After acquiring a local mortgage company, a community bank sought support from Withum’s Cyber and Information Security Team to secure their cyber defenses. The mortgage company did not have standard cybersecurity frameworks and looked to the community bank for resources and internal alignment.
The client is a community bank based in the mid-western U.S. The bank had $6 million in assets before the parent holding company’s acquisition of a mid-sized mortgage company. Mortgage companies are not legally required to follow Federal Trade Commission (FTC) cybersecurity requirements, so no policies were regulated or enforced.
The mortgage company failed to meet basic cyber and information security standards. The community bank had to scope out its current
initiatives and see how to support both organizations successfully. Although the mortgage company was acquired, it would remain a separate entity that must follow the community bank’s rules outlined by the parent holding company.
The parent company needed to learn more about cybersecurity frameworks that address the unique aspects of threats faced in the mortgage banking industry.
The Approach and Solution
Withum’s cybersecurity experts engaged with the client and their newly acquired entity. They conducted an evaluation of the community bank’s existing security program and that of the mortgage company.
Recommendations were provided for program enhancements during monthly meetings with the management committee and board of directors.
As a result, Withum assisted them by:
The Results, ROI
Improvements in regulator exams evidenced the overall cybersecurity program upgrades. The management team and board of directors better understood the comprehensive cybersecurity system.
Withum provided them with risk-based assessments of their cybersecurity posture, allowing them to make appropriate risk-based decisions. The mortgage company implemented proper risk-based controls to protect their financial data’s confidentiality, availability and integrity.