The key pillars of our information security program are: Identify, Protect, Detect, Respond, and Recover.
Protecting customer information takes awareness and effort from all our employees. We’ve built processes to identify cybersecurity threats and ensure our data and customer privacy are well-protected. These processes have been developed in partnership with Flagstar’s Chief Risk Officer, Chief Information Officer, Chief Information Security Officer, business unit leaders, and enterprise risk management team.
Flagstar’s Chief Information Security Officer performs ongoing oversight of the information security program and ensures that ongoing independent testing of implemented controls is performed. The results are shared with the Board of Directors.
All Flagstar employees are expected to securely handle bank devices and customer information and comply with bank policies and procedures. In 2022, 100% of our employees were required to complete mandatory security awareness training. Plus, we added employee and customer awareness communication campaigns on working-from-home environments.
In addition, the cybersecurity team conducted quarterly simulated phishing exercises and social engineering tests to make sure that employees and contractors followed policies and adhered to the proper standards.
We continued our involvement with #BanksNeverAskThat, the American Bankers Association’s awareness campaign to protect customer banking information.