What is Cybersecurity? A Simple Guide for Mortgage Lenders

Written By Kevin Robinson

The word cybersecurity may scare you and trigger PTSD because of a breach that happened two years ago and you wonder if it will happen again.

 

Or, you may not know what the word even means, if it is spelled (wrongly) with a space and perhaps a capital S?

 

Or, It is simply that tech stuff, voodoo magic that you tell your tech team, "Just make it work."  And you assume that security is included in the end result.

 

First, I empathize if it gives you PTSD.

But, second, cybersecurity is simple.  It is another category of risk that businesses are responsible for.

 

Cybersecurity is a comprehensive risk management system that looks across the organization for risks that affect  the security of information and privacy of data.  Security and privacy risk are measured across three major domains:

  • Confidentiality (i.e., can only those who need to see the information see it?)

  • Integrity (i.e., is the data accurate and are there unauthorized changes affecting the data and its accuracy?)

  • Availability (i.e., are systems/data available when they are needed?)

 

Just like any risk mitigation technique there are tradeoffs.  There is no perfect system.  Or, said another way, a perfectly secure computer system is not usable.  Thus, cybersecurity aims to manage the security and privacy risk to strike a balance between usability and security.  That's it.

 

The fact is: protecting the security and privacy of information---especially sensitive customer information and non-public information---is becoming a priority across the world.  The SEC amended their Regulation SP; the FTC amended the Safeguards Rule; and each State is adopting data protection and breach notification requirements to protect customer data and information.

 

Cybersecurity is a discipline that assesses the systemic risk across an organization and provides a set of recommendations to protect the risks found.  The Commonwealth Group believes that   no organization is too small to be prepared for cybersecurity and are raising awareness across the mortgage industry to assist you to better protect and continue to provide crucial services to your customers.

 

Kevin Robinson, CISSP, QTE, Associate C|CISO, is Head of Cybersecurity Services for The Commonwealth Group.  He has a 20 year career in cybersecurity, risk assessment, intelligence and counterintelligence.  His previous employers include Thornburg Investment Management, Los Alamos National Laboratory, L3Harris, and the Central Intelligence Agency.

Kevin Robinson
Previous

Everyone Owns Cyber Risk: Shared Responsibility in Mortgage Cybersecurity
Next

Mortgage Mistakes Fannie Mae Flagged Most in 2025 - And How Borrowers & Lenders Can Avoid Them