Security and Confidentiality
With a clear understanding of the importance of our systems, software and data to Tower’s business functions and a keen awareness of the reality of cyber threats in today’s digital environment, Tower MSA Partners has taken major steps to develop its enterprise-wide security infrastructure to guard against, detect and mitigate cyberattacks. This includes partnerships with best-in-class third parties to monitor networks, servers and endpoints, as well as software tools, training and policies to ensure all Tower hardware, software and data is protected from external breach within the working environment.
Enterprise Cybersecurity Program
Tower’s cybersecurity program includes, but is not limited to the following:
- Installation and continuously updated Extended Detection and Response (XDR) software that detects threat data from previously siloed security tools across an organization’s technology stack for easier and faster investigation, threat hunting and response
- Multi-factor authentication for all software applications and systems
- VPN protection for all Tower systems and data
- Procedures for Tower workforce members to report suspected or confirmed malware
- Plans for recovering from cyberattacks in accordance with Tower’s Disaster Recovery Plan
- Software that examines electronic mail attachments and downloads before they can be used on internal devices and systems
- Annual PEN testing and quarterly vulnerability scanning for all networks and servers
- Security Operations Center (SOC). Real time monitoring that includes 24 / 7 / 365 server, network and endpoint detection and response monitoring to prevent, detect and mitigate cyberattacks.
Security Awareness Training
According to the FBI, phishing is the most common type of cybercrime. To mitigate the risk of malware, ransomware gaining access to Tower’s IT environment, Tower provides training and awareness to its workforce members on detecting malicious software. Monthly awareness training for workforce members includes the following topics:
- How to identify phishing emails
- How to report potentially dangerous software
- How to discover malicious software fraud
- How to handle email attachments that may contain malware or ransomware
- How to use anti-virus software appropriately
Reporting Breaches in Security
If a workforce member observes or suspects any type of suspicious, abnormal, or unauthorized activity that threatens the confidentiality, integrity, or availability of Tower information, or any activity that compromises, or is likely to compromise customer or employee personal information, especially Sensitive Information, whether through unauthorized disclosure, access, or destruction, the workforce member should immediately contact the IT Admin and/or Tower Management.
External Testing of Cybersecurity Program Controls and Effectiveness
To ensure that Tower’s cybersecurity controls program governance is consistently performing optimally, each year Tower reviews the effectiveness of its controls over security, availability, processing integrity, confidentiality, and privacy via SOC reports based on the principles in the American Institute of Certified Public Accountants (AICPA) TSP Section 100, Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy.