FULLNET COMMUNICATIONS INC 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

FULLNET COMMUNICATIONS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 11:25:10 EDT.

Filings

10-K filed on 2024-04-01

FULLNET COMMUNICATIONS INC filed an 10-K at 2024-04-01 11:25:10 EDT
Accession Number: 0001376474-24-000151

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Risks from Cybersecurity Threats. Information relating to risks from cybersecurity threats is included in this report in Item 1A under the caption Cybersecurity breaches or a failure in our mass notification service operations could disrupt our business . 11 We manage and oversee a cybersecurity risk program designed to evaluate potential threats, vulnerabilities, and the potential impact on our operations, data, and shareholders. This program undergoes regular reviews and updates to address emerging risks. We utilize a three-step process to effectively manage cybersecurity risks: Identify. We establish an understanding of our critical operational assets and those that could be attractive to potential threat actors. We consider any cyber activity that could diminish an asset s value, hinder our ability to use or access the asset, or covertly allow a threat actor to gain access to an asset as a potential risk. Assess. We evaluate the exposure of our assets to identified cyber risks and the potential impacts on our operations or reputation if we were unable to access or utilize an asset or realize its value, or if a threat actor gained access to an asset or its value. We also assess the potential materiality of these risks based on their potential impact on our operations or reputation. Manage. We apply a multi-layered defense strategy to maintain our ability to access or utilize an asset or its value and prevent threat actors from gaining or increasing their access to an asset or its value. We prioritize our defensive mechanisms, including administrative, procedural, and technical controls, based on their cost-effectiveness and their ability to reduce risk. We maintain policies and procedures to oversee and identify cybersecurity risks associated with our third-party service providers, especially those with access to customer and employee data. Our selection and oversight of these providers incorporate cybersecurity considerations, including contractual and other mechanisms to mitigate and continually monitor risks. We undertake proactive activities to prevent, detect, and minimize the impact of cybersecurity incidents. We maintain an incident response plan to respond to breaches and minimize disruption to our operations swiftly. To bolster the incident response process, we have business continuity, contingency, and recovery plans to ensure operational resilience during a cybersecurity incident. Cybersecurity threats and risks have not materially affected, or are not reasonably likely to materially affect, our business strategy, results of operations, or financial condition. We have not, as of the date of this filing, experienced a cybersecurity breach that has materially affected our business or financial condition. However, because our business involves the collection, transmission, and storage of certain customer and employee data, it is possible that we could be susceptible to various cybersecurity threats, including cyberattacks, unauthorized access, and similar events. We are committed to the ongoing identification and management of cybersecurity risks as part of our business strategy, financial planning, and capital allocation. We strive to incorporate cybersecurity considerations into all aspects of our operations. As the cybersecurity landscape evolves, so does our strategy to identify and mitigate these risks. We continuously work towards enhancing our processes to ensure an effective cybersecurity posture. Board of Directors and Management Governance Board of Directors Oversight. We recognize the critical importance of cybersecurity and data protection and understand the potential harm to our business from cybersecurity incidents. Accordingly, we place a high priority on mitigating risks associated with cybersecurity threats and any cybersecurity incidents. Our management maintains primary responsibility for our risk management, including cybersecurity risks. Our Board of Directors is responsible for the oversight of risks associated with cybersecurity threats. Our Board of Directors is responsible for reviewing management s assessment of our information technology process framework and practices and the controls implemented to monitor and mitigate information technology risks. In addition, as part of our Board of Directors regular meetings, the Board receives reports and briefings from our cybersecurity team. Those reports and briefings include management s review of emerging cybersecurity developments and threats, our risk relating to cybersecurity, and our strategy to mitigate data protection and 12 cybersecurity risks. Our Board of Directors has the authority to obtain advice and input from external cybersecurity resources to assist in its oversight functions. Management s Role. Our management team is actively engaged in assessing and managing material risks from cybersecurity threats. We have established a robust framework for identifying, evaluating, and mitigating these risks. Responsibility for Cybersecurity Risks . Our cybersecurity team has developed expertise in cybersecurity, compliance, enterprise architecture and design, data analytics, digital transformation, and customer service through years of experience in the information technology space. This cross-functional cybersecurity team includes experts in various aspects of information security. These individuals are responsible for the day-to-day implementation of our cybersecurity program. Additionally, the cybersecurity management team regularly consults with additional resources, to include attorneys, accountants, human resources personnel, and other information technology specialists, to determine materiality for cybersecurity related risks and incidents. There is an established incident response plan that clearly identifies escalation measures based on the impact to our organization. Processes for Monitoring and Mitigating Risks and Incidents. We employ a comprehensive set of processes to monitor and mitigate cybersecurity risks. These processes include: Continuous monitoring of network traffic and systems for signs of potential threats. Implementation of cybersecurity measures, such as firewalls, intrusion detection systems and data encryption. Employee training and awareness programs to educate staff about cybersecurity best practices. Incident response plans to ensure swift and effective responses to cybersecurity incidents. Software and Vendor Risk Assessments. Vulnerability management solution to prioritize patches based on risk. Privileged account management solutions for administrative access. These processes are designed to prevent cybersecurity incidents, but they also allow us to quickly detect and respond to incidents if they do occur. They are regularly reviewed and updated to adapt to evolving cybersecurity threats. Reporting to the Board. As noted above, our cybersecurity team provides regular updates and reports to our Board of Directors on cybersecurity risks as well as a review of the processes described above.

Company Information