Professional Diversity Network, Inc. - (IPDN)

10-K Filing Date: March 29, 2024
ITEM 1C - CYBERSECURITY

 

Cybersecurity Risk Management and Strategy

 

We face various cyber risks, including, but not limited to, risks related to unauthorized access, misuse, data theft, computer viruses, system disruptions, ransomware, malicious software and other intrusions. We utilize a multilayered, proactive approach, as part of our overall risk mitigation strategy, to identify, evaluate, mitigate and prevent potential cyber and information security threats through our cybersecurity risk management efforts. Our management team engages certain outside advisors and consultants to assist in the identification, evaluation, and management of cybersecurity risks and controls. To oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we maintain third-party risk management efforts designed to help protect against the misuse of information technology and security breaches. We also maintain cyber insurance coverage; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyberattacks and other related breaches.

 

Our RemoteMore segment relies heavily on remote working with its customers and poses additional risks because contractors typically use their own devices in their work. RemoteMore has a number of policies in place to address these risks, including physical and electronic security measures, mandatory antivirus and antimalware software, multifactor authentication, a “principle of least privilege” policy that limits access only to what is needed for performing the employee’s work tasks, and other measures

 

We have not, to date, identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of our operations, or financial condition.

 

Cybersecurity Governance and Oversight

 

Management is responsible for the cybersecurity risk management program as well as actions to identify, assess, mitigate, and remediate material issues. The Company’s cybersecurity risk management program is supervised by our Chief Technology Officer (CTO), who reports directly to the Company’s Chief Executive Officer. The CTO and his team are responsible for leading cybersecurity strategy, policy, standards, architecture and processes.

 

The Audit Committee of the Board of Directors is charged with oversight of cybersecurity matters and receives reports from the CTO on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, and the emerging threat landscape. In accordance with our cyber incident response plan, the Audit Committee is promptly informed by management of cybersecurity incidents with the potential to materially adversely affect the Company or its information systems and is regularly updated about incidents with lesser impact potential. At least annually, the Board reviews and discusses the Company’s technology strategy in combination with the Company’s strategic objectives with Executive Management.

 

In an effort to detect and defend against cyber threats, the Company annually provides its employees with various cybersecurity and data protection training programs. These programs cover timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents promptly.