Translate this page:

Industry news

  • 02/10/2023 3:45 PM | Scott Merritt (Administrator)

    TALLAHASSEE, Fla. — Today, Governor Ron DeSantis nominated Michael Yaworksy as Commissioner of the Office of Insurance Regulation (OIR). Yaworksky is currently Vice Chair of the Florida Gaming Control Commission and previously served as Chief of Staff of OIR.

    Yaworsky will serve as Interim Commissioner until his nomination is brought before the Financial Services Commission for final approval.

    Michael Yaworsky

    Yaworsky, of Tallahassee, is currently Vice Chairman of the Florida Gaming Control Commission. Previously, he was Chief of Staff at the Florida Office of Insurance Regulation, Legal Counsel to the Georgia Insurance and Safety Fire Commissioner, Counsel to the Georgia Senate President Pro Tempore and Chief of Staff at the Florida Department of Business and Professional Regulation. Yaworsky earned his bachelor’s degree in social science from Florida State University and juris doctor from Samford University. 

    Press Release from The Office of Florida Governor Ron DeSantis

  • 11/29/2022 12:00 PM | Scott Merritt (Administrator)

    November 29, 2022

    On this Giving Tuesday, the FLTA Charitable Action Foundation is proud to share that through the support of FLTA members and the community, the Foundation is able to provide $10,000 to the Collier Community Foundation and $10,000 to the Florida Disaster Fund for Hurricane Ian Relief.

    The purpose of the Collier Community Foundation is to first provide immediate relief to those affected and the nonprofits that support the victims in the aftermath of a crisis.  It also serves to assure donors’ support will reach its intended cause.  After immediate needs are met such as food, water and shelter, the focus will turn to long-term needs such as housing and transportation.  The Collier Community Foundation directly serves the community where the 2022 FLTA Convention was held.

    Through Florida’s Division of Emergency Management, the funds provided to the Florida Disaster Fund will be earmarked directly towards the victims of Hurricane Ian.  With a broader approach the funds will assist in helping other organizations and residents in Southwest Florida and other impacted communities.

    In addition to these organizations, FLTA Convention attendees, exhibitors, and sponsors, joined by Florida CFO Jimmy Patronis, banded together to generate 51,464 Fortified Pasta and Tomato Sauce meals for Meals of Hope. Based in Naples, Meals of Hope continues to fight hunger at $0.30 a meal providing to communities nationally and internationally. The meals prepared on October 25th by convention goers were specific to the Hurricane Ian recovery efforts.




    The FLTA Charitable Action Foundation is grateful for the support of the FLTA members and the community, if you would like to support the Foundation you made do so here.


    The Internal Revenue Service (IRS) recognizes FLTA Charitable Action Foundation, Inc. as a Section 501(c)(3) public charity. Our Federal Tax ID Number is 87-1079330. Contributions to FLTA Charitable Action Foundation may be eligible for tax deduction in the U.S.A. Please consult your tax advisor for eligibility.


  • 06/10/2022 11:34 AM | Scott Merritt (Administrator)

    Skate to the Puck, by David Daniel, Agents Section Lobbyist, Smith Bryan & Myers

    Ok, here is the truth, I use to be an avid Detroit Red Wings hockey fan watching the NHL playoffs each year to see them compete.  Big cross-checks on the boards by the defensive, visually blocking the opposing goalie for a redirected shot on goal and the sheer desire by players to hold the Stanley Cup were all a part of the draw for me.  “The Great One”, Canadian Wayne Gretzky, who has more assists in his career than the next leading goal scorer, is considered by many to be the most accomplished and well-known hockey player.  In discussing his early hockey training, one of his father’s instructions was to skate “To where the puck is going, not where it’s been.”  So simple and highly effective for his amazing hockey career.

    While I don’t watch much NHL anymore and the players I enjoyed have come and gone, I have come back to the phrase, “skate to the puck” many times.  Its application is greater than simply a training tool in hockey and applying this principle to politics has been helpful.  Think about it, if you know the direction of a special interest group or politician you can use that to your advantage in getting your agenda across the line or defeating a bad bill.  So how do you know where “the puck” is going in politics?  It is based on information gained by investing in relationships.  Knowing how best to approach a state legislator is information and information is power and can provide much needed intelligence to make navigating the legislative process easier.

    As a veteran of prior legislation seeking to reform Florida’s broken HOA estoppel process, I know first-hand how challenging this issue can be.  In addition, this battle is over money with the current process simply authorizing an exit tax on Florida’s homeowners to excessively enrich the HOA.  We all know just having the right public policy does not guarantee success during a legislative session.  It is hard to pass a bill through the legislative process and the right policy must often be worked around the politics of session, individual legislators, and the committee process.

    Fortunately, we have a unique opportunity during the 2023 and 2024 Legislative Sessions.  The incoming Senate President, Sen. Kathleen Passidomo (R-Naples) is both a Florida Bar certified real estate lawyer and member of the Real Property Probate and Trust Law Section of the Florida Bar.  She gets it and understands our industry and the challenges we face each day to serve Floridians by accurately and timely completing real estate transactions.  She has made it clear to all she believes both the lender estoppel and HOA estoppel issues need change.

    So, how do we skate to the puck?  We know tough legislative battles lie ahead.  We know the incoming Senate President is interested in making this process work more efficiently and be less costly for Florida homeowners.  We know the opposition will hire up lobbyists to oppose any change to their lucrative exit tax.  We know that during the last HOA estoppel battles our biggest advantage were the examples provided across the state of outrageous fees and charges homeowners had to pay to simply get an estoppel letter.  We know where the puck is going, as do our opponents.  The question is what we are willing to do to this summer to get there first.

    How about supporting pro-title industry candidates’ election and re-election?  How about using this election season to develop relationships with state legislators from your area of the state?  How about starting now to collect examples of the significant fees and charges required by HOAs as an exit tax from their association?  We know what is coming and we know we need to be prepared prior to the annual Legislative Session which begins on March 7, 2023.  Will you be in position when the puck gets there?

  • 04/25/2022 12:00 PM | Scott Merritt (Administrator)

    NO, An E&O/Professional Liability policy only covers loss due to damages resulting from the failure to provide professional services, negligence, preventable mistakes, incompetent work, and other professional errors.  If a Title agent suffers a cyber-attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses.

    Errors & Omissions covers only the legal costs associated with a lawsuit, including attorney’s fees, court judgments, and, in some cases, settlements. This is considered third-party coverage, i.e., costs brought on by the action of third parties;  clients, vendors, and government agencies. 

    This is why nearly every Title agent needs both E&O and Cyber Security Insurance coverages to prevent financial ruin after a cyber-attack.

    Cyber Liability policies can also include other kinds of coverage:

    • 1.        Media liability, which covers costs stemming from violations of intellectual property, trademarks, and copyrights, as well as slander and libel.
    • 2.        Privacy is another common area for cyber liability coverage, though it covers offline data loss, too. In these cases, privacy insurance can cover costs associated with missing physical files, lost laptops, or even sending private information to the wrong e-mail address.
    • 3.       Social Engineering Fraud can be covered under two different areas a Crime Policy and/or Cyber Liability Policy.

    Cyber Policy vs. Crime Policy

    It may seem counterintuitive, but social engineering fraud is not always covered by a crime-policy. Even though this fraud often involves emails and wire transfers, all cyber policies are not designed to cover them either.  As cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.

    Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering. 

    Cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses.  They cover losses that result from unauthorized data breaches or system failures.

    Areas of Risk To Be Aware Of

    • 1.        Computer fraud:  This is a loss stemming from the unlawful theft of money due to a “computer violation” or in easier terms – it is the unauthorized entry into or deletion of data from a computer system by a third party. This could include engaging in data mining via spyware and malware or sending computer viruses with the intent to destroy or ruin another party’s computer or system.
    • 2.       Funds transfer fraud:  This is a loss that caused by fraudulent instructions to transfer funds made without the insured’s knowledge or consent. This can happen by fraudsters gaining login credentials in order to access protected accounts. 

    Tips when shopping for Cyber insurance:

    • 1.        Cyber policies are not all the same.  It is important to speak with a broker that knows the Title industry.
    • 2.        It is not a good idea to base your decision on price.  Keep in mind, most of the time, the cheaper the coverage, you most likely have less coverage than you may think.
    • 3.       Check the policy coverages limits – know what covered and know what is not covered
    • 4.       Read the exclusions page:  This spells out what is NOT covered. 

    Key Words to Know When Choosing the Correct Coverage:

    Network Security: Insurance against cyber-attacks and hacking attacks.

    Theft and fraud: Cover destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.

    Forensic investigation: Covers the legal, technical, or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack, and to stop an attack.

    Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber-event or data loss.

    Social Engineering: is the non-technical cyber strategy that relies on tricking people into breaking standard security practices by manipulating victims into performing various actions or providing confidential information. Social engineering fraud (SEF) is a type of fraud that’s become increasingly common over the last several years, with a large majority of this fraud transpiring over email communications.

    Cyber extortion and ransomware: Provides coverage for the costs associated with the investigation of threats to commit cyber-attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.

    Reputation Insurance: Insurance against reputation attacks and cyber defamation.

    Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software, or other information destroyed or damaged as the result of a cyber-attack.

    Information Privacy. Covers organizational liabilities arising from actual or alleged non-compliance with any worldwide cyber, information privacy, or identity-related regulation, statute, or the law. For example, this coverage part would cover an organization's legal defense, and ultimate monetary settlement, resulting from a regulatory claim alleging such organization was non-compliant with any covered privacy regulation

    Bricking- Bricking refers to a consumer electronic device that has been damaged beyond repair, making it utterly unusable, often because of damaged firmware, malicious or incorrect software. once they are rendered inoperative, they are virtually useless except as a paperweight or a doorstop

    Insurance and recovery process: Coverage for business interruption loss under cyber insurance policies is becoming more prescriptive, the language in most insurance policies is still somewhat open ended and subject to competing interpretations.   Most business interruption coverage includes a waiting period of a certain number of hours and a requirement that net profit or loss, charges and expenses be calculated on an hourly basis. It’s important to recognize that cyber insurance policies provide for the recovery of lost net profits and mitigation costs, as well as continuing expenses, such as employee salaries.

    The above is provided as informational only from the Cyber Security Committee. It should not and does not represent insurance advice or legal advice. Be sure to consult with your insurance and/or legal team for additional information.


  • 02/17/2022 11:07 AM | Scott Merritt (Administrator)

    Following a public notice and comment period, the Department of State's revised Online Notary Rule will go into effect on February 22, 2022. Here's what the Rule states:

    1N-7.005 Online Notary Public and RON Service Provider Required Information.

    (1) Online notary public.

    (a) Within 30 day of the effective date of this rule, a currently registered online notary public shall provide the Florida Department of State the name of the online notary public’s RON service providers, the effective dates during which the online notary public used each RON service provider, and, if applicable, the name of any secured repositories to which the online notary public may have delegated his or her duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

    (b) An individual registering as an online notary public, shall provide this information at the time of his or her registration.

    (c) The online notary public shall submit this information on Form Number DS-DOC-50, titled “Online Notary Public: Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at or

    (d) An online notary public that changes, adds, or removes a RON service provider or secured repository from the online notary public’s use shall submit to the Department within 30 days of the change an amended Form DS-DOC-50 identifying the online notary public’s updated RON service providers and, if applicable, secured repositories.

    (2) RON service provider.

    (a) Within 30 day of the effective date of this rule, and annually thereafter, a RON service provider shall provide the Florida Department of State, a self-certification form confirming that its audio-video communication technology and related processes, services software, data storage, or other services provided to online notaries public for the performance of online notarization satisfy the requirements of Chapter 117, F.S., and any rules promulgated by the Florida Department of State pursuant to Section 117.295, F.S.

    (b) The RON service provider’s self-certification is effective for a period of 1 year after the date the RON service provider files it with the Department.

    (c) If applicable, the RON service provider shall, at the same time it files its self-certification, identify any secure repositories to which the RON service provider may have delegated its duties pursuant to Section 117.245(4), F.S., from January 1, 2022, and thereafter.

    (d) The RON service provider shall submit this information on Form Number DS-DOC-51, titled “RON Service Provider: Self-Certification and Required Information,” Effective 02/2022, which form is hereby incorporated by reference and is available on the Department of State’s website at or

    (e) A RON service provider that, pursuant to Section 117.245(4), F.S., delegates its duties to a secured repository after it has already filed its annual certification shall submit to the Department an amended Form DS-DOC-51 within 30 days after making such delegation.

    (f) An entity that seeks to begin providing RON service provider functions after the effective date of this rule shall submit the information required by this section prior to providing RON service provider functions.

    Rulemaking Authority 117.295 FS. Law Implemented 117.245, 117.295 FS. History–New 2-22-22.

  • 12/15/2021 12:00 PM | Scott Merritt (Administrator)

     “Let’s get Physical”

    Acknowledging that good Cyber Security starts with addressing any “physical or tangible” information breaches is the best first step toward achieving a higher level of security for your company.  This article will address physical areas that should be considered when looking at the overall Cyber Security health of your organization. 

    1.  Vendor Management – When contracting a 3rd party who will have access to your office and physical client data/NPI, you become responsible for any risks posed by their activities.  These vendors include, but are not limited to: cleaning services, trash/waste services, shredding companies, alarm companies and copier maintenance companies. It is important to have a vetting process in place to get to know your vendor, ensure they meet any regulatory requirements and are protecting your most valuable asset - your reputation. Key elements of your due diligence process should include:

    a.  Make sure you are dealing with a licensed and registered business. Get a copy of their business licenses and check it’s standing online.

    b. Verify their reviews.

    c. Gather information on their general liability insurance, cyber insurance, or insurance specific to their services.

    d.  Have them sign a Non-Disclosure Agreement (NDA) and Confidentiality Agreement.

    2.  Visitor Protocols

                    a.  Know who is in your office and why.

                    b.  Have visitors present their credentials, sign visitor log and state the service they will be providing.

                    c.  Only allow visitors in the areas needed for their particular function.

                    d.  If the visitors are service providers, then make sure you have a privacy protocol in place for them to review, as well as receiving their privacy protocols for your review.          

    3.  File Management - In most instances, several people may be working on files simultaneously.  Thus, it is important to have best practices in place to ensure the integrity and privacy of the transaction from start to finish.

                    a.  Assure that all computers and laptops are locked or shut down when not in use.

                    b.  Lock doors to internal offices, desks & filing cabinets when outside vendors have access to the main office. 

                    c.  Never share passwords or use common/same passwords with others, and change passwords frequently.

    d.  When files are shared on a network, review shared settings often to determine access privileges.  If access is not needed for an individual, delete or de-activate sharing capabilities.

                    e.  Archive files in an encrypted environment when the transaction is completed.

                    f.  Physical files should be secured in closed filing cabinet when employees are not physically present.

    4.  Clean Desk Policy and Conference Room Protocols - Computer screens and equipment, paper documents (including post-it notes), white boards, and chalk boards are all vulnerable to unauthorized exposure of NPI by anyone who has physical access to the workspace.  Oftentimes it can be impossible to know who accessed the exposed NPI, and what the intentions of the culprit might be.  Making sure employees are aware of the dangers, with the precaution of a clean desk policy, clean screen policy, and conference room protocols can help to prevent these unnecessary breaches.

                    a.  Things to consider for a clean desk policy

                                    1.  ALLOWED:  Landline phones; laptops and computers; files when actively working on them.

                                    2.  PROHIBITED:  iPhones or android phones with the capabilities of taking photos; access cards to the office or building; keys to the office.

                                    3.  Implement use of screen blockers for computer screens and personal handheld devices to eliminate “visual hacking.” 

    4.  Locking your computer or turning it off when leaving your desk.

    5.  Notify management and security immediately upon discovery of lost or stolen items.

                    b.  Things to consider for conference room protocols.  Conference rooms are often the place where the most NPI is shared among participants.  Complete purging of all information needs to occur.

                                    1.  Clean up any leftover notes or paper left on the table or thrown into the trash can.

                                    2.  Erase notes on the white board, if applicable.

                                    3.  Check to make sure post-it notes have not been left behind with information written on them.

                                    4.  If there is a dedicated computer or laptop make sure it is locked and secured prior to leaving.

                                    5.  If meeting is breaking for a period of time and participants are leaving the room, make sure the conference room is secured without access to others, or that any items with confidential information is put away.

    5.  People Risk Management -  When people are under financial pressure they can act or do things that are out of character, – taking chances in order to feel financially secure once again. 

    a.  Financial stress considerations:

    1.  Watch for employees that may be showing signs of abnormal behavior, such as not finishing tasks completely, showing signs of depression, exhibiting lower work quality, demonstrating high agitation with others, asking for pay advances, etc.

                    2.  Have resources to direct them to for assistance – do not ignore these symptoms.

                    3.  Conduct employment background checks at regular intervals.

     In conclusion, security breaches of NPI or private and sensitive information happen not just in the cyber world, but also in the physical, tangible data environment.  It is important to keep vigilant in your security practices in both realms.  For further information regarding how to protect yourself, your business and your employees, we have included the below articles:

    1.  Vendor Management:  Office of Compliance Inspection and Examinations, Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features

    2.  Visitor Protocols: Blog: 9 visitor policy basics to keep your business secure

    3.  File Management/Access: 6 Simple Ways to Ensure Data Access Governance for File Server

    4.  Clean Desk Policy and Conference Room Protocols: List of security templates available from SANS Institute

    5.  Forensic Investigation: Blog: What Does a Cyber Forensic Investigation Do and How Much Does it Cost?

    Article by the Cyber Security Committee

    The Cyber Security Committee meets on the first Wednesday of the month, all members are invited to attend.

    Back to Industry News.

  • 10/13/2021 3:21 PM | Scott Merritt (Administrator)

    Washington, D.C., Oct. 13, 2021 — The American Land Title Association (ALTA), the national trade association of the land title insurance industry, announced that the ALTA Registry, the national database of title and settlement agents, added a new feature that allows companies to quickly provide errors and omissions (E&O) policy information to underwriters. 

    The new feature allows title and settlement companies to upload their E&O information to the ALTA Registry. Underwriters can then access the data to quickly verify the information. This new tool includes document level automatic scrubbing using Deep Secure by Forcepoint’s malware removal technology and data extraction via AREAL’s artificial intelligence powered document processing technology. 

    “The ALTA Registry has evolved into a data clearinghouse for title underwriters, lenders and settlement agents,” said Jack Rattikin III, CEO of Rattikin Title and co-chair of the ALTA Registry Committee. “The Registry provides an optimal way for underwriters to manage oversight of their agents’ E&O data.” 

    Nearly 8,800 title agents, settlement companies and real estate attorneys appear in the ALTA Registry. The ALTA Registry allows title insurance agents and settlement companies to communicate with underwriters to confirm their company name and contact information—providing mortgage lenders with a trusted industry online database to identify transaction partners. 

    The ALTA Registry also closes an access point for potential malware and drives down oversight costs by improving accuracy and automated data downloads.  

    “A secure and neutral data-sharing utility that benefits all title agents and underwriters will be a welcome solution to maintaining current E&O coverage details,” said Eddie Oddo NTP, vice president of Corporate Business Solutions for First American Title Insurance Company and co-chair of the ALTA Registry Committee. “The Registry standardizes the process and eliminates the need for title agents to send E&O information to multiple underwriters, allowing industry professionals to focus on the tasks that drive their business.” 

    The ALTA Registry confirms that mortgage lenders are working with the correct title agent, settlement company or real estate attorney. Every title agent office location is identified by a unique ALTA ID, allowing quick verification. Each entry is also fully confirmed by title insurance underwriters. Using the ALTA Registry, mortgage lenders can increase accuracy, reduce production expenses, combat fraud and improve compliance. The ALTA Registry is offered to mortgage companies on a subscription basis. 

    Last year, the Registry added an indicator to designate title and settlement companies that can perform remote online notarization (RON) closings. This helps mortgage companies identify closing companies that allow homebuyers to review, sign and notarize documents online.
  • 09/15/2021 1:15 PM | Scott Merritt (Administrator)

    an article by the Cyber Security Committee

    In a world of smart phones, computers, laptops, tablets, Alexa, Siri…. Do you ever wonder if your devices are listening to you? That perhaps your “private” conversations aren’t so “private” after all?

    The short answer is “Yes”, these devices have the ability to listen to you and in many cases, they are. Facebook, Google, and Amazon are just a few of the companies that are listening and collecting information, not to mention cybercriminals who are potentially listening in on your smart devices. After all, the device itself may not be recording this information, but once a cybercriminal has access, the fraudster could be recording this information.

    As more and more of us continue to work remotely, away from corporate security overlays, it is important for you to think about the conversations you are having while using these types of devices. For example, consider:

    1.   Are you discussing sensitive transaction information with a client or customer?

    2.   Are you in meetings discussing proprietary company information?

    3.  What about the personal conversations you may be having about your health issues or other personal matters?

    You may feel safe discussing this kind of information in the privacy of your own home, but always keep in mind that these conversations, and especially the information disclosed, may not be as safe as you think!  So, what can be done?

    Here are some security tips to consider to keep your private conversations as safe as you can!

    • A.  Turn off microphone access to all third-party apps (such as Facebook) in the Settings on your smartphone:
    • o   iPhone: Go to Settings > Facebook (or any other app) > slide the toggle next to the Microphone to the left, so it turns from green to white.
    • o   Android:  Go to Settings > Applications > Application Manager > look for Facebook (or any other app) > Permissions > turn off the mic.
    • B.  Assume every app is corruptible, and that anything you download can be used against you.
    • C.  Never download an app from outside of the App Store.   There are numerous fake app sites that use “click” bait to gain access to your devices.
    • D.  Be aware of where your electronic devices are located in your work space.  Remove or isolate them from “hearing” as a precaution when appropriate.
    • E.  Turning your cell phone off and then back on (rebooting) at least once a week.  This helps to prevent hackers from accessing personal information. According to the National Security Agency (NSA), this simple weekly action can make personal devices more secure and make it harder for criminals to steal data. Rebooting a phone is a quick and easy way to make it more difficult for these criminals to make you their next victim.

    The most important thing to remember is that your personal devices are akin to mini-computers.  Gaining access to them allows the cybercriminals to access a great deal of personal information that can ultimately be used on the black market against you and your employer.  Employing a few safety tips such as the ones mentioned above are easy ways to help safeguard your privacy.

  • 06/03/2021 9:46 AM | Scott Merritt (Administrator)

    Where are your Secrets being Kept?

    Printer Risks/Vulnerabilities

    Article by the Cyber Security Committee

    Office printers/scanners/fax machines (hereinafter “printers”) are a treasure trove of sensitive data. Because they often come with a web-based interface or an internet connection, they have a huge attack surface, making them easy to hack.

    How are printers vulnerable?

    • Open External Ports (USB, memory cards, etc.)
    • Wi-Fi, Bluetooth and other wireless connections
    • Printers have a memory – all items printed, scanned and copied are stored in memory on hard drive of printer

    What do hackers want with printer access?

    • Access to Non-Public Personal Information and other sensitive information
    • Backdoor access to network – printers can become a “hot spot” for others to use your internet access which could compromise your data and slow the speed of your Wi-Fi

    What are common methods of attack?

    • Criminal sending an image of a file to a company’s printer with Trojan malicious code, which can allow them to capture the content of all images that are printed
    • Criminal will change printer configuration to re-route print jobs to outside the company
    • Criminal will attack through Wi-Fi by getting the printer to connect to a malicious network and then execute/install harmful code

    Steps/suggestions to protect your printers:

    • Change the password access to printer regularly
    • Consider having all employees have their own long, unique passwords
    • Change the printer’s name
    • Change the printer’s Wi-Fi password
    • Regular updating with security patches and software
    • Regularly update and upgrade your printer for latest in security features 
    • Consider disabling USB port on the printer
    • Turn off all application options that come pre-configured with your printer
    • Turn on dual 2-factor authentication, if available
    • Turn off “notifications” for proactive maintenance being sent to suppliers (any messaging going outside your company is taking a risk)
    • Configure network settings so that the printer can only answer commands that come from specified ports on your network router
    • Use a firewall on your printer
    • Enable the hard disk setting to encrypt/set to overwrite
    • Consider turning off all Wi-Fi or Bluetooth options
    • Awareness is key - Recognizing the risk that printers have and making it a priority is crucial in managing and mitigating these threats

     Special considerations to protect your printers AT HOME:

    • Shred all sensitive information that you print at home office prior to throwing it away
    • Update your driver when prompted 
    • If you get rid of a home printer, destroy the hard drive or change the printer settings to make sure that the hard drive is not storing any information
    • If using Wi-Fi – make sure you have a secure connection using VPN - Consider hard wiring if possible
    • Disable Internet Printing Protocol (IPP) printing and enable Secure IPP printing instead
    • Make sure your wireless security is WPA2 or stronger
    • Change setting and redirect to https
    • Set encryption strength to high

  • 03/15/2021 3:37 PM | Scott Merritt (Administrator)

    An article from the FLTA Cyber Security Committee


    A.  Initial Phone Call to Consumer in the beginning of the transaction:

    • Verbally confirm that the request to initiate the wire is from an authorized person within the title company and inform them that the wire instructions will not change.
    • A cashier’s check, a certified check or a wire transfer is acceptable to bring to closing. Many title companies today will only accept wire transfers and limit personal checks to no more than $500, but please be sure to check with your title company regarding their policies for accepting funds.
    •  Communicating directly with title company:  Secure transmittal of documents and information
      • Some title companies will utilize a portal for sharing documents and information.  A client portal is a website, web application or mobile device which provides businesses a secure storage space to let all parties share important documents or information related to the closing process.
      • Use of secure and encrypted email is a best practice today.  Regular un-encrypted emails are easily read by anyone, regardless of whether that person was the intended recipient or not. With secure email encryption, individuals and enterprise systems render the contents of the message unreadable as the email is sent from origin to destination. Most encryption requires a password to access the information in the email.
      • Contact the closing company via the phone number listed on their internet website or call the direct line that you have been using throughout the process and especially on day of the wire transfer.  Never use the phone number listed on an email.  If someone whom you have not spoken with from the title company calls you to verify personal information, get your social security number or verify wiring instructions inform them you will call them back and use the phone number from website or direct line.
      • Verbally confirm wire instructions directly with the title company where you are closing. Be alert and speak directly with the title company if you suspect any email, text compromise or suspicious activity related to your closing.


    A.  Speak with Realtors at the beginning of the transaction: How are we communicating with them?

    • Understand your realtor’s means of communication
      • Communication takes the lead in most things that you do during the closing process. Effective communication goes beyond saying a couple of things and assuming that you are on the same page with your realtor partners. One important consideration is finding how the realtor likes to interact and following a preferred method. Most realtors today like to communicate by email or even text messaging. There are some folks that would like you to pick up the telephone to call. Some are tech savvy and prefer to use another mean of communication. It is best to set proper expectations with your realtor at the beginning of the transaction to avoid any miscommunications.
    • Consider using a portal for communication
      • Some title companies will utilize a portal for client communication. A client portal is a website, web application or mobile device which provides businesses a secure storage space to let all parties share important documents or information related to the closing process.
      • With the client portal, customers don’t have to reach out to the company for each item in a transaction This creates less strain on the company, as they don’t have to answer the phone call or get engaged in any type of real-time conversation.
      • Although client portals are more secure than email, many businesses have a concern about the security of their data in the cloud. These types of businesses can opt to have a private cloud for their sensitive data and take the on-premises hosting of software.
    • Telephone verification on the day of the wire transfer
      • Verbally confirm the request to initiate the wire from an authorized person within the title company.
      • §  Contact the closing company via the phone number listed on their internet website or call the direct line that you have been using throughout the process, especially on the day of the wire transfer.
    • Create a standard warning document about wire fraud and other real estate scams
      • You may wish to consider adding a warning to your email signature line on wire fraud. This notice should not serve as a substitute for educating your clients and other participants in your real estate transactions about email wire fraud.
      • Provide a document that informs your Buyers and Sellers of wire fraud: what it is, how it occurs and how to protect yourself from it.

    B.  Email discussion with Realtors  

    • Open email system:
      • An open email system provides visibility to all team members.  From a business perspective, the open system is a great convenience for sharing information and coordinating business process functions, but it also creates significant security risks because of the lack of privacy that is the essence of its very nature.  The more people who have access, the more exposure to risk. 
      • Additionally, email, itself, is an open format because it can be viewed by anyone who can intercept it (i.e. hackers), despite whether the system is intentionally designed to be shared among team members.
    • Compare to secure email:
      • Today, there are two main protocols used for encrypting emails: TLS, encrypting an email while it’s in transit and End-to-end email encryption.  Encrypted email technology is meant to render the content of your emails unreadable as they travel from origin to destination.  For emails that hold highly sensitive information it is best to use End-to-End encryption. It is designed so that the content can only be decrypted by the intended recipient on their device. While TLS provides strong protection against attacks, the emails are still only secure when they are in transit. Take precautions to preserve privacy, and do not copy other service members on the email, as this could lead to compromising sensitive information or attachments related to the file.
    • Tools to secure email:
      • There are various technology tools available for purchase to create an encrypted email environment, such as automation and digital signatures. However, there are also some very simple steps to take, as well as free or low-cost tools available, to help secure your email:
      • Do not share a common email account with anyone else
      • Use strong passwords; change email passwords frequently, especially before sending out wiring instructions
      • Employ a unique and not easily reproducible email name
    • Email Hosting Services for secure email
      • When using a common email platform, like Gmail or Yahoo, it is relatively easy for a fraudster to impersonate another’s email; after all, anyone can sign up for a free Yahoo or Gmail account.  By changing one solitary letter in a free account email name, a hacker has an excellent chance of passing himself or herself off as the authentic sender – particularly when the recipient does not look too closely at the spelling of an expected email. 
      • An alternative is to use an “email hosting service,” such as Go Daddy, to purchase a specific, unique domain name for your email that cannot be impersonated (e.g.  These services have a variety of options, such as a landing page (i.e. a webpage that subscribers are directed to after filling in fields for contact), and encryption. 

Florida Land Title Association is a 501(c)6 not-for-profit organization.

Copyright © 2013-2021. All Rights Reserved.

Mailing Address:
Florida Land Title Association
P.O. Box 66145
St. Pete Beach, FL 33736

Powered by Wild Apricot Membership Software