Back

One Click Can Cost Millions: Cybersecurity Risks for Mortgage Loan Originators

Many mortgage loan originators (MLOs) assume cybersecurity is primarily the responsibility of the company’s IT department. In reality, MLOs are often the first line of defense—and sometimes the greatest point of vulnerability.

Mortgage originators routinely handle highly sensitive nonpublic personal information (NPI), including:

  • Tax returns,
  • Pay stubs,
  • Bank statements,
  • Credit reports,
  • Social Security numbers,
  • Driver’s licenses, and
  • Wire transfer information.

Because MLOs communicate constantly through email, mobile devices, cloud platforms, CRMs, and third-party applications, they are common targets for phishing, wire fraud, business email compromise, and social engineering attacks.

The DOJ’s Civil Cyber-Fraud Initiative increases pressure on mortgage companies to ensure employees—including originators—actually follow cybersecurity policies and procedures. If a company claims it has cybersecurity protections in place but employees routinely ignore them, regulators and investigators may view those representations as misleading or false.

Examples involving MLOs could include:

  • Sharing borrower documents through unsecured methods,
  • Using personal email accounts for loan files,
  • Weak or reused passwords,
  • Failure to use multi-factor authentication,
  • Clicking phishing links that expose borrower data,
  • Improper storage of borrower information on personal devices,
  • Ignoring company cybersecurity training or policies, or
  • Failing to report suspicious activity or potential breaches promptly.

MLOs should also understand that cybersecurity failures can overlap with existing legal obligations under:

  • The Gramm-Leach-Bliley Act (GLBA),
  • FTC Safeguards Rule,
  • State privacy and data breach laws,
  • Company information security policies, and
  • Federal and state consumer protection laws.

In practical terms, cybersecurity has become part of professional compliance responsibility for mortgage originators—similar to anti-money laundering, fair lending, and privacy compliance.

For today’s MLO, cybersecurity awareness is no longer optional. Borrowers expect their personal financial information to be protected, and regulators increasingly expect companies to demonstrate that employees are properly trained, monitored, and following security procedures consistently.

Debra Killian

Debra Killian, a seasoned Mortgage Loan Originator, Course Developer, and Instructor combines her extensive 35-year background in residential mortgages, real estate, banking, and accounting to excel in the mortgage industry. An alumnus of Western Connecticut State University with a B.B.A. in Accounting,

Debra has been a transformative figure in residential mortgages since 1994, overseeing and managing over $1 billion in real estate loans. Her unique educational and professional journey has positioned her as a dynamic and effective trainer in the mortgage and real estate sectors, offering tailored courses that use mortgage competencies in building long-term relationships with customers and real estate professionals.

A trailblazer in mortgage education, Debra co-authored pivotal NMLS-approved courses, including the 20-hour Pre-licensing SAFE Act course in 2010 and The Mortgage Professional for the same curriculum in 2011. Her contributions continued with co-authoring the MBA's School of Loan Origination and mortgage and real estate continuing education classes.
Debra relentlessly pursues the latest industry trends and regulatory changes, ensuring her courses, both new and existing, are continuously updated and aligned with current standards and practices.

Debra's leadership extends beyond her immediate professional sphere, evidenced by her past roles in the CT Mortgage Bankers Association, the National Association of Mortgage Professionals (NAMB) and various real estate associations.

A sought-after speaker, Debra lends her expertise to various professional groups and is dedicated to developing and delivering custom courses, reflecting her passion for education and industry advancement.

She and her husband Donald DeRespinis, own Charter Oak Systems, LLC which operates Cloes.online, and online education provider for pre-licensing courses required by the Secure and Fair Enforcement ACT (SAFE) Her passion is providing mortgage loan originators competency based training and professional development courses to all elevate mortgage loan originators. In addition to NMLS required courses, Debra and Don provide an array of compliance training to help companies comply with federal and state laws.

You may also like

M345077 – Blog Images
Navigating NMLS Licensing: A Step-by-Step Success Guide
April 24, 2026
Not All 20hour the same
Not All 20-Hour SAFE Act Courses Are the Same
January 19, 2026
Can MLOs Truly Be Independent Contractors?
May 2, 2025

Are Your MLOs Truly Independent Contractors?

Many mortgage companies classify Mortgage Loan Originators (MLOs) as independent contractors. However, federal laws—including the Department of Labor’s guidelines, IRS rulings, and the SAFE Act—suggest otherwise. These regulations emphasize that MLOs often function as employees due to factors like company control, lack of independent business operations, and mandatory sponsorship requirements. Misclassification can lead to significant legal and financial repercussions.

Read our latest blog post to understand the implications and ensure your compliance.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by CLOES.online.