|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management Strategy And Governance [Abstract]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
The Company’s Information Security Program (“Program”) uses a variety of safeguards to protect the confidentiality, integrity, and availability of information. The Program is designed to identify, prevent, or mitigate the risks from cybersecurity threats. The Program leverages recognized security frameworks, such as the National Institute of Standards and Technology (NIST), Financial Services Information Sharing and Analysis Center (FS-ISAC), Federal Financial Institutions Examination Council (FFIEC), and Ransomware Self-Assessment Tool (R-SAT), to organize, improve, and assess the program and to better manage and reduce cybersecurity risk. The Program is assessed and updated annually and as needed.
The Company regularly assesses the threats and vulnerabilities to its environment so it can update and maintain its systems and controls to effectively mitigate these risks. Layered security controls are designed to complement each other to protect customer information and transactions. The Company periodically engages third-party experts and consultants to conduct evaluations of our security controls, whether through penetration testing, audits, assessments, or consulting on best practices to address new challenges. Results are used to help drive priorities and initiatives to improve the Program. Additionally, as a regulated entity, bank regulators assess the quality of our information security program during their regular examinations of the Company and its compliance with federal regulations and requirements.
The Company’s third-party risk management program is designed to oversee and identify the cybersecurity threats associated with the use of third-party service providers. While the optics into a third-party’s operation are limited, the Company performs risk-based evaluations of third-party service providers. These evaluations include reviewing information including, but not limited to, security assessment questionnaires, security testing summaries, audit reports performed under the SSAE 18 Audit Standard, and information security policies.
We view security awareness as a continuous program. All Company employees receive cybersecurity and fraud training at the required new employee orientation and subsequently receive information security tips via email. Employees also receive annual security awareness training.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company’s Information Security Program (“Program”) uses a variety of safeguards to protect the confidentiality, integrity, and availability of information. The Program is designed to identify, prevent, or mitigate the risks from cybersecurity threats. The Program leverages recognized security frameworks, such as the National Institute of Standards and Technology (NIST), Financial Services Information Sharing and Analysis Center (FS-ISAC), Federal Financial Institutions Examination Council (FFIEC), and Ransomware Self-Assessment Tool (R-SAT), to organize, improve, and assess the program and to better manage and reduce cybersecurity risk. The Program is assessed and updated annually and as needed.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
The Company’s system of internal controls also incorporates a protocol for the appropriate reporting and escalation of information and cybersecurity matters to management and the Board of Directors for resolution and, if necessary, disclosure of any material incidents. The Board of Directors is actively engaged in the oversight of the Company’s continuous efforts to reinforce and enhance its operational resilience and receives education to enhance their oversight efforts to accommodate for the ever-evolving information and cybersecurity threat landscape. The Information Security Officer (“ISO”) regularly updates the Board, management and any appropriate committees on the information and cybersecurity risks, threats, exposures, and mitigation measures. The Company’s incident response process is periodically tested and includes cybersecurity scenarios.
The Program is overseen by the Information Security Committee, Board of Directors, and Compliance Committee.
The Company’s Board of Directors monitors the Program including policies and practices. The Company’s Compliance Committee and Information Security Committee along with the company’s Board of Directors oversee areas
of operational risk such as information technology activities; risks associated with development, infrastructure, and cybersecurity; oversight of information security risk assessments, strategies, policies, and programs; and disaster recovery, business continuity, and incident response process. The ISO also provides periodic cybersecurity updates to the Board of Directors.
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|Information Security Committee, Board of Directors, and Compliance Committee
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|The Chief Operating Officer (COO) along with the ISO are responsible for developing and implementing our Program and reporting on cybersecurity matters to the Board.The ISO also provides periodic cybersecurity updates to the Board of Directors.
|Cybersecurity Risk Role Of Management [Text Block]
|
The Chief Operating Officer (COO) along with the ISO are responsible for developing and implementing our Program and reporting on cybersecurity matters to the Board. Our COO and ISO have over 25 years of combined related experience. We view cybersecurity as a shared responsibility, and we periodically perform simulations and tabletop exercises and incorporate external resources and advisors as needed.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|Chief Operating Officer (COO) along with the ISO
|Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]
|Our COO and ISO have over 25 years of combined related experience.
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|The Information Security Officer (“ISO”) regularly updates the Board, management and any appropriate committees on the information and cybersecurity risks, threats, exposures, and mitigation measures. The Company’s incident response process is periodically tested and includes cybersecurity scenarios.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.
|X
- References
+ Details
No definition available.