Data privacy and protection are a strategic priority at Sandy Spring Bank. We have established strong governance measures to protect the privacy and security of customer information and help ensure compliance with the numerous privacy and cybersecurity laws and regulations that apply to our business.
We have put in place extensive corporate policies and operating procedures that govern how we collect, use, retain and protect data. We employ a layered approach to cybersecurity that utilizes multiple levels of preventative and detective tools, rigorous systems testing and software patch management. Our efforts are led by the Chief Information Security Officer. Our Information Security team tracks key performance and risk indicators, which it reports quarterly to our board's Risk Committee.
We obtain independent audits of our Information Security Program, engage third-party companies annually to conduct internal and external penetration testing and conduct internal security risk assessments.
All employees are engaged in protecting and securing data. Employees receive annual training on cybersecurity risks, and we routinely conduct exercises to raise data security awareness. During National Cybersecurity Awareness Month, our employees participate in companywide engagement exercises featuring regular messages and micro-trainings on:
- Phishing, malware and spear phishing.
- Ransomware.
- Cybersecurity at home, online shopping and unsecured networks.