Cybersecurity at First Western – 12 Reasons to Rest Assured
January 24, 2022
Today’s digital banking world is full of opportunities for financial institutions to make things easier for their customers. But within that space also lie bad actors and individuals that mean to do harm through identity theft and other cyber means. Rest assured. First Western Trust’s leading cybersecurity methods help protect your data as we truly embody our mantra: Trust Where You Bank.
- Using the industry-standard cybersecurity framework, First Western has robust cyber and business resilience programs that protect the integrity and confidentiality of its data and network for clients, users, and associates including vulnerability and threat scanning, policy enforcement to protect against breach, malicious agents and adversarial information security acts, and more.
- First Western conducts multiple quarterly and annual risk assessments for cyber maturity and health, ransomware, IT operations, privacy controls, business resilience, software and hardware application security and user access controls to ensure a strong weave of ongoing security program controls and responses.
- First Western hires reputable national audit firms to annually assess its IT General Controls (ITGC), its Ebanking controls, and its vulnerability against social engineering and penetration by malicious agents and actors.
- First Western utilizes a governance structure that includes Board oversight of both its Technology and Information Security functions and strategic planning.
- First Western utilizes a strong layered approach to data governance which includes sound physical and logical user access controls and reviews, privileged access management to help secure, control, manage and monitor privileged access to critical information assets, multi-factor authentication and a secure virtual desktop environment.
- First Western utilizes a regulator-approved third party acquisition and due diligence program that ensures appropriate Service Organization Controls are present in all of its critical vendors and such third party controls are tested in its annual ITGC audit.
- First Western provides annual fraud and cyber awareness training for its personnel as well as monthly social engineering testing and training within a leadership-led risk-aware culture. Additionally, First Western employs a fully trained and staffed Risk/Fraud/Compliance staff that provides alerting and other risk-related training throughout the year.
- First Western actively engages in an application lifecycle management program to ensure optimal version/life cycle management of software and hardware in alignment with its strategic plan. To ensure strong software and hardware vulnerability management, it engages a third party to conduct quarterly vulnerability scans as well as annual vulnerability and penetration testing.
- First Western has mature business resiliency management, disaster recovery, pandemic and incident response programs. Its complement of ongoing testing and training for business continuity management ensured its nimble pivot to remote, sustainable, profitable pandemic operations in not only 2020, but as the pandemic has stretched into ongoing “business as usual.”
- First Western leverages encryption technologies for both data at rest and data in transit. These encryption technologies are evaluated for strength of encryption on an annual basis. In addition, a Virtual Desktop Interface solution is in place at First Western which keeps sensitive data at rest confined to our secure datacenter.
- First Western utilizes an array of endpoint, firewall, network intrusion, vulnerability management, anti-malware, host intrusion prevention and detection, and other 24/7 monitoring solutions and teams to ensure security of all of its information technology systems and users.
- First Western utilizes two managed services providers to monitor its network activity 24/7. Both of these MSPs are focused on emerging threats and have full-spectrum communication and incident response programs. To date, First Western has had no breaches.
CYBER TIPS FOR OUR CLIENTS
Cybersecurity isn’t just something that begins and ends at your financial institution – the cyber threats are present at home and anywhere your financial information is accessible ie. phone, tablet, laptop desktop. To maintain your information is safe, we also make the following promises and recommendations to all of our current and prospective clients:
- We will never ask you to give or send sensitive information such as social security number or any other personally-identifying information to us by phone or in an email;
- We will never ask you to send funds through an email or phone request;
- We recommend you monitor your credit report;
- We recommend you use digital, online applications provided by reputable financial services companies whenever available;
- We recommend you always use strong passwords in your personal accounts and for your email that include 12 characters (a mix of alpha, number and character) in a phrase only you know and to change your passwords every 90 days;
- We recommend you ensure your home computer has an up to date operating system that is supported by its manufacturer; and
- We recommend virus protection be kept up to date.
As we’re now into 2022, it’s time to better protect your personal information as a priority or “resolution.” There are many steps that we at First Western Trust take every day to ensure your information is safe and secure. Remember, though, that cybersecurity is an ongoing challenge and it takes proactive actions to protect your data at home and on the go, as well as to keep cyber threats and identity thieves at bay.