A letter from Chief Information Security Officer, Jeffrey Weeks

It goes without saying that cyber threats are a significant risk to our country, our company, and our customers. As a customer-led organization, we fiercely protect our customers’ data as if it were our own. With our customers in mind, we’ve grounded FNBO’s Information Security Philosophy in seven steadfast principles:

We start with industry standards. 

We begin with industry standards. While some organizations may directionally align to industry baselines, we use industry respected standards like ISO27001 and the Payment Card Industry (PCI) Data Security Standard as a starting point for our information security strategy and build from there.

We use multiple layers of protection. 

We coordinate multiple countermeasures to establish layers of protection between threat actors and our information assets. If one line of defense is compromised, additional layers exist as a backup to ensure that threats are stopped along the way. Things like firewalls, email security and antivirus are just a few of the layers in place to protect our valuable data.

We grant only the minimum access necessary.

We enforce stringent access control, granting the bare minimum access to information and systems, and only on a need-to-know basis. People, systems, and processes are all strictly limited in what can be seen or done. By limiting access, we limit risk.

We prioritize keeping data from leaving our network. 

We secure data where it is—detecting, alerting and blocking— to protect against the data leaving the FNBO network. We fortify our perimeter while continually thinking of new ways hackers might try to exfiltrate data they come looking for—and ways to stop them.

We gather intelligence from public & private sources. 

We know that high quality threat intelligence and strength in numbers are vital to our ability to combat threat actors. We actively collaborate with public sector resources like the Department of Homeland Security and Federal Bureau of Investigation. We also work with industry and local private sector groups, leveraging strength in numbers, to share real time and actionable intel to protect against or detect cyber threats.

We empower our employees with cyber knowledge. 

We empower employees with the knowledge and training to respond to cyber threats. We use tools like role-based training, companywide communications, and regular simulated phishing campaigns to ensure the entire FNBO team is not only educated but knows how to practically apply what they’ve learned to real-life scenarios. By maintaining a relevant, aggressive awareness program we maintain a cyber aware culture where information security is everyone’s responsibility.

We adhere to rigorous compliance requirements. 

We adhere to the rigorous compliance requirements expected of financial institutions and members of critical infrastructure. We are subject to continuous internal and external examination by qualified third parties including the Office of the Comptroller of the Currency and are PCI compliant.

I encourage you to use the information contained in the Security Center as a tool to protect your accounts at the bank and to make your online activities beyond banking safer.

Sincerely,

Jeffrey C. Weeks
Sr. Vice President & Chief Information Security Officer