NATURAL HEALTH TRENDS CORP 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

NATURAL HEALTH TRENDS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 12:00:35 EST.

Filings

10-K filed on 2024-02-28

NATURAL HEALTH TRENDS CORP filed an 10-K at 2024-02-28 12:00:35 EST
Accession Number: 0001437749-24-005850

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Governance Our Vice President of Strategic Initiatives and Chief Financial Officer oversee our cybersecurity risk management program described in Risk Management and Strategy below. While the Board of Directors has overall responsibility for risk oversight, it is supported in this regard by the Audit Committee, including with respect to cybersecurity matters. The Audit Committee assists the Board of Directors in monitoring cybersecurity risk by receiving as needed updates from and engaging in discussions with the Vice President of Strategic Initiatives and the Chief Financial Officer, that cover, among other things, our cybersecurity risk management program, response readiness and training efforts. The Audit Committee updates the full Board of Directors on cybersecurity matters as appropriate. Risk Management and Strategy Our business is dependent upon our computer systems, devices and networks to collect, process and store the data necessary to conduct almost all aspects of our business. We maintain a cybersecurity risk management program, which includes internal and external human resources, processes, controls and technology designed to identify, protect, detect, respond to and manage reasonably foreseeable cybersecurity risks and threats. To safeguard our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner at a network and user end point level. These include, but are not limited to, internal reporting, monitoring and detection tools. We engage various third-party vendors to provide these security services, including providing timely cybersecurity threat alerts in addition to monitoring cybersecurity threats and our defenses against cyberattacks. This monitoring includes the proactive identification of vulnerabilities in our systems with threat intelligence. In addition, we engage a third-party vendor to perform penetration testing at least annually and our IT team also performs simulations and response readiness tests on an annual basis. Our incident response plan sets forth our response protocol to coordinate the activities that we take to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal and reporting obligations and mitigate brand and reputational damage. We have adopted an IT Policies and Procedures Policy that requires all employees to acknowledge on an annual basis their responsibilities in abiding with company policies regarding safeguard our network environment. In addition, all employees receive cybersecurity training upon hire with at least annual training on best practices, social engineering threats and cybersecurity risks. We continuously monitor our computer systems, devices and networks, and work to improve our safeguards against regular and continually evolving cyber and other security threats. To date, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. However, notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident in the future that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For further information about the cybersecurity risks we face, see Item 1A. Risk Factors System disruptions or failures, cybersecurity risks, and compromises of data, or the failure to comply with related laws and regulations, could harm our business.

Company Information