Our team stays up to date on industry best practices and participates in industry threat intelligence feeds. The Information Security Program is integrated with vendor management, business continuity planning, disaster recovery, and incident response. Our teams are working day and night to keep your information secure.
Additionally, we have a formal cybersecurity program that identifies and assesses cybersecurity risks. United employs an in-depth, layered, defensive approach that leverages people, processes, and technology to manage and maintain cybersecurity controls. We deploy a variety of preventative and detective tools to monitor, block, and provide alerts regarding suspicious activity. Details on associated risks, as well as any material breach of security should one occur, would be disclosed in our 10-K.
Our top-notch program includes thorough policies/procedures, employee training, and several layers of assessments that protect your information and our IT systems. We utilize “best in breed” security equipment, regularly patch software, and continuously monitor and remediate vulnerabilities.
Policies and Procedures: United Bankshares is compliant with the Gramm-Leach Bliley Act (GLBA), which requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Privacy Policy is available by request or on our website: https://www.bankwithunited.com.
Our Privacy Policy applies to all business lines, employees, and contractors. It describes how we collect, share, and protect personal information. We apply physical, technical, and administrative controls to ensure a comprehensive approach to security and confidentiality. We have strong access control processes in place, and system users are provisioned based upon the principle of least privilege (where permissions are only granted to those who need access in order to perform their work).
Employees complete Privacy Incident Reports if there is suspicion that a customer’s personal privacy has been compromised, and the report is submitted to the Information Security Department for further investigation. A comprehensive incident response plan has been developed with designated response teams. Should we need it, a cyber insurance policy is in place.
Training: Every United employee is responsible for protecting customer information. All employees are required to complete training on privacy and security practices annually. Trainings are continuously updated to prepare employees for the threats that have been most recently identified through our risk assessments. Employees are also tested through monthly simulated phishing attacks.
Assessments: Regulatory agencies and United’s Internal Audit regularly assess the Information Security Program, including established security controls. Risk assessments identify, estimate, and prioritize system risks of products, services, and equipment. United conducts regular vulnerability scans of our environment and annually contracts with third-party security firms to perform penetration testing/ vulnerability assessments. While results of these assessments are confidential, they are reported to the Board of Directors.
Vendor Management: We are aware that the vulnerabilities of our vendors can be vulnerabilities to United. We maintain a strong Vendor Management Program that vets and continuously monitors our third-party providers. This includes reviewing our vendors’ security controls and conducting independent assessments.