Safeguarding Your Notary Data From Hackers November 15, 2021 / Notary Association of America
Are you keeping your signers protected against cybersecurity threats?
Notaries often play multiple roles beyond that of a state-authorized agent: an impartial witness, a recordkeeper, and—with the advent of online notarization—a data security professional. Required documents associated with online notarization may open your customers to breaches in security and identity theft if you do not take appropriate precautions. You should always treat the following as sensitive data that requires additional security measures:
- Copies of identification
- Email addresses
- Phone numbers
- Lending information, including interest rate
- Loan documents
- Social Security Numbers
When a signer uses your services, they trust you to ensure that their data does not fall into the wrong hands. Lenders also rely on your security measures as they may be found liable for any harm that befalls the consumer per the Consumer Financial Protection Bureau (CFPB)'s regulations for service providers. If you succumb to a data breach, you may not be protected by Errors and Omissions insurance, and it could tarnish your notary business.
So, what steps should you take to protect your signers?
Do: Encrypt Your Data
Data encryption can be performed using free or low-cost software and will encode sensitive information, which can be decoded with a password. This practice ensures that only selected parties have access to private documents, such as loan packages or visa applications. The encryption key should not be saved in a publicly accessible location or shared with anyone outside of the agreement. You should also avoid sending the password over regular email, where it could be easily read by hackers.
Do Not: Use Public Wi-Fi to Conduct Business
Documents or unencrypted emails sent using public Wi-Fi can be seen by anyone currently on the network. Public networks typically do not have the level of security that you could get by using your VPN in conjunction with your password-protected home network. You could even be signing into an illegitimate Wi-Fi hotspot that a hacker has set up to target vulnerable information.
Do: Protect Your Login Information
Using the same password for multiple accounts makes it easier for hackers to retrieve your clients' sensitive data. You should have different passwords, and all should contain both uppercase and lowercase letters, special characters, numbers, and at least eight characters in total. Change these passwords as frequently as possible, and do not save them onto your devices. Likewise, if you write down your passwords, make sure that they are hidden in a private location. Set your devices to time out after a period of inactivity such that a password is required to re-enter.
Do Not: Let Others Handle Sensitive Documents
No one should have access to notarized documents but the involved parties. Do not copy documents in a public location, as information from past scans may be stored inside the copier. Make sure that any mailed documents are handed directly to a trusted mail carrier. Drop box locations are not always safe as they can be accessed by the public. It is safest to add security measures when mailing sensitive information, such as certified receipt and tracking services.
Do: Vet Third Parties
Third parties may include printing shops and technology repair technicians that could encounter your signers' personal information and documents. Before enlisting a vendor's help, verify that you have properly encrypted all non-public personal information (NPPI), check that their information security program is effective, research any past lawsuits or data breaches, and know their security policies.
Do Not: Open Sketchy Emails or Attachments
Hackers often send phishing emails designed to look like recognizable businesses or government agencies. Once you open the email or embedded link, however, hackers can steal your account information or identity. To avoid having your data breached, check all email addresses before you open your messages and make sure that the address is legitimate. Enable multi-factor authentication across your devices and accounts so that you can recognize when an unknown device is attempting to access your information.