Cybersecurity

Effective data security starts with employee awareness, training and risk assessment 

• Information security constitutes a significant investment – from training our people to ensuring the right mix of systems and operational controls are in place to ensure protection. 
• Our associates are regularly trained, made aware of security practices and privacy-related regulations, and are required to take an annual security awareness training course. Our software developers are also required to take additional courses related to creating secure application programs. 
• Our technology team has implemented its own internal phishing testing and awareness campaign to measure and benchmark employee awareness to suspicious emails. The team also initiates an annual penetration test done by an independent third party ethical hacker. 
• Cybersecurity incident response is one part of our disaster recovery testing in which our associates participate. 
• Analyzing risk is a critical first step – from rating and performing due diligence on third party vendors to reviewing safety, privacy and general compliance issues through our Risk Committee, we make risk assessment and mitigation a priority.
•  We maintain a number of security-related policies and procedures including a Cybersecurity and Incident Response policy (using the SEC's recommended NIST framework) and a Written Information Security Policy.