NSTS Bancorp, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

NSTS Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:18:35 EDT.

Filings

10-K filed on 2024-03-28

NSTS Bancorp, Inc. filed an 10-K at 2024-03-28 16:18:35 EDT
Accession Number: 0001437749-24-009830

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity NSTS Bancorp, Inc. relies extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking, and accounting systems, use their own information systems and electronic resources. Any of these systems can be compromised, including through the employees, customers, and other individuals who are authorized to use them, and bad actors who use a sophisticated and constantly evolving set of software, tools, and strategies to do so. Moreover, the nature of our business, as a financial services provider, make us and our business partners high-value targets for these bad actors to pursue. Accordingly, we have devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, including: internal regular assessments of our information systems, existing controls, vulnerabilities and potential improvements continuous monitoring tools that can detect and help respond to cybersecurity threats in real-time performing due diligence with respect to our third-party service providers, including their cybersecurity practices, and requiring contractual commitments from our service providers to take certain cybersecurity measures third-party cybersecurity consultants, who conduct periodic penetration testing, vulnerability assessments and other procedures to identify potential weaknesses in our systems and processes and periodic cybersecurity training for our workforce. This information security program is a key part of our overall risk management system, which is administered by our AVP Information Technology. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across the Bank and each of its locations. The AVP Information Technology reports directly to the Board of Directors on a quarterly, or more frequently if necessary, basis. We face a number of cybersecurity risks in connection with our business. From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business, results of operations, and financial condition. 27 Table of Contents

Company Information