Cybersecurity Incident Response Plan

Title companies are entrusted with managing the transfer of property ownership, making them prime targets for wire fraud. Criminals attempt to intercept or manipulate funds during real estate transactions, causing substantial financial losses and legal complications for all parties involved. To mitigate these risks, title companies must have a robust incident response plan in place.

But what if an incident occurs? The following article will help you formulate a plan to quickly minimize the impact of a wire fraud incident.

1. Identify an Incident Response Team. Before an incident occurs, establish a dedicated incident response team comprising individuals from various departments, including IT, legal, compliance, and management. Ensure they are trained to respond swiftly and effectively to wire fraud incidents.
   
   
2. Reporting. Upon detecting a potential wire fraud incident, the incident response team should take immediate actions to contain the situation:
   
   
   1. Alert the Banks: If a fraudulent wire transfer is underway, contact both the sending and receiving banks' fraud departments to request a recall of the wire due to fraud. Provide the details of the wire. Request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
   2. Ask the sending bank to initiate the FBI's Financial Fraud Kill Chain.
   3. Call the receiving bank's fraud department to notify them that you have requested a recall of the wire due to fraud. Provide the wire details and request the account be frozen.
   4. If a client or consumer was a victim and your bank/accounts were not directly involved, your client or customer will need to contact the bank themselves.
      
      
3. Communication. Clear and timely communication is essential. Notify all relevant parties, including buyer, seller, real estate agent, broker, attorneys, underwriters, notaries, etc. Be prepared to address concerns, provide guidance, and offer support. Say something to the effect of: “There appears to have been [attempted] wire fraud associated with this transaction. We recommend that you review your email security and update passwords and take any other appropriate security measures immediately. For the remainder of this transaction, all communication will occur using known, trusted, telephone numbers.”
   
   
4. File a complaint with the FBI's Internet Crime Complaint Center (IC3)
   
   

   Ready to go? Visit https://www.ic3.gov/Home/ComplaintChoice/default.aspx and provide the following information:

   • Victim's name, address, telephone, and email
   • Financial transaction information (e.g., account information, transaction date and amount, who received the money)
   • Subject's name, address, telephone, email, website, and IP address
   • Specific details on how you were victimized
   • For Business Email Compromise (BEC) events, copy email header(s). Learn How at https://mxtoolbox.com/Public/Content/EmailHeaders/
   • Any other relevant information that is necessary to support the claimant
     
     
5. Investigation. Thoroughly investigate the incident to determine the extent of the breach, identify potential vulnerabilities, and gather evidence for legal actions. Consider involving law enforcement, if necessary.
6. Report fraudulent wire transfers and attempts to law enforcement in the jurisdiction where the crime has occured.
   
   • Local Police/Sheriff: https://www.policeone.com/law-enforcement-directory/
   • FBI Field Office: https://www.fbi.gov/contact-us/field-offices

   Ask your Field Office to initiate the FBI’s Financial Fraud Kill Chain.

   • Secret Service: https://www.secretservice.gov/contact/field-offices/
     
     
7. Call the sending bank again to confirm that the recall request has been processed.
   
   
8. Documentation. Maintain detailed records of the incident, actions taken, and the investigation process. These records are crucial for potential legal proceedings and future incident analysis.
   
   
9. Legal and Regulatory Obligations. Adhere to all legal and regulatory requirements when handling wire fraud incidents. Consult with legal counsel to ensure compliance and assist in any potential legal actions. Consider contacting your insurance carrier(s).
   
   
10. Post-Incident Review. Conduct a comprehensive post-incident review to identify lessons learned and areas for improvement. Update your incident response plan accordingly and provide additional training as needed.
    
    
11. If funds were wired outside of the U.S., hire an attorney in that country to help recover funds.

In conclusion, wire fraud poses a significant threat to title companies, but a well-prepared incident response plan can help mitigate these risks and minimize potential damages. By focusing on prevention, detection, containment, and recovery, title companies can protect their clients, their reputation, and their financial assets in the event of a wire fraud incident.