Robust cybersecurity and confidentiality systems for unrivaled protection and peace of mind.

With a clear understanding of the importance of our systems, software, and data to business functions and a keen awareness of the reality of cyber threats in today’s digital environment, Tower has taken extraordinary steps to develop enterprise-wide security infrastructure and vigilantly guard against, detect, and mitigate cyberattacks. We have partnerships with best-in-class third parties to monitor networks, servers, and endpoints, as well as software tools, training, and policies to ensure all Tower hardware, software, and data are protected from external breach within the working environment.

  • Partnerships with best-in-class providers
  • Multi-factor authentication
  • VPN protection for all systems and data
  • Reporting procedures
  • Disaster recovery plan
  • 24/7/365 real time monitoring
  • Monthly awareness training for staff

Enterprise Cybersecurity Program

  • Installation and continuously updated Extended Detection and Response (XDR) software that detects threat data from previously siloed security tools across an organization’s technology stack for easier and faster investigation, threat hunting and response
  • Multi-factor authentication for all software applications and systems
  • VPN protection for all Tower systems and data
  • Procedures for Tower workforce members to report suspected or confirmed malware
  • Plans for recovering from cyberattacks in accordance with Tower’s Disaster Recovery Plan
  • Software that examines electronic mail attachments and downloads before they can be used on internal devices and systems
  • Annual PEN testing and quarterly vulnerability scanning for all networks and servers
  • Security Operations Center (SOC). Real time monitoring that includes 24 / 7 / 365 server, network and endpoint detection and response monitoring to prevent, detect and mitigate cyberattacks.

Cybersecurity Awareness Training

According to the FBI, phishing is the most common type of cybercrime. To mitigate the risk of malware, ransomware gaining access to Tower’s IT environment, Tower provides training and awareness to its workforce members on detecting malicious software. Monthly awareness training for workforce members includes the following topics:

  • How to identify phishing emails
  • How to report potentially dangerous software
  • How to discover malicious software fraud
  • How to handle email attachments that may contain malware or ransomware
  • How to use anti-virus software appropriately

Reporting Breaches in Security

If a workforce member observes or suspects any type of suspicious, abnormal, or unauthorized activity that threatens the confidentiality, integrity, or availability of Tower information, or any activity that compromises, or is likely to compromise customer or employee personal information, especially sensitive information, whether through unauthorized disclosure, access, or destruction, the workforce member should immediately contact the IT Admin and/or Tower Management.

External Testing of Cybersecurity Program Controls and Effectiveness

To ensure that Tower’s cybersecurity controls program governance is consistently performing optimally, each year Tower reviews the effectiveness of its controls over security, availability, processing integrity, confidentiality, and privacy via SOC reports based on the principles in the American Institute of Certified Public Accountants (AICPA) TSP Section 100, Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy.