CVD EQUIPMENT CORP - (CVV)
10-K Filing Date: March 28, 2024
We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. We use recognized commercially reasonable measures, tools, and methodologies to manage cybersecurity risk, which are tested regularly. We also monitor and evaluate our cybersecurity posture on an ongoing basis through regular malware scans, penetration tests, and third-party reviews. Specific controls that are used to some extent include endpoint threat detection, identity and access management (IAM), privileged access management (PAM), logging and monitoring, multi-factor authentication (MFA), firewalls and intrusion detection and prevention, and vulnerability and patch management.
To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we undertake the below listed activities:
● | Monitor emerging data protection laws and implement changes to our compliance processes; | |
● | Conduct annual cybersecurity assessments for employees who use our system to evaluate training needs; | |
● | Conduct onboarding and cyber security training for all employees on an ongoing basis; | |
● | Conduct regular phishing email simulations for all employees; and | |
● | Carry cybersecurity risk insurance that protects against the potential losses from a cybersecurity incident. |
Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond to and recover from cybersecurity incidents. These include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational damage. We have an IT continuity plan that we continuously review and update in line with our evolving applications architecture.
Our Board of Directors and Audit Committee oversee our cybersecurity efforts to ensure effective governance in managing risks associated with cybersecurity threats. Our Director of Information Technology provides periodic updates to the Board of Directors and Audit Committee regarding our cybersecurity program, including status updates on various projects to enhance our overall cybersecurity posture.
We describe whether and how risks from cybersecurity threats have or are reasonably likely to affect our financial position, results of operations, and cash flows under the heading “Risk related to cybersecurity, intellectual property and regulatory compliance,” which is included as part of Item 1A. Risk Factors of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.