Electro-Sensors recognizes the critical importance of cybersecurity in safeguarding sensitive information, protecting our stakeholders, and maintaining customer trust.  Our approach to managing cybersecurity risks includes implementing and overseeing governance practices and policies, periodic risk assessment, an incident response plan, ongoing training and awareness programs, and a commitment to continuous improvement.

Electro-Sensors’ information security is managed by our President and managers within the company.  They are collectively responsible for cybersecurity strategy, policy, standards, and processes.  Our Board of Directors rely on management to bring significant cybersecurity matters impacting the Company to its attention, including with respect to material risks from cybersecurity threats. The Board is informed of cybersecurity matters on a quarterly basis and more often, as required.

A reputable firm for managed IT services provides managed IT services to Electro-Sensors. Services provided include managed device and network monitoring, patch management, security services including endpoint security and firewall management, secure email gateway and antispam, backup and recovery services, and 24/7 managed support. The Company's external network access and email are secured with Multi-Factor Authentication. All access control requests are documented and executed by trained, authorized personnel. Recovery data is kept offsite, and credentials are not kept within the client network. All security solutions managed by the managed service provider send critical alerts to an external ticketing system, and all critical alerts are responded to by trained personnel.

In the event of a cybersecurity incident, we have an incident response plan in place.  This plan includes detection, response, and communication with stakeholders.  Incident response is supported by appropriate third-party experts to address, assess, and respond to the event. The plan calls for mobilization of a response team including both internal and external resources as well as communication protocols so that event information is shared on a timely basis.  We are committed to providing timely and accurate information to our stakeholders in the event of a breach.

As of the date of this report, we are not aware of any breach events or cybersecurity threats that could materially affect or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition.  However, any future potential risks from cybersecurity threats, including but not limited to exploitation of vulnerabilities, ransomware, denial of service, supply chain attacks, or other similar threats may materially affect us, including our execution of business strategy, reputation, results of operations and/or financial condition.