Data privacy and protection are a strategic priority at Sandy Spring Bank, and we have established strong governance measures to protect the privacy and security of customer information and help ensure compliance with all privacy and cybersecurity laws and regulation. As a regulated financial institution, we are subject to numerous laws and regulations regarding data privacy and cybersecurity.
We have put in place extensive corporate policies and operating procedures that govern how we collect, use, retain and protect data. We employ a layered approach to cybersecurity that utilizes multiple levels of preventative and detective tools, rigorous systems testing, software patch management, dedicated information security staff led by our Chief Information Security Officer, and a security awareness program for all employees. Our Information Security team tracks key performance and risk indicators, which it reports quarterly to our board's Risk Committee.
We obtain independent audits of our information security program, engage third-party companies annually to conduct internal and external penetration testing, and conduct internal security risk assessments.
All employees are engaged in protecting and securing data. Employees receive annual training on cybersecurity risks, and we routinely conduct exercises to raise data security awareness. In recognition of October 2022 being National Cyber Security Awareness Month, our employees participated in a company-wide engagement exercise featuring weekly messages, and micro trainings on the following:
- Phishing, Malware, and Spear Phishing
- Ransomware Training
- Cybersecurity at Home, Online Shopping, and Unsecured Networks