CORP CRR 2024 8.5x11 v10 - Flipbook - Page 61
CYBERSECURITY
At Highwoods, cybersecurity is an integral part of our
enterprise risk management program. We strive to continually
strengthen our digital risk posture and mitigate the risk of
security compromises or breaches. To this end, we have
implemented a robust cybersecurity risk mitigation program
that is designed to protect sensitive information and defend
against cyber threats. This program is championed by a
steering committee led by our Chief Information Officer and
overseen by our senior leadership team and Board of Directors.
The Steering Committee is responsible for assessing and
managing material risks from cybersecurity threats to our own
information technology networks and systems we use that are
owned by third-party service providers.
Our cybersecurity program contains multiple layers of
defense, including strong access control, regular patching
and updates of software and systems, continuous monitoring
of potential vulnerabilities and threats and on-going
coworker training on cyber security best practices. As part
of our business continuity plan, we have developed a cyber
incident response plan that includes a process for detecting
and responding to cybersecurity incidents, determining
their scope and risk, developing an appropriate response
to mitigate and remediate the incident, communicating
effectively to all stakeholders and participants and reducing
the likelihood of similar future incidents.
As part of our overall enterprise risk management process and
to better evaluate our cybersecurity risks, we perform periodic
business impact analyses by leveraging our annual companywide enterprise risk management assessment to understand
the relationship between our critical business operations and
our information technology systems. We partner with a thirdparty service provider to assist us on a real-time basis with
detecting advanced threats, streamline and collaborate on
investigations and recommend actions to further strengthen
our systems and, if and when necessary, respond to incidents.
Additionally, we maintain a cyber risk insurance policy
designed to help us mitigate risk exposure by offsetting costs
involved with recovery and remediation after a cybersecurity
breach or similar event.
We conduct quarterly cybersecurity training to ensure all
coworkers are aware of cybersecurity risks and to enable them
to take steps to mitigate such risks. As part of this program,
we also take reasonable steps to ensure any coworker who
may come into possession of confidential financial or health
information has received appropriate cybersecurity awareness
training and, if applicable, payment card industry training.
A key element of our program focuses on not only preventing
potential breaches, but the timely detection, response and
recovery of critical data. Meeting and exceeding regulatory
requirements, our cyber security program is comprehensive,
adaptive and is continually evolving to keep pace with the
changing threat landscape.
TWO-FACTOR
AUTHENTICATION
SECURED
PAYMENT
DATA
PROTECTION
CYBERSECURITY
TRAINING
SOFTWARE
UPDATES
VIRTUAL PRIVATE
NETWORK
61
