mBank places a very strong emphasis on security of IT systems and data based on adequate organisational and technical solutions. We promote cybersecurity among our employees.
E-learning and in-class training raises employees’ awareness and knowledge of cybersecurity. We run educational campaigns for clients and offer emergency support services provided by our company Cyber Rescue.
We work to mitigate cyber risks. As a leader of digital banking solutions, we use adequate, state-of-the-art security monitoring systems from renowned vendors. We counteract new types of cyberattacks. Advanced technology works hand in hand with competent people. For instance, the mBank Security Department includes a Security Operations Center (SOC). Employees and clients may report all cybersecurity matters to the SOC, including identified incidents, attempted attacks, infections, and suspicious transactions. SOC operates 24/7/365. Clients can contact the SOC by email at alert@mbank.pl.
We have also set up a dedicated team mBank CERT, a quick-response team reacting in the case of breach of cybersecurity, associated and co-operating with other teams of this type all over the world as a member of an organisation Trusted Introducer. mBank CERT holds the Accredited maturity status.
We have developed the mBank Cybersecurity Policy to ensure high resilience to cyber risks. It is a part of the mBank S.A. Information Security Policy.
According to the Policy:
- We align the required cybersecurity levels with our innovative business;
- We secure resources necessary for security processes and implement new cybersecurity measures;
- We identify legal requirements concerning security;
- We raise the cybersecurity awareness of employees and clients;
- We manage events through early detection, reaction, lessons learned, and risk assessment;
- We manage suppliers and work with business partners;
- We regularly develop and improve our expertise.
It is our priority to protect the security of information. The relevant framework is laid down in mBank’s Information Security Policy, which defines the objectives and measures necessary to protect confidentiality, integrity, accessibility, and authenticity of processed information and to ensure business continuity of services provided to clients. All employees of mBank work to implement the Policy by ensuring accessibility of services while protecting interests of mBank and its clients.
In 2020, we continued to focus on cyber security of our clients and their services as well as employees and internal systems they use. With the outbreak of the COVID-19 pandemic, many institutions have been forced to switch from traditional office work to remote work. mBank promptly enabled a “home office” working system of nearly all employees while protecting the necessary security of implemented solutions. The new work format and the resulting restructuring of the architecture of IT solutions necessitated far-reaching measures in many areas including formal risk rating, appropriate mitigating mechanisms and their review in practical security tests. With active participation of our cybersecurity team, we soon added new services offered to online banking clients. Introduction of new services for clients in remote mode required additional security audits and tests.