Webster Bank Corporate Responsibility Report: Cybersecurity

Rhea-AI Summary

Webster Bank emphasizes commitment to data security and privacy in its 2022 Corporate Responsibility Report.

Positive

• Webster Bank prioritizes the security of client information and has robust information security and technology risk programs in place.
• The bank has an extensive cybersecurity strategy and conducts regular tabletop exercises and penetration testing to assess the effectiveness of security controls.
• All colleagues and third parties are expected to protect client information, undergo training, and maintain required security controls.

Negative

• None.

STAMFORD, CT / ACCESSWIRE / October 10, 2023 / Webster Bank

Originally published in Webster Bank's 2022 Corporate Responsibility Report

The security of our clients' private information is one of Webster's key priorities.

We are committed to prevention, detection and timely response to incidents that may impact the confidentiality, integrity and availability of information assets and customer information. Our robust information security and technology risk programs are managed by the Chief Information Security Officer, with additional oversight by our Information Risk Committee, Enterprise Risk Management Committee and Risk Committee of the Board of Directors.

We have a broad and comprehensive approach to data security and privacy issues, including an extensive cybersecurity strategy, foundational pillars of privacy and robust efforts to fight global fraud. Because cyber threats continue to evolve, we prioritize the continued development and enhancement of our controls, processes and practices that are designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access, and facilitate the recovery of any compromised assets. Regular tabletop exercises are held at management and Board levels to validate roles and responsibilities and response protocols respective to potential security incidents. In addition, extensive penetration testing is performed to assess the effectiveness of our security controls. In the event of a data breach, we would follow guidance issued under the Gramm-Leach-Bliley Act, as well as local data breach notification laws.

Webster expects all colleagues and third parties to protect the security and confidentiality of client information. Information Security training is required at the time of hire and annually thereafter. Regular phishing simulation activities are conducted to assess colleagues' competency at identifying potential threats. All third parties with access to customer data undergo rigorous due diligence prior to onboarding and ongoing monitoring to ensure they maintain required security controls. Our Security Operations team works 24/7 using a combination of industry leading tools and innovative in-house technologies to help protect our stakeholders against cybercriminals and fraudsters. Our team members are responsible for complying with our cybersecurity standards and complete mandatory annual training to understand the behaviors and technical requirements necessary to keep information secure. We also offer ongoing practice and education for team members to recognize and report suspicious activity.

Colleagues are trained and tested, and assessments are conducted to ensure relevant suppliers have the appropriate controls implemented to protect clients' information.

We use examination guidelines, frameworks and privacy laws to guide us in consistently meeting legal and regulatory requirements. Our strategy allows us to perform a high level of due diligence by investing in information security controls, which provide the best mechanism to deflect hackers. We recognize our responsibility to appropriately use, maintain and safeguard the personal data we collect from our stakeholders.

The Information Risk Committee (IRC), a subcommittee of Enterprise Risk Management Committee (ERMC), is responsible for overseeing information technology and security risk. IRC is responsible for approving information technology policies, which align with regulatory guidance and industry standards, as well as monitoring the effectiveness of the information security program. The Director of Information Risk serves as the chair of the IRC, and its members include key leaders from the Technology and Risk organizations, including the Chief Information Officer, Chief Risk Officer and Chief Information Security Officer.

To learn more about Webster Bank's commitment to corporate responsibility, visit our CR webpage.

For full details about Webster Bank's 2022 Corporate Responsibility Report, visit here.

View additional multimedia and more ESG storytelling from Webster Bank on 3blmedia.com.

Contact Info:
Spokesperson: Webster Bank
Website: https://www.3blmedia.com/profiles/webster-bank
Email: info@3blmedia.com

SOURCE: Webster Bank

View source version on accesswire.com:
https://www.accesswire.com/791611/webster-bank-corporate-responsibility-report-cybersecurity

FAQ

What is Webster Bank's approach to data security and privacy?

Webster Bank has a comprehensive approach to data security and privacy, including an extensive cybersecurity strategy and efforts to fight global fraud.

What measures does Webster Bank take to protect against cyber threats?

Webster Bank conducts regular tabletop exercises and penetration testing to assess the effectiveness of security controls and protect its systems, computers, software, data, and networks.

What training and requirements are in place for colleagues and third parties?

Colleagues and third parties are required to undergo information security training, phishing simulation activities, and maintain required security controls.

Who oversees information technology and security risk at Webster Bank?

The Information Risk Committee (IRC), a subcommittee of the Enterprise Risk Management Committee (ERMC), is responsible for overseeing information technology and security risk at Webster Bank.