With the highly publicized reports on recent cyber-attacks such as SolarWinds and the Microsoft Exchange Server vulnerabilities, we wanted to highlight how Meadows Bank has responded to these threats and more importantly how we protect our customer’s data on an ongoing basis.
First, we are happy to report that we had no instance of the affected SolarWinds Orion product on any device throughout our network. Additionally, we have confirmed that our critical service providers were not affected, and that the data they process for us was not compromised.
Meadows Bank moved to a hosted environment for email several years ago and so therefore does not maintain an on-premise Exchange Server. We have been in close contact with our network administrator throughout the Microsoft Exchange Server attacks and have confirmed that our Exchange Servers were patched and not exposed to the vulnerabilities.
Meadows Bank views the security of information as a top priority, investing in resources that enable us to secure our customer’s valuable data. Our vendor management program includes a thorough due diligence review when selecting new vendors and performing periodic reviews. Our network administration service includes a Security Operations Center (SOC) with 24x7x365 monitoring and a team of cybersecurity professionals that quickly respond to reported threats. We have strong encryption tools and two factor authentication to allow our remote workers to perform their duties in a secure environment.
Not only do we invest in secure network and server technology as mentioned above, but also in ongoing education for all employees and regular testing that includes simulated phishing scams, penetration testing and vulnerability scanning. Additionally, we maintain membership in government sponsored and key private sector industry groups that track and report on new threats. We undergo rigorous examinations by federal regulators and private auditors on a continuous basis.
Additionally, through articles such as this, and information contained on our website, we provide awareness to help our customers be prepared for cyber-threats. We encourage all businesses to have a strong Information Security program that includes elements such as Continuity of Business, Disaster Recovery, Cyber Incident Response Plan, firewalls with strong rule sets and event logging and a continuous patch management program.
Individual consumers can likewise act to protect their data by using strong passwords, installing software/application updates as soon as they are published and follow a strict program of cyber hygiene by not clicking links or opening attachments in emails that appear to be suspicious or come from an unknown sender. Being cautious about your Internet browsing habits, and avoiding suspicious sites also goes a long way toward keeping you safe from viruses, and ransomware.
Protecting data is a shared responsibility. What does “shared responsibility” mean. Let’s look at it this way, when we drive, we seamlessly understand that there are some things we depend on the manufacturer of our car to provide (brakes that work, airbags that deploy) and some things we’re responsible for (using the brakes when needed, not turning off the airbag protection, etc). That is the concept of shared responsibility. Meadows Bank is here to protect the data you entrust to us, and we encourage you to be cautious and help protect yourself and your data.