a.	Providing employees with tools and training to minimize and report cybersecurity risks;
	b.	Monitoring databases and tools for unusual activity or suspicious login attempts;
	c.	Tracking, managing, and safely disposing of physical hardware; and
	d.	Responding to any identified threats and reporting these situations to management.

 

Cybersecurity threats could potentially result in slowed or halted business operations, such as shipping, closing sales, marketing engagement, and other communications. This would negatively impact the Company’s financial condition until the issue is resolved. Such threats could impact customers of certain programs that rely on digital resources, but a majority of our products would not be materially affected. Other threats may include the compromise of customer personally-identifiable information. We continually monitor for threats to avoid risks to Company or individuals’ data, interruptions to business operations, or financial losses.

 

No cybersecurity incidents were identified this year. One threat was identified: insecurely stored credentials. This was responded to by implementing an encrypted password manager Company-wide. We will continue to monitor for threats to avoid risks to Company or individuals’ data, interruptions to business operations, or financial losses. Information about risks or any identified cybersecurity threats are reported by our Director of Technology to our President.

 

Identified cybersecurity risks are reported to IT, where they are assessed and responded to. Any actions taken or cybersecurity incidents identified are reported to the Director of Technology. Qualifications for these individuals include prior experience, education, and/or training in cybersecurity.