BRT Apartments Corp. - (BRT)

10-K Filing Date: March 14, 2024
Item 1C. Cybersecurity
Our information technology, communication networks, enterprise applications, accounting and financial reporting platforms and related systems are integral to our operations. We use these systems, among others, for internal communications, for accounting and record-keeping functions, and for many other key aspects of our business. Our operations rely on securing, collecting, storing, transmitting, and processing of proprietary and confidential data.
We have deployed various safeguards designed to protect our information technology (“IT”) systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls. At the management level, these cybersecurity defense systems are overseen by our network administrator who performs services for us on a part-time basis pursuant to the shared services agreement. Our network administrator has more than 20 years of experience with IT systems and holds various IT certifications. Our network administrator reports to, and is in regular contact with, our Senior Vice President-Finance and Senior Vice President. These officers do not have formal IT or cybersecurity training. In the event of a cybersecurity incident, among other things, the network administrator and these officers would consult with one another and, as needed or appropriate, other members of management to determine the appropriate course of action (including whether such incident should be reported to other members of management and/or the audit committee and whether public disclosure should, or is, required to be made).

Our internal auditor perform certain procedures to test the integrity and functionality of our IT systems (which includes a high-level review of our cybersecurity defenses). In addition, we have retained a third-party cybersecurity consulting firm that (i) advises us as to cybersecurity matters (including prevailing cybersecurity threats), (ii) performs, on a periodic basis, assessments of our cybersecurity defenses and (iii) on a continuous basis, monitors our IT systems for cybersecurity threats and intrusions.

We are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us. See “Item 1A. Risk Factors” in this Annual Report for additional discussion about cybersecurity-related risks.

To operate our business, we use certain third-party service providers to perform a variety of functions. We seek to engage reliable, reputable service providers that maintain cybersecurity programs and we generally rely on such providers to maintain appropriate cybersecurity practices.
At the Board level, our cybersecurity practices are overseen by the audit committee as part of its oversight of our risk management activities. The committee meets periodically with , among others, our internal auditor and network administrator to review and discuss cybersecurity matters.