Tower MSA Partners Cybersecurity Assurance
With a clear understanding of the importance of our systems, software and data to Tower’s business functions and a keen awareness of the reality of cyber threats in today’s digital environment, Tower MSA Partners has taken major steps to develop its enterprise-wide security infrastructure to guard against, detect and mitigate cyberattacks. This includes partnerships with best in class third parties to monitor networks, servers and endpoints, as well as software tools, training and policies to ensure all Tower hardware, software and data is protected from external breach within the working environment.
Enterprise Cybersecurity Program
Tower’s cybersecurity program includes, but is not limited to the following:
- Installation and updates of anti-malicious software on all devices and systems
- Multi-factor authentication for all software applications and systems
- VPN protection for all Tower systems and data
- Procedures for Tower workforce members to report suspected or confirmed malware
- Plans for recovering from cyberattacks in accordance with Tower’s Disaster Recovery Plan
- Software that examines electronic mail attachments and downloads before they can be used on internal devices and systems
- Annual PEN testing and quarterly vulnerability testing for all networks, servers and software
- Real time monitoring that includes 24 / 7 / 365 server, network and endpoint detection and response monitoring to prevent, detect and mitigate cyberattacks.
Cybersecurity Training and Awareness
According to the FBI, phishing was the most common type of cybercrime in 2020, with more than 11 times as many phishing complaints in 2020 as compared to 2016. 74% of organizations in the US experienced a successful phishing attack in 2020. To mitigate the risk of malware, ransomware gaining access to Tower’s IT environment, Tower provides training and awareness to its workforce members as to how to detect malicious software. Quarterly awareness training for workforce members includes the following topics:
- how to identify phishing emails
- how to report potentially dangerous software
- how to discover malicious software fraud
- how to handle email attachments that may contain malware or ransomware
- how to use anti-virus software appropriately
Reporting Breaches in Security
If a workforce member observes or suspects any type of suspicious, abnormal, or unauthorized activity that threatens the confidentiality, integrity, or availability of Tower information, or any activity that compromises, or is likely to compromise customer or employee personal information, especially Sensitive Information, whether through unauthorized disclosure, access, or destruction, the workforce member should immediately contact the IT Admin and/or Tower Management.
External Testing of Cybersecurity Program Controls
To ensure that Tower’s cybersecurity controls program governance is consistently performing optimally, each year Tower reviews the effectiveness of its controls over security, availability, processing integrity, confidentiality, and privacy via SOC reports based on the principles in the American Institute of Certified Public Accountants (AICPA) TSP Section 100, Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Tower’s SOC 2 Type 2 Report is current as of April 16, 2021 and is available to current and prospective customers upon request.