MAYS J W INC 10-K Cybersecurity GRC - 2024-10-24

Page last updated on October 24, 2024

MAYS J W INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-24 08:00:33 EDT.

Filings

10-K filed on 2024-10-24

MAYS J W INC filed a 10-K at 2024-10-24 08:00:33 EDT
Accession Number: 0001206774-24-000954

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, hardware, software, third-party hosted services, and data. We rely on third-party service providers to help manage our information systems, including network security service providers with experienced information technology professionals. We also work with third parties to identify, assess, and manage actual and perceived cybersecurity threats and risks, and we evaluate cybersecurity risk as part of our overall risk management strategy. With the assistance of these third-party service providers, we implement and maintain various technical, physical, and administrative controls and processes to manage and mitigate material risks from cybersecurity threats to our information systems. This includes procedures for incident detection and response, network security controls, access controls, physical security, systems monitoring, and backup and recovery procedures. Our operations rely on third-party service providers and software programs. For instance, our accounting and financial reporting-related systems use software obtained from third-party service providers, and these systems are necessary for the efficient and consistent operation of our business. We use these systems to communicate with tenants, banks, vendors, and others, and to manage our accounting, financial reporting, and for other recordkeeping purposes. We, thus, maintain a process to identify and evaluate cybersecurity risks and incidents associated with key third-party providers. When utilizing third-party software for key services, we seek to engage those that are reliable, reputable, and maintain cybersecurity controls. To address risks associated with third-party providers for critical services, we review available audit reports of controls from such providers to assess and manage any identified risks. Notwithstanding the effort we place on cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats or incidents which have materially affected or are likely to materially affect our Company, results of operations, or financial condition. Governance Our Board of Directors maintains oversight responsibility of risks from cybersecurity threats. This oversight is facilitated primarily through the Audit Committee (the “Committee”), which is responsible for oversight of our information system risk, including cybersecurity threats. The Committee oversees the risk management program designed to implement adequate controls to mitigate cybersecurity risks. The Committee receives periodic updates from management on potential risks, threats, and controls to mitigate identified risks. The Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. The full Board of Directors also receives briefings from management on the cybersecurity risk management program as needed. Our management, represented by our Chief Financial Officer, Ward Lyke, provides leadership for implementation and maintenance of our cybersecurity risk management processes. Mr. Lyke has served as Vice President, Chief Financial Officer, and Treasurer since January 2024, and as an Executive Vice President and Officer of the Company since 1984, including as Assistant Treasurer since 2003. Mr. Lyke currently manages key functions for the Company’s accounting, finance, and treasury strategies, including risk management. In addition, Mr. Lyke oversees the Company’s managed IT solutions service provider which includes, among other services: 1. Business continuity - Managed data backup utilizing best practices including cloud based disaster recovery, 2. Multi-vector security protection - Real-time protection against security threats across email, browsers, files, and infrastructure resources, 3. Patch management - Patching for Windows and certain third party application updates, 4. Infrastructure monitoring - 24x7 monitoring, alerting and maintenance of various office and cloud systems. Mr. Lyke is notified real time by the managed service provider for matters requiring immediate attention. Mr. Lyke also reviews a standardized monthly report with key IT systems data and statistics, including red flags requiring resolution, if any. Management reports serious cybersecurity incidents to the Committee and our Board.

Company Information