LANTRONIX INC 10-K Cybersecurity GRC - 2024-09-09

Page last updated on September 9, 2024

LANTRONIX INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-09 16:54:37 EDT.

Filings

10-K filed on 2024-09-09

LANTRONIX INC filed a 10-K at 2024-09-09 16:54:37 EDT
Accession Number: 0001683168-24-006264

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. 22 We leverage guidance from the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”), which provides an outline of enterprise security processes and controls, to inform the design and assessment of our cybersecurity risk management program. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. As part of our risk management process, we may engage third-party experts to help identify and assess risks from cybersecurity threats. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers. Our cybersecurity risk management program includes: · risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services and our broader IT environment; · evaluations of our readiness to assess, respond and, as applicable, recover from potential cybersecurity incidents; · periodic tabletop exercises to simulate a response to a cybersecurity incident and use the findings to improve our processes, technologies and incident response plan; · the use of external service providers, where appropriate, to assess, test, or otherwise assist with the aspects of our security controls; · cybersecurity training to educate our employees, consultants and other users about their individual responsibilities regarding our IT systems and data; · weekly briefings on cybersecurity incidents, threats, and related matters; · a third-party risk management process for service providers, suppliers and vendors who have access to our critical systems and information; and · cybersecurity risk insurance that provides protection against certain potential costs and losses arising from a cybersecurity incident. As of the date of this report, we do not believe that known risks from cybersecurity threats, including as a result of any previous cybersecurity incidents that we are aware of, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, we can give no assurance that we have detected or protected against all such cybersecurity incidents or threats or that we will not experience such an incident in the future. Further details about the cybersecurity risks we face are described under the heading " Risks Related to Technology, Cybersecurity and Intellectual Property, " included as part of our risk factor disclosures in Part I, Item 1A of this Report, which disclosures are incorporated by reference herein. Governance The Board is responsible for the oversight of risks from cybersecurity threats. Our Board oversees management’s implementation of our cybersecurity risk management program. On a quarterly basis, and more frequently as needed, our Board receives updates from our senior management concerning, among other relevant information, the status of our cybersecurity initiatives to strengthen our cybersecurity risk management and are apprised, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. While the Board reviews and oversees the Company’s information security efforts, our executive officers, including our Chief Financial Officer, Vice President of Business Operations, and Vice President of Business Affairs are responsible for the day-to-day management of cybersecurity risk and the design and implementation of policies, processes and procedures to identify and mitigate this risk. Our Director of IT, in coordination with the executive officers named above, is responsible for assessing and managing material risks from cybersecurity threats, as well as managing and responding to material cybersecurity incidents if any occur. Our Director of IT has over 27 years of experience in various information technology roles, which includes over 10 years of management of cybersecurity matters. 23 Our Director of IT provides weekly briefings to the Chief Financial Officer, Vice President of Business Operations, Vice President of Business Affairs and other members of our cross-functional incident response team. The weekly briefings are focused on our cybersecurity risks and activities, including cybersecurity incidents and responses, cybersecurity systems testing, third-party activities and related topics. In the event threats and incidents are identified as potentially significant, the Chief Financial Officer, Vice President of Business Operations or Vice President of Business Affairs will promptly report to our Board.

Company Information