PALTALK, INC. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

PALTALK, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:15:26 EDT.

Filings

10-K filed on 2024-03-15

PALTALK, INC. filed an 10-K at 2024-03-15 16:15:26 EDT
Accession Number: 0001213900-24-023064

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY In support of our commitment to cybersecurity, we employ a comprehensive strategy which is intended to protect our digital infrastructure, which strategy is supported by both management and our Board of Directors. Our Board of Directors is responsible for overseeing our risk management activities in general, and certain of our Board committees assists the Board of Directors in the role of risk oversight. The full Board of Directors receives an update on the Company s risk management process and the risk trends related to cybersecurity at least annually. At the management level, leading our efforts is a cybersecurity team that reports directly to our Senior Vice President. This team conducts manual and automated testing on our systems, with the goal of identifying vulnerabilities and proactively strengthening our defenses. We believe that embracing a multi-layered defense approach, will help us recognize and address the dynamic nature of cyber threats. By integrating diverse security measures, we aim to fortify our infrastructure against a spectrum of potential risks, adapting to the ever-evolving cybersecurity landscape. Our cybersecurity team performs tests, encompassing vulnerability assessments, penetration testing, and threat simulations. The results derived from these assessments are prioritized and integrated into the workflow of our development and operations teams to ensure that identified vulnerabilities and insights gleaned from the tests are promptly addressed. We also have an established process led by our Senior Vice President governing our assessment, response and notifications internally and externally upon the occurrence of a cybersecurity incident. Depending on the nature and severity of an incident, this process provides for escalating notification to our Chief Executive Officer and the Board of Directors. To enhance our defense mechanisms, we leverage third-party edge security tools. These tools play a crucial role in actively monitoring and mitigating potential threats to our sites and products, which we believe contributes to our security infrastructure. Our development teams also use proactive measures such as Security as Code to make sure that vulnerabilities are protected against at a deeper level, in addition to cloud-based security tools. Recognizing the pivotal role of our personnel in cybersecurity, we also conduct proactive training sessions covering essential topics such as data handling practices and email phishing awareness. These initiatives are designed to empower our workforce to serve as a human firewall, augmenting our overall security posture. Additionally, we also think about data handling from a code and infrastructure level, incorporating encryption measures in transit and at rest to safeguard both internal and customer data. We further employ a proactive backup strategy, ensuring rapid system restoration in the event of disruptions. This measure minimizes downtime and underscores our commitment to business continuity and customer service reliability. An integral part of our cybersecurity readiness is an annual external IT audit that evaluates various aspects of our cybersecurity framework. This measure ensures that our defenses align with industry best practices and facilitates continuous improvement. The results of this audit are reviewed by the audit committee of the Board of Directors, allowing such committee to assist in and make recommendations on our management s cybersecurity controls. We face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. To date, we have not experienced any cyber incidents that have had an adverse material effect on our business, financial condition, results of operations, or cash flows. See Risk Factors Risks Related to Our Business Security breaches, computer viruses and cybersecurity incidents could harm our business, results of operations or financial condition. 25

Company Information