Stran & Company, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Stran & Company, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:48:07 EDT.

Filings

10-K filed on 2024-03-28

Stran & Company, Inc. filed an 10-K at 2024-03-28 16:48:07 EDT
Accession Number: 0001213900-24-027282

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We have developed the following processes as part of our strategy for assessing, identifying, and managing material risks from cybersecurity threats. Managing Material Risks & Integrated Overall Risk Management Information technology is important to our business operations and we are committed to protecting the privacy, security and integrity of our data, as well as our employee and customer data. This program is integrated into the Company s overall enterprise risk management process. We monitor and update our information technology networks and infrastructure to prevent, detect, address and mitigate risks associated with unauthorized access, misuse, computer viruses and other events that could have a security impact. Additionally, to protect and secure sensitive data such as customer information, we employ multi-factor authentication, a suite of security tools, systems monitoring and alerting, audit logs, and controls across our major systems, corporate devices, and business processes. Our cybersecurity process is designed to assess, identify, prevent, and manage cybersecurity risks and threats, as well as identify, contain and respond to cybersecurity incidents. This process includes a variety of activities, such as company-wide security awareness training, including regular phishing simulations, acceptable use training, self-assessments, and other targeted training throughout the year as appropriate. These cybersecurity trainings provide employees the opportunity to gain an understanding of the various forms of cybersecurity incidents and enable our employees to handle and report any suspicious activity or threat. To date, our approach to cybersecurity has been effective in protecting the confidentiality, integrity, and availability of our information however, we cannot guarantee that its efforts will be successful in preventing all cybersecurity incidents. Further, we currently maintain a cyber insurance policy that provides coverage for security breaches however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches. Engaging Third-parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we leverage the expertise of a managed service provider, and when warranted will engage with independent third parties in evaluating and testing our risk management systems. These service providers enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies meet generally accepted industry best practices. Our Chief Information Officer also performs ongoing review of current practices to further ensure cybersecurity. Overseeing Third-Party Risk Because we are aware of the risks associated with third-party service providers, we implement processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes regular assessments by our Chief Information Officer. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance Board of Directors Oversight Our board of directors oversees the management of risks associated with cybersecurity threats. 36 Management s Role Managing Risk The Company s Chief Information Officer is primarily responsible for assessing, monitoring and managing our cybersecurity risks. The Chief Information Officer must ensure that all industry standard cybersecurity measures are functioning as required to prevent or detect cybersecurity threats and related risks. The Chief Information Officer provides briefings on cybersecurity threats and related risks to the Chief Executive Officer on a regular basis. Our Chief Information Officer has had responsibility over cybersecurity, data privacy and classification, incident response, disaster recovery, and business continuity in a number of positions in the field of information technology. The Chief Information Officer oversees and tests our compliance with standards, remediates known risks, and leads our employee training program. Monitoring Cybersecurity Incidents The Chief Information Officer is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. The Chief Information Officer implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of industry-standard security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Chief Information Officer will implement an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Reporting to Board of Directors Significant cybersecurity matters, and strategic risk management decisions, will be escalated to the board of directors. ITEM 2. PROPERTIES. We are headquartered in Quincy, Massachusetts, where we occupy approximately 10,000 square feet of office space pursuant to a lease agreement, as amended, that will terminate on May 31, 2025. Our management team, client service team, marketing, operations, and sales team are all primarily based in this office. Our monthly rent for this facility was $24,521 from June 2020 to May 2021, $25,178 from June 2021 to May 2022, $25,835 from June 2022 to May 2023, and will be $26,491 from June 2023 to May 2024 and $27,148 from June 2024 to May 2025. We may also be required to pay certain taxes and expenses to the landlord under the lease agreement. The foregoing description of the lease agreement and amendment to the lease agreement is qualified in its entirety by reference to the full text of such agreements which are filed as Exhibit 10.3 and Exhibit 10.4 to this Annual Report, respectively, and which are incorporated herein by reference. Under a lease agreement dated May 31, 2023 (the Miller Lease Agreement ) with Miller Family Walpole LLC, as landlord (the Miller Landlord ), for a warehouse facility in Walpole, Massachusetts, we will pay base rent of $179,550.00 in the first year of the lease and an increase of 2% per annum in each subsequent year. We may extend the term for an additional five years upon the same base rent terms upon 12 months notice. We will be responsible for all property and other taxes and expenses related to the facility except for maintenance of certain structural elements. The initial lease term commenced on June 1, 2023 and terminates on May 31, 2028. We may assign our rights to the lease and property at the facility as collateral to a lender. The Miller Landlord is also required to execute a landlord lien waiver and collateral access agreement upon request. The Miller Lease Agreement contains provisions for minimum insurance, mutual indemnification from certain claims relating to the Miller Lease Agreement, and customary default and related termination and remedy provisions. The foregoing description of the Miller Lease Agreement is qualified in its entirety by reference to the full text of the agreement, a copy of which is filed as Exhibit 10.37 to this Annual Report. We also lease satellite office space in Warsaw, Indiana Mt. Pleasant, South Carolina Walpole, Massachusetts and Tomball, Texas. Our aggregate rent payments for these facilities is $204,615 per year. Our employees also work remotely from 20 additional locations around the United States using other facilities. We believe that all our properties have been adequately maintained, are generally in good condition, and are suitable and adequate for our businesses. ITEM 3. LEGAL PROCEEDINGS. From time to time, we may become involved in various lawsuits and legal proceedings which arise in the ordinary course of business. However, litigation is subject to inherent uncertainties, and an adverse result in these or other matters may arise from time to time that may harm our business. We are not currently aware of any such legal proceedings or claims that we believe will have a material adverse effect on our business, financial condition or operating results. ITEM 4. MINE SAFETY DISCLOSURES. Not applicable. 37 PART II ITEM 5. MARKET FOR REGISTRANT S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES. Market Information Our common stock and publicly-traded warrants were listed and began trading on the Nasdaq Capital Market on November 9, 2021, under the symbols STRN and STRNW, respectively. On December 16, 2022, the ticker symbols for the common stock and publicly-traded warrants were changed to SWAG and SWAGW, respectively. Prior to the listing, there was no public market for our common stock and publicly-traded warrants. Number of Holders of Our Common Stock As of March 28, 2024, there were approximately 66 holders of record of our common stock, which does not include holders whose shares are held in nominee or street name accounts through banks, brokers or other financial institutions. Securities Authorized for Issuance Under Equity Compensation Plans The information required by this Item regarding equity compensation plans is incorporated by reference to the information set forth in Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Securities Authorized for Issuance Under Equity Compensation Plans . Dividend Policy We have never declared or paid cash dividends on our common stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any cash dividends on our common stock in the near future. We may also enter into credit agreements or other borrowing arrangements in the future that will restrict our ability to declare or pay cash dividends on our common stock. Any future determination to declare dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, capital requirements, contractual restrictions, general business conditions and other factors that our board of directors may deem relevant. See also Item 1A. Risk Factors Risks Related to Our Common Stock and Publicly-Traded Warrants We do not expect to declare or pay dividends in the foreseeable future . Recent Sales of Unregistered Securities We did not sell any equity securities during the 2023 fiscal year that were not previously disclosed in a Quarterly Report on Form 10-Q or a Current Report on Form 8-K that was filed during the 2023 fiscal year . 38 Purchases of Equity Securities The following table provides information about our repurchases of common stock during the three months ended December 31, 2023: Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs (1) Maximum Approximate Dollar Value of Shares that May Yet be Purchased Under the Plans or Programs (1) October 1, 2023 October 31, 2023 - $ - 1,797,159 $ 6,643,289 November 1, 2023 November 30, 2023 4,505 $ 1.31 1,801,664 $ 6,637,399 December 1, 2023 December 31, 2023 13,502 $ 1.47 1,815,166 $ 6,617,594 (1) For a description of the Company s stock repurchase program, see

Company Information