Data privacy and protection are a strategic priority at Sandy Spring Bank, and we have established strong governance measures to protect the privacy and security of customer information and help ensure compliance with the numerous privacy and cybersecurity laws and regulations that apply to our business.
We have put in place extensive corporate policies and operating procedures that govern how we collect, use, retain, and protect data. We employ a layered approach to cybersecurity that utilizes multiple levels of preventative and detective tools, rigorous systems testing, software patch management, dedicated information security staff led by our Chief Information Security Officer, and a security awareness program for all employees. Our Information Security team tracks key performance and risk indicators, which it reports quarterly to our board's Risk Committee.
We obtain independent audits of our information security program, engage third-party companies annually to conduct internal and external penetration testing, and conduct internal security risk assessments.
All employees are engaged in protecting and securing data. Employees receive annual training on cybersecurity risks, and we routinely conduct exercises to raise data security awareness. In recognition of October being National Cyber Security Awareness Month, our employees participate in company-wide engagement exercises featuring regular messages and micro trainings on the following:
- Phishing, Malware, and Spear Phishing
- Ransomware Training
- Cybersecurity at Home, Online Shopping, and Unsecured Networks