC): "These measures help me sleep at night," Fox said. "They provide real-time monitoring and response to potential threats."
The Future of Cybersecurity in Title Insurance
Fox emphasized the increasing sophistication of cybercriminals.
"We're dealing with organized crime, not just lone hackers in basements," he said. "These are specialized groups targeting specific industries and companies."
The cost of cybercrime is projected to reach $10.5 trillion by 2025, making it the third largest “economy” in the world and possibly surpassing China as number two behind the U.S. before the end of this year, according to Fox.
"Conduct an assessment of your current environment and start planning strategically," he urged. "Cybersecurity is no longer optional, it's a critical part of business survival in the title industry. It doesn't matter how many safeguards we have. Employees are the frontline defense against cyber threats, and regular, thorough training is essential to maintaining security.”
Fox pointed out that cyber insurance renewals now require proof of such training and that insurers are scrutinizing claims. Without verifiable training records, they may deny coverage.
He advocated for interactive training models, citing tools like KnowBe4 and Phin. The latter, now preferred by Fox, integrates AI to enhance phishing simulations, creating more realistic and effective training scenarios.
"Phishing training is crucial for preventing breaches," Fox said. “Our team runs continuous phishing campaigns, with a dedicated staff member crafting simulations that mimic real threats. This has shown that C-suite executives often fall prey to phishing attempts more than other employees.”
Multi-factor authentication (MFA) is another vital layer of security that Fox urged companies to adopt, promoting use of solutions such as OnePassword and LastPass to safeguard access credentials. He also cited success stories through automatically rotating passwords for remote access tools to prevent unauthorized entry.
“Monitoring and auditing are critical for maintaining cybersecurity,” Fox said. “Utilizing AI to detect anomalies in user behavior helps identify potential threats early. Data encryption, both at rest and in transit, is another cornerstone. Even if data is encrypted, ransomware can still render it inaccessible.”
Fox also brought attention to the role of backup and disaster recovery systems, sharing a real-world scenario.
"(Brady & Kosovsky Founding Partner) Jamie Kosovsky called me at about twelve o'clock at night and his building had been hit with a lightning bolt and caught on fire,” he said. “By eight o'clock that next morning, we had spun them all back up with all their backups, and we were drop shipping computers to them."
Final thoughts from Fox’s session centered on the proactive approach his company takes towards cybersecurity.
"We sent out an email to all of our clients that if you were not implementing our MDR and SOC platform, we will help you transition to another MSP. The liability is just too high," he said. "We're at the point with cybersecurity that you're going to get hit with something. What do you have in place to stop it from becoming systemic and how you can keep functioning as a company instead of being down for 30 days. That’s what we should all be thinking about.”