Corporate Social Responsibility

Cybersecurity Practice and Policy

Lake City Bank approaches cybersecurity with a defense-in-depth strategy that aligns people, process and technology with industry best practices to foster a culture of cybersecurity awareness. This culture of cybersecurity awareness starts with our people. Before new employees start their career with Lake City Bank, they must pass a comprehensive background check. Every employee’s first day with Lake City Bank begins with a full day of training that includes several hours focused on the bank’s cybersecurity practices. Training continues for every employee throughout the year, to ensure every employee is trained, tested, and capable of detecting and preventing Cybersecurity threats.

The Lake City Bank Cybersecurity Program incorporates a comprehensive set of policies and procedures that provide governance and direction over its dedicated Information Security and Technology teams. These policies and procedures define responsibilities related to separation of duty requirements, change management processes, user access controls, critical vendor due diligence efforts, technical readiness maturity, and incident response management procedures. In addition to annual audits by state and federal regulators, Lake City Bank enlists third party auditors specializing in network security and penetration testing activities that hold the bank accountable to these policies.

In addition to anti-virus and anti-malware software on all computer systems through the bank, Lake City Bank continually makes significant investments in implementing state-of-the-art monitoring, detection and response technologies and has created a dedicated Information Security Team that is charged with the continuous scanning of every computer, laptop, server, printer, and telephone, among other devices and endpoints, for known vulnerabilities and threats. These state-of-the-art technologies are designed to detect and prevent, among other things, malicious e-mails with links or attachments that may contain viruses and malware. In addition, systems are designed to detect the movement of files that contain customer information and prevent that information from leaving the Lake City Bank network unless specifically authorized.

Lake City Bank’s team is well trained and regularly reviews, tests, and practices its Incident Response Plan. The plan is updated regularly as new requirements related to incident readiness, response, and notification are enacted through regulation, industry best practice or other needs. The team tests the Incident Response Plan through annual exercises that simulate cyberthreat events, to be certain the team can act quickly, decisively, and instinctively to ensure the safety of your information, your money and your peace of mind.

Rest assured that the Lake City Bank technology teams are monitoring its network 24×7 to protect its customers’ information and assets.