How to Protect Your Title Agency from Cyberattacks | Ep 19
Episode Summary
Genady Vishnevetsky, CISO at Stewart Title for nine years, breaks down the cybersecurity threats facing title agencies today. He explains why phishing and social engineering remain the top attack vectors, how password breaches like the 10 billion credential Rockyou2024 leak expose agencies, and why multi-factor authentication everywhere is non-negotiable. Genady shares free security awareness tools, incident response protocols, and practical advice for small agencies without dedicated IT staff. He also addresses the weakest link in transactions: unsecured realtor email accounts and how voice cloning and deepfakes are emerging threats.
About Genady Vishnevetsky
Genady Vishnevetsky is the Chief Information Security Officer at Stewart Information Services Corporation, where he has led cybersecurity initiatives for over nine years. With more than 20 years of experience as a security leader, Genady previously held similar roles at two payment processors in the financial services industry. He publishes a weekly cybersecurity update every Friday at 8 a.m. Central on the ALTA Open Forum, providing title agents with current threat intelligence, attack techniques, and best practices. Genady specializes in making complex security concepts accessible to non-technical audiences in the title insurance industry.
Key Takeaways
- Phishing and social engineering remain the number one attack vector in title insurance, with adversaries targeting the 24-48 hour window before closing when urgency is highest.
- The Rockyou2024 breach exposed 10 billion username-password combinations, making multi-factor authentication mandatory for every account that supports it.
- Email encryption and secure data exchange are inexpensive to add to Microsoft 365 and essential for protecting sensitive client information and avoiding liability.
- Start security awareness training slowly and never penalize employees for failing phishing tests—embrace good behavior and turn mistakes into teachable moments.
- Small agencies should hire a professional to conduct a gap assessment and establish an IT retainer relationship before an incident occurs, not after.
- Realtors using unsecured personal email accounts are the weakest link in title transactions, and agencies must implement vigilance protocols like verifying wire instructions via phone.
- Voice cloning tools cost as little as five dollars per month, making voice and video impersonation a growing threat that requires keyword verification protocols for high-stakes transactions.
Episode Chapters
| Time | Topic |
|---|---|
| 00:00 | Intro and Genady’s background |
| 03:45 | Current cybersecurity landscape for title |
| 08:12 | Cloud migration and vendor risk management |
| 11:30 | Most common cyber threats: phishing, smishing, password breaches |
| 18:45 | Essential cybersecurity best practices for title agencies |
| 23:20 | Understanding social engineering tactics |
| 26:40 | Protecting sensitive client data in transactions |
| 31:15 | Employee training: human risk over computer-based training |
| 38:50 | Balancing security with user-friendly operations |
| 43:10 | Incident response: first steps after a data breach |
| 47:25 | Mitigating the realtor weak link |
| 50:30 | Emerging threats: AI, voice cloning, and deepfakes |