BBX Capital, Inc. - (BBXIA)

10-K Filing Date: March 15, 2024
ITEM 1C. CYBERSECURITY

 

 

 

The goal of the Company’s cybersecurity risk management strategy is to mitigate cybersecurity risks. Cybersecurity risks include the potential misappropriation of assets or confidential information, corruption of data, disruptions to operations, or regulatory developments that could materially impact the Company's privacy and cybersecurity risk exposure, and any threat that could have a material impact to the Company’s business, reputation, results of operations and financial condition To this end, management has implemented processes which seek to identify, assess, and manage material cybersecurity risks, and which include (i) monitoring of cybersecurity threats in the current environment, (ii) training employees on a regular basis in cybersecurity prevention, including social engineering and phishing techniques used by hackers, (iii) requiring multifactor authentication to access the Company’s networks, (iv) updating applications on an on-going basis to patch or remediate security vulnerabilities, and (v) the encryption of confidential data and critical servers. The Company has in-place security information and event management tools for the purpose of detecting, analyzing, and responding to security threats in an effort to prevent or reduce potential harm to business operations. These tools include: (i) antivirus applications to detect threats, (ii) end point detection and response applications to record and store on-line user behavior for the purpose of detecting, investigating, and blocking suspicious activities, and (iii) third party monitoring applications. The Company has also adopted a network segmentation strategy intended to divide networks into smaller parts to improve security and efficiency, and the Company also maintains redundant back-up copies of its networks that are stored in multiple locations, including cloud-based backups that are performed daily. Further, on an annual basis, the Company hires a consultant to perform penetration tests against the Company's security infrastructure with the goal of identifying security vulnerabilities and making recommendations for security improvements. The Company also has business continuity and incident response programs in place to respond to and mitigate cybersecurity attacks. The Company conducts periodic exercises in an effort to improve its cybersecurity business continuity and incident response plans and updates the plans if new threats are identified or ongoing reviews of the plans suggest an update is needed.

 

During the period covered by this report, the Company has not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition.

 

The Company's Board of Directors is responsible for the oversight of management’s efforts to address cybersecurity risks. The Board of Directors has designated the Audit Committee with the responsibility of overseeing and reporting to the Board on management's handling of cybersecurity risk management and on the adequacy and effectiveness of the Company’s cybersecurity risk management strategy. Management also updates the Board on an on-going basis concerning any significant cybersecurity incidents or risk exposures that have come to management’s attention during the conduct of their assessments, the steps management has taken to mitigate such exposures, and any changes to the processes of identifying, assessing, and monitoring cybersecurity threats. The Company’s information security team is led by Dustin Woods, who has over 10 years of experience managing risks and advising on cybersecurity matters.