Translate this page:

Industry news

  • 04/12/2023 3:32 PM | Scott Merritt (Administrator)

    BEC:  Business email compromise (BEC) is a form of phishing where a criminal attempts to get a worker, customer or vendor to send money or disclose private information by sending a phony email that appears to be coming from a trusted company figure.

    Botnet:  (Robot Network):   A group of 2 or more computers controlled and updated remotely, often by a single user to send out spam messages, often including malware.  Most often they are associated with a “denial of service”. This is a newer crime just added to IC3 Reporting in 2022.

    Clickjacking:  When a website has been compromised by concealing hyperlinks beneath legitimate clickable content that contains content or malware the user is unaware of.   A user believes they are clicking on one thing but in actuality, they are clicking on another hidden element.

    Deepfake: A false simulation of a specific individual’s likeness, which can be either an image, video, or audio presentation, generated with the use of technology and capable of being used for a variety of purposes, including ones derived from malicious intentions.

    Malware: A broad term used to describe any type of malicious, invasive software.

    Pharming:A type of cyberattack involving the redirection of web traffic from a legitimate site to a fake site for the purpose of stealing usernames, passwords, financial data, and other personal information.

    Phishing:  The practice of sending emails or other messages purporting to be from reputable companies or people in order to induce individuals to reveal personal information, such as login credentials and other sensitive information.

    Quishing:  Also known as QR code phishing, this type of phishing attack uses QR codes to lure victims into revealing sensitive information. Threat actors create a QR code that looks legitimate, such as one that appears to offer a discount or special offer, but in fact, it directs the victim to a fake website controlled by the attacker.

    Ransomware: Malicious programs which block access to a computer or the computer’s data with the intent of extorting money in exchange for a release of the computer or its data.

    Sandboxing:  Using a safe environment to run, observe or analyze code.  Often used in an isolated environment the mimics the end-user experience.  It is used to test suspicious programs that may contain viruses or other malware without allowing the software to harm a network.

    Scareware: Malware that is typically used to scare users into taking an action with their electronics which tricks the user into opening a vulnerability; for example, scareware can take the form of a pop-up that falsely warns a user that (s)he has been infected with a virus so that when the user clicks the “X” to close the box, (s)he actually first incurs the infection of the virus that (s)he had been afraid of contracting.

    SIM Swap:  Using SIM technology to transfer a victim’s phone service to a mobile device in a criminal’s possession.  This is a newer crime just added to the IC3 Reporting in 2022.

    Smishing:  This type of phishing uses mobile phones as the attack platform. With smishing, the attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.

    Sniffing:  The process of monitoring and capturing all data passing through a network.  It is in essence the unauthorized listening in on network traffic to capture all the data flowing to and from a computer or network.

    Social Engineering: A broad term used to describe different types of efforts using human psychology to exploit a person’s vulnerability, rather than employing technology alone, in order to hack into another’s computer, software or data.

    Spear Phishing:  This is a more advanced form of phishing. This type of phishing is a specific and targeted attack on a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

    Spoofing:An act of disguising a communication from an unknown source as being from a known, trusted source by email, phone calls, websites or computer spoofing an IP address.

    Stealthing: Approaches used by malicious code to conceal its presence on an infected system.

    Vishing:  Also known as voice phishing, this type of phishing attack is conducted entirely over the phone. The attacker will call a victim and manipulate them into divulging sensitive information such as login credentials, pin numbers or credit card numbers, typically with the goal of accessing financial accounts.

    Whaling: A highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

    Back to Industry News Blog

  • 03/01/2023 10:04 AM | Scott Merritt (Administrator)

    It’s That Time of Year

    While my favorite season of the year is Fall, I do enjoy Springtime in Tallahassee.  The weather is beautiful, flowers are starting to bloom, and the warmer weather and longer days allow our family more time to get outside.  While spring in Tallahassee is beautiful, it also brings along an unwanted friend, pollen.  You can often see the first hints of it if you drive a dark colored car.  No, that isn’t yellow dirt covering your vehicle you just washed.  This is followed by your allergy prone friends beginning their annual trek to the local drugstore for the best OTC to halt the attack on their sinus’.

    While pollen is one way to indicate Spring’s arrival, I prefer to gauge it by the blooming of the southern azaleas.  Typically, I think of the timing being between late march and early April in time for the Masters being played at Augusta National Golf Club.  Unfortunately, spring is in full swing right now.  The azaleas are in full bloom, the new spring growth is everywhere along with the dreaded pollen season.  Yes, it’s that time of year.

    It’s also time for the start of the 2023 Legislative Session.  This year Regular Session is scheduled to begin on March 7 and conclude on May 5, 2023.  Members bills are being filed daily with the pace increasing as bill filing deadline draws near.  It is always difficult to pass a bill and given that two interim committee weeks were also used as special sessions for Governor DeSantis’ priorities, the Legislature has not acted on many bills with many others apparently stuck in bill drafting.  I would expect that many special interest priorities will be left to accomplish at a later date.

    Unfortunately, there are a lot of issues impacting the title industry that need attention.  The list includes a much-needed glitch fix in the DFS package impacting title agencies, prohibiting qualified mortgage payoff letters, addressing long term right to sell contracts and the exploding identity theft in real estate closings.  This is just the short list for the title industry and doesn’t even include issues that may be filed by a legislator requiring the title insurance lobby teams to engage on.  There is a lot of work to be done in 2023.

    This is also the time of year to make your travel arrangements to attend the Florida Land Title Association’s Legislative Lobby Days in Tallahassee scheduled for April 3-5th, 2023.  This important event provides you the opportunity to advocate for the industry, connect with legislators and network with peers from across the state and to become educated on the latest from the front lines. 

    As you know, the business of passing laws is much more than simply being on the right side of an argument.  Passing laws is selling and the business of selling is always rooted in relationships.  If you have never attended the FLTA event, there is no better time to dip your toe in then when there are a lot of title industry issues we need to explain to legislators.  Who better to explain than those who work in the industry and see them firsthand.  If you are a veteran, your skill and experience are needed as we work to educate both new legislators and sharpen the skills of the next group of title insurance industry leaders.     If you need additional information on Legislative Lobby Days visit www.flta.org or call Scott Merritt. 

    So, it’s that time of year, but what are you waiting for?  There are plenty of issues needing attention in Tallahassee.  There is a whole crop of new legislators that need to know who to call from their community when a title industry issue arises in Tallahassee.  Don’t miss a golden opportunity.  After all, the freshman legislator you meet this year may be the Speaker of the House or Senate President in 2028.

    Message from Agents' Section Lobbyist, David Daniel, with Smith, Bryan & Myers

  • 02/10/2023 3:45 PM | Scott Merritt (Administrator)

    TALLAHASSEE, Fla. — Today, Governor Ron DeSantis nominated Michael Yaworksy as Commissioner of the Office of Insurance Regulation (OIR). Yaworksky is currently Vice Chair of the Florida Gaming Control Commission and previously served as Chief of Staff of OIR.

    Yaworsky will serve as Interim Commissioner until his nomination is brought before the Financial Services Commission for final approval.

    Michael Yaworsky

    Yaworsky, of Tallahassee, is currently Vice Chairman of the Florida Gaming Control Commission. Previously, he was Chief of Staff at the Florida Office of Insurance Regulation, Legal Counsel to the Georgia Insurance and Safety Fire Commissioner, Counsel to the Georgia Senate President Pro Tempore and Chief of Staff at the Florida Department of Business and Professional Regulation. Yaworsky earned his bachelor’s degree in social science from Florida State University and juris doctor from Samford University. 

    Press Release from The Office of Florida Governor Ron DeSantis

  • 11/29/2022 12:00 PM | Scott Merritt (Administrator)

    November 29, 2022

    On this Giving Tuesday, the FLTA Charitable Action Foundation is proud to share that through the support of FLTA members and the community, the Foundation is able to provide $10,000 to the Collier Community Foundation and $10,000 to the Florida Disaster Fund for Hurricane Ian Relief.

    The purpose of the Collier Community Foundation is to first provide immediate relief to those affected and the nonprofits that support the victims in the aftermath of a crisis.  It also serves to assure donors’ support will reach its intended cause.  After immediate needs are met such as food, water and shelter, the focus will turn to long-term needs such as housing and transportation.  The Collier Community Foundation directly serves the community where the 2022 FLTA Convention was held.

    Through Florida’s Division of Emergency Management, the funds provided to the Florida Disaster Fund will be earmarked directly towards the victims of Hurricane Ian.  With a broader approach the funds will assist in helping other organizations and residents in Southwest Florida and other impacted communities.

    In addition to these organizations, FLTA Convention attendees, exhibitors, and sponsors, joined by Florida CFO Jimmy Patronis, banded together to generate 51,464 Fortified Pasta and Tomato Sauce meals for Meals of Hope. Based in Naples, Meals of Hope continues to fight hunger at $0.30 a meal providing to communities nationally and internationally. The meals prepared on October 25th by convention goers were specific to the Hurricane Ian recovery efforts.

     

     

     

    The FLTA Charitable Action Foundation is grateful for the support of the FLTA members and the community, if you would like to support the Foundation you made do so here.

    ______________________________________________________________________________________


    The Internal Revenue Service (IRS) recognizes FLTA Charitable Action Foundation, Inc. as a Section 501(c)(3) public charity. Our Federal Tax ID Number is 87-1079330. Contributions to FLTA Charitable Action Foundation may be eligible for tax deduction in the U.S.A. Please consult your tax advisor for eligibility.

    "A COPY OF THE OFFICIAL REGISTRATION AND FINANCIAL INFORMATION MAY BE OBTAINED FROM THE DIVISION OF CONSUMER SERVICES BY CALLING TOLL-FREE WITHIN THE STATE. REGISTRATION DOES NOT IMPLY ENDORSEMENT, APPROVAL, OR RECOMMENDATION BY THE STATE."  1-800-HELP-FLA (435-7352) or www.FloridaConsumerHelp.com LIC.: CH65569



  • 06/10/2022 11:34 AM | Scott Merritt (Administrator)

    Skate to the Puck, by David Daniel, Agents Section Lobbyist, Smith Bryan & Myers

    Ok, here is the truth, I use to be an avid Detroit Red Wings hockey fan watching the NHL playoffs each year to see them compete.  Big cross-checks on the boards by the defensive, visually blocking the opposing goalie for a redirected shot on goal and the sheer desire by players to hold the Stanley Cup were all a part of the draw for me.  “The Great One”, Canadian Wayne Gretzky, who has more assists in his career than the next leading goal scorer, is considered by many to be the most accomplished and well-known hockey player.  In discussing his early hockey training, one of his father’s instructions was to skate “To where the puck is going, not where it’s been.”  So simple and highly effective for his amazing hockey career.

    While I don’t watch much NHL anymore and the players I enjoyed have come and gone, I have come back to the phrase, “skate to the puck” many times.  Its application is greater than simply a training tool in hockey and applying this principle to politics has been helpful.  Think about it, if you know the direction of a special interest group or politician you can use that to your advantage in getting your agenda across the line or defeating a bad bill.  So how do you know where “the puck” is going in politics?  It is based on information gained by investing in relationships.  Knowing how best to approach a state legislator is information and information is power and can provide much needed intelligence to make navigating the legislative process easier.

    As a veteran of prior legislation seeking to reform Florida’s broken HOA estoppel process, I know first-hand how challenging this issue can be.  In addition, this battle is over money with the current process simply authorizing an exit tax on Florida’s homeowners to excessively enrich the HOA.  We all know just having the right public policy does not guarantee success during a legislative session.  It is hard to pass a bill through the legislative process and the right policy must often be worked around the politics of session, individual legislators, and the committee process.

    Fortunately, we have a unique opportunity during the 2023 and 2024 Legislative Sessions.  The incoming Senate President, Sen. Kathleen Passidomo (R-Naples) is both a Florida Bar certified real estate lawyer and member of the Real Property Probate and Trust Law Section of the Florida Bar.  She gets it and understands our industry and the challenges we face each day to serve Floridians by accurately and timely completing real estate transactions.  She has made it clear to all she believes both the lender estoppel and HOA estoppel issues need change.

    So, how do we skate to the puck?  We know tough legislative battles lie ahead.  We know the incoming Senate President is interested in making this process work more efficiently and be less costly for Florida homeowners.  We know the opposition will hire up lobbyists to oppose any change to their lucrative exit tax.  We know that during the last HOA estoppel battles our biggest advantage were the examples provided across the state of outrageous fees and charges homeowners had to pay to simply get an estoppel letter.  We know where the puck is going, as do our opponents.  The question is what we are willing to do to this summer to get there first.

    How about supporting pro-title industry candidates’ election and re-election?  How about using this election season to develop relationships with state legislators from your area of the state?  How about starting now to collect examples of the significant fees and charges required by HOAs as an exit tax from their association?  We know what is coming and we know we need to be prepared prior to the annual Legislative Session which begins on March 7, 2023.  Will you be in position when the puck gets there?

  • 04/25/2022 12:00 PM | Scott Merritt (Administrator)

    NO, An E&O/Professional Liability policy only covers loss due to damages resulting from the failure to provide professional services, negligence, preventable mistakes, incompetent work, and other professional errors.  If a Title agent suffers a cyber-attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses.

    Errors & Omissions covers only the legal costs associated with a lawsuit, including attorney’s fees, court judgments, and, in some cases, settlements. This is considered third-party coverage, i.e., costs brought on by the action of third parties;  clients, vendors, and government agencies. 

    This is why nearly every Title agent needs both E&O and Cyber Security Insurance coverages to prevent financial ruin after a cyber-attack.

    Cyber Liability policies can also include other kinds of coverage:

    • 1.        Media liability, which covers costs stemming from violations of intellectual property, trademarks, and copyrights, as well as slander and libel.
    • 2.        Privacy is another common area for cyber liability coverage, though it covers offline data loss, too. In these cases, privacy insurance can cover costs associated with missing physical files, lost laptops, or even sending private information to the wrong e-mail address.
    • 3.       Social Engineering Fraud can be covered under two different areas a Crime Policy and/or Cyber Liability Policy.

    Cyber Policy vs. Crime Policy

    It may seem counterintuitive, but social engineering fraud is not always covered by a crime-policy. Even though this fraud often involves emails and wire transfers, all cyber policies are not designed to cover them either.  As cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.

    Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering. 

    Cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses.  They cover losses that result from unauthorized data breaches or system failures.

    Areas of Risk To Be Aware Of

    • 1.        Computer fraud:  This is a loss stemming from the unlawful theft of money due to a “computer violation” or in easier terms – it is the unauthorized entry into or deletion of data from a computer system by a third party. This could include engaging in data mining via spyware and malware or sending computer viruses with the intent to destroy or ruin another party’s computer or system.
    • 2.       Funds transfer fraud:  This is a loss that caused by fraudulent instructions to transfer funds made without the insured’s knowledge or consent. This can happen by fraudsters gaining login credentials in order to access protected accounts. 

    Tips when shopping for Cyber insurance:

    • 1.        Cyber policies are not all the same.  It is important to speak with a broker that knows the Title industry.
    • 2.        It is not a good idea to base your decision on price.  Keep in mind, most of the time, the cheaper the coverage, you most likely have less coverage than you may think.
    • 3.       Check the policy coverages limits – know what covered and know what is not covered
    • 4.       Read the exclusions page:  This spells out what is NOT covered. 

    Key Words to Know When Choosing the Correct Coverage:

    Network Security: Insurance against cyber-attacks and hacking attacks.

    Theft and fraud: Cover destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.

    Forensic investigation: Covers the legal, technical, or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack, and to stop an attack.

    Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber-event or data loss.

    Social Engineering: is the non-technical cyber strategy that relies on tricking people into breaking standard security practices by manipulating victims into performing various actions or providing confidential information. Social engineering fraud (SEF) is a type of fraud that’s become increasingly common over the last several years, with a large majority of this fraud transpiring over email communications.

    Cyber extortion and ransomware: Provides coverage for the costs associated with the investigation of threats to commit cyber-attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.

    Reputation Insurance: Insurance against reputation attacks and cyber defamation.

    Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software, or other information destroyed or damaged as the result of a cyber-attack.

    Information Privacy. Covers organizational liabilities arising from actual or alleged non-compliance with any worldwide cyber, information privacy, or identity-related regulation, statute, or the law. For example, this coverage part would cover an organization's legal defense, and ultimate monetary settlement, resulting from a regulatory claim alleging such organization was non-compliant with any covered privacy regulation

    Bricking- Bricking refers to a consumer electronic device that has been damaged beyond repair, making it utterly unusable, often because of damaged firmware, malicious or incorrect software. once they are rendered inoperative, they are virtually useless except as a paperweight or a doorstop

    Insurance and recovery process: Coverage for business interruption loss under cyber insurance policies is becoming more prescriptive, the language in most insurance policies is still somewhat open ended and subject to competing interpretations.   Most business interruption coverage includes a waiting period of a certain number of hours and a requirement that net profit or loss, charges and expenses be calculated on an hourly basis. It’s important to recognize that cyber insurance policies provide for the recovery of lost net profits and mitigation costs, as well as continuing expenses, such as employee salaries.

    The above is provided as informational only from the Cyber Security Committee. It should not and does not represent insurance advice or legal advice. Be sure to consult with your insurance and/or legal team for additional information.

    BACK TO INDUSTRY NEWS

  • 02/17/2022 11:07 AM | Scott Merritt (Administrator)

    Following a public notice and comment period, the Department of State's revised Online Notary Rule will go into effect on February 22, 2022. Here's what the Rule states:

    1N-7.005 Online Notary Public and RON Service Provider Required Information.

    (1) Online notary public.

    (a) Within 30 day of the effective date of this rule, a currently registered online notary public shall provide the Florida Department of State the name of the online notary public’s RON service providers, the effective dates during which the online notary public used each RON service provider, and, if applicable, the name of any secured repositories to which the online notary public may have delegated his or her duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

    (b) An individual registering as an online notary public, shall provide this information at the time of his or her registration.

    (c) The online notary public shall submit this information on Form Number DS-DOC-50, titled “Online Notary Public: Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at https://dos.myflorida.com/sunbiz/other-services/notaries/notary-forms/ or http://www.flrules.org/Gateway/reference.asp?No=Ref-14032.

    (d) An online notary public that changes, adds, or removes a RON service provider or secured repository from the online notary public’s use shall submit to the Department within 30 days of the change an amended Form DS-DOC-50 identifying the online notary public’s updated RON service providers and, if applicable, secured repositories.

    (2) RON service provider.

    (a) Within 30 day of the effective date of this rule, and annually thereafter, a RON service provider shall provide the Florida Department of State, a self-certification form confirming that its audio-video communication technology and related processes, services software, data storage, or other services provided to online notaries public for the performance of online notarization satisfy the requirements of Chapter 117, F.S., and any rules promulgated by the Florida Department of State pursuant to Section 117.295, F.S.

    (b) The RON service provider’s self-certification is effective for a period of 1 year after the date the RON service provider files it with the Department.

    (c) If applicable, the RON service provider shall, at the same time it files its self-certification, identify any secure repositories to which the RON service provider may have delegated its duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

    (d) The RON service provider shall submit this information on Form Number DS-DOC-51, titled “RON Service Provider: Self-Certification and Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at https://dos.myflorida.com/sunbiz/other-services/notaries/notary-forms/ or http://www.flrules.org/Gateway/reference.asp?No=Ref-14033.

    (e) A RON service provider that, pursuant to Section 117.245(4), F.S., delegates its duties to a secured repository after it has already filed its annual certification shall submit to the Department an amended Form DS-DOC-51 within 30 days after making such delegation.

    (f) An entity that seeks to begin providing RON service provider functions after the effective date of this rule shall submit the information required by this section prior to providing RON service provider functions.

    Rulemaking Authority 117.295 FS. Law Implemented 117.245, 117.295 FS. History–New 2-22-22.


  • 12/15/2021 12:00 PM | Scott Merritt (Administrator)

     “Let’s get Physical”

    Acknowledging that good Cyber Security starts with addressing any “physical or tangible” information breaches is the best first step toward achieving a higher level of security for your company.  This article will address physical areas that should be considered when looking at the overall Cyber Security health of your organization. 

    1.  Vendor Management – When contracting a 3rd party who will have access to your office and physical client data/NPI, you become responsible for any risks posed by their activities.  These vendors include, but are not limited to: cleaning services, trash/waste services, shredding companies, alarm companies and copier maintenance companies. It is important to have a vetting process in place to get to know your vendor, ensure they meet any regulatory requirements and are protecting your most valuable asset - your reputation. Key elements of your due diligence process should include:

    a.  Make sure you are dealing with a licensed and registered business. Get a copy of their business licenses and check it’s standing online.

    b. Verify their reviews.

    c. Gather information on their general liability insurance, cyber insurance, or insurance specific to their services.

    d.  Have them sign a Non-Disclosure Agreement (NDA) and Confidentiality Agreement.

    2.  Visitor Protocols

                    a.  Know who is in your office and why.

                    b.  Have visitors present their credentials, sign visitor log and state the service they will be providing.

                    c.  Only allow visitors in the areas needed for their particular function.

                    d.  If the visitors are service providers, then make sure you have a privacy protocol in place for them to review, as well as receiving their privacy protocols for your review.          

    3.  File Management - In most instances, several people may be working on files simultaneously.  Thus, it is important to have best practices in place to ensure the integrity and privacy of the transaction from start to finish.

                    a.  Assure that all computers and laptops are locked or shut down when not in use.

                    b.  Lock doors to internal offices, desks & filing cabinets when outside vendors have access to the main office. 

                    c.  Never share passwords or use common/same passwords with others, and change passwords frequently.

    d.  When files are shared on a network, review shared settings often to determine access privileges.  If access is not needed for an individual, delete or de-activate sharing capabilities.

                    e.  Archive files in an encrypted environment when the transaction is completed.

                    f.  Physical files should be secured in closed filing cabinet when employees are not physically present.

    4.  Clean Desk Policy and Conference Room Protocols - Computer screens and equipment, paper documents (including post-it notes), white boards, and chalk boards are all vulnerable to unauthorized exposure of NPI by anyone who has physical access to the workspace.  Oftentimes it can be impossible to know who accessed the exposed NPI, and what the intentions of the culprit might be.  Making sure employees are aware of the dangers, with the precaution of a clean desk policy, clean screen policy, and conference room protocols can help to prevent these unnecessary breaches.

                    a.  Things to consider for a clean desk policy

                                    1.  ALLOWED:  Landline phones; laptops and computers; files when actively working on them.

                                    2.  PROHIBITED:  iPhones or android phones with the capabilities of taking photos; access cards to the office or building; keys to the office.

                                    3.  Implement use of screen blockers for computer screens and personal handheld devices to eliminate “visual hacking.” 

    4.  Locking your computer or turning it off when leaving your desk.

    5.  Notify management and security immediately upon discovery of lost or stolen items.

                    b.  Things to consider for conference room protocols.  Conference rooms are often the place where the most NPI is shared among participants.  Complete purging of all information needs to occur.

                                    1.  Clean up any leftover notes or paper left on the table or thrown into the trash can.

                                    2.  Erase notes on the white board, if applicable.

                                    3.  Check to make sure post-it notes have not been left behind with information written on them.

                                    4.  If there is a dedicated computer or laptop make sure it is locked and secured prior to leaving.

                                    5.  If meeting is breaking for a period of time and participants are leaving the room, make sure the conference room is secured without access to others, or that any items with confidential information is put away.

    5.  People Risk Management -  When people are under financial pressure they can act or do things that are out of character, – taking chances in order to feel financially secure once again. 

    a.  Financial stress considerations:

    1.  Watch for employees that may be showing signs of abnormal behavior, such as not finishing tasks completely, showing signs of depression, exhibiting lower work quality, demonstrating high agitation with others, asking for pay advances, etc.

                    2.  Have resources to direct them to for assistance – do not ignore these symptoms.

                    3.  Conduct employment background checks at regular intervals.

     In conclusion, security breaches of NPI or private and sensitive information happen not just in the cyber world, but also in the physical, tangible data environment.  It is important to keep vigilant in your security practices in both realms.  For further information regarding how to protect yourself, your business and your employees, we have included the below articles:

    1.  Vendor Management:  Office of Compliance Inspection and Examinations, Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features

    2.  Visitor Protocols: Blog: 9 visitor policy basics to keep your business secure

    3.  File Management/Access: 6 Simple Ways to Ensure Data Access Governance for File Server

    4.  Clean Desk Policy and Conference Room Protocols: List of security templates available from SANS Institute

    5.  Forensic Investigation: Blog: What Does a Cyber Forensic Investigation Do and How Much Does it Cost?

    Article by the Cyber Security Committee

    The Cyber Security Committee meets on the first Wednesday of the month, all members are invited to attend.


    Back to Industry News.


  • 10/13/2021 3:21 PM | Scott Merritt (Administrator)

    Washington, D.C., Oct. 13, 2021 — The American Land Title Association (ALTA), the national trade association of the land title insurance industry, announced that the ALTA Registry, the national database of title and settlement agents, added a new feature that allows companies to quickly provide errors and omissions (E&O) policy information to underwriters. 

    The new feature allows title and settlement companies to upload their E&O information to the ALTA Registry. Underwriters can then access the data to quickly verify the information. This new tool includes document level automatic scrubbing using Deep Secure by Forcepoint’s malware removal technology and data extraction via AREAL’s artificial intelligence powered document processing technology. 

    “The ALTA Registry has evolved into a data clearinghouse for title underwriters, lenders and settlement agents,” said Jack Rattikin III, CEO of Rattikin Title and co-chair of the ALTA Registry Committee. “The Registry provides an optimal way for underwriters to manage oversight of their agents’ E&O data.” 

    Nearly 8,800 title agents, settlement companies and real estate attorneys appear in the ALTA Registry. The ALTA Registry allows title insurance agents and settlement companies to communicate with underwriters to confirm their company name and contact information—providing mortgage lenders with a trusted industry online database to identify transaction partners. 

    The ALTA Registry also closes an access point for potential malware and drives down oversight costs by improving accuracy and automated data downloads.  

    “A secure and neutral data-sharing utility that benefits all title agents and underwriters will be a welcome solution to maintaining current E&O coverage details,” said Eddie Oddo NTP, vice president of Corporate Business Solutions for First American Title Insurance Company and co-chair of the ALTA Registry Committee. “The Registry standardizes the process and eliminates the need for title agents to send E&O information to multiple underwriters, allowing industry professionals to focus on the tasks that drive their business.” 

    The ALTA Registry confirms that mortgage lenders are working with the correct title agent, settlement company or real estate attorney. Every title agent office location is identified by a unique ALTA ID, allowing quick verification. Each entry is also fully confirmed by title insurance underwriters. Using the ALTA Registry, mortgage lenders can increase accuracy, reduce production expenses, combat fraud and improve compliance. The ALTA Registry is offered to mortgage companies on a subscription basis. 

    Last year, the Registry added an indicator to designate title and settlement companies that can perform remote online notarization (RON) closings. This helps mortgage companies identify closing companies that allow homebuyers to review, sign and notarize documents online.
  • 09/15/2021 1:15 PM | Scott Merritt (Administrator)

    an article by the Cyber Security Committee

    In a world of smart phones, computers, laptops, tablets, Alexa, Siri…. Do you ever wonder if your devices are listening to you? That perhaps your “private” conversations aren’t so “private” after all?

    The short answer is “Yes”, these devices have the ability to listen to you and in many cases, they are. Facebook, Google, and Amazon are just a few of the companies that are listening and collecting information, not to mention cybercriminals who are potentially listening in on your smart devices. After all, the device itself may not be recording this information, but once a cybercriminal has access, the fraudster could be recording this information.

    As more and more of us continue to work remotely, away from corporate security overlays, it is important for you to think about the conversations you are having while using these types of devices. For example, consider:

    1.   Are you discussing sensitive transaction information with a client or customer?

    2.   Are you in meetings discussing proprietary company information?

    3.  What about the personal conversations you may be having about your health issues or other personal matters?

    You may feel safe discussing this kind of information in the privacy of your own home, but always keep in mind that these conversations, and especially the information disclosed, may not be as safe as you think!  So, what can be done?

    Here are some security tips to consider to keep your private conversations as safe as you can!

    • A.  Turn off microphone access to all third-party apps (such as Facebook) in the Settings on your smartphone:
    • o   iPhone: Go to Settings > Facebook (or any other app) > slide the toggle next to the Microphone to the left, so it turns from green to white.
    • o   Android:  Go to Settings > Applications > Application Manager > look for Facebook (or any other app) > Permissions > turn off the mic.
    • B.  Assume every app is corruptible, and that anything you download can be used against you.
    • C.  Never download an app from outside of the App Store.   There are numerous fake app sites that use “click” bait to gain access to your devices.
    • D.  Be aware of where your electronic devices are located in your work space.  Remove or isolate them from “hearing” as a precaution when appropriate.
    • E.  Turning your cell phone off and then back on (rebooting) at least once a week.  This helps to prevent hackers from accessing personal information. According to the National Security Agency (NSA), this simple weekly action can make personal devices more secure and make it harder for criminals to steal data. Rebooting a phone is a quick and easy way to make it more difficult for these criminals to make you their next victim.

    The most important thing to remember is that your personal devices are akin to mini-computers.  Gaining access to them allows the cybercriminals to access a great deal of personal information that can ultimately be used on the black market against you and your employer.  Employing a few safety tips such as the ones mentioned above are easy ways to help safeguard your privacy.


Florida Land Title Association is a 501(c)6 not-for-profit organization.

Copyright © 2013-2021. All Rights Reserved.

Mailing Address:
Florida Land Title Association
P.O. Box 66145
St. Pete Beach, FL 33736

Powered by Wild Apricot Membership Software