HIW CRR 2023 v8 - Flipbook - Page 44
CYBERSECURIT Y
At Highwoods, cybersecurity is an integral part
of our enterprise risk management program. We
strive to continually improve our digital risk posture
and mitigate the risk of security compromises or
breaches. To this end, we have implemented a
robust cybersecurity risk mitigation program
that is designed to protect sensitive information
and defend against cyber threats. This program
is championed by a steering committee led by our
Chief Information Officer and overseen by our senior
leadership team and Board of Directors. The Steering
Committee is responsible for assessing and managing
material risks from cybersecurity threats from our own
information technology networks and systems we use
that are owned by third-party service providers.
Our cybersecurity program contains multiple layers
of defense, including strong access control, regular
patching and updates of software and systems,
continuous monitoring of potential vulnerabilities
and threats and on-going employee training on
cyber security best practices. As part of our business
continuity plan, we have developed a cyber
incident response plan that includes a process for
detecting and responding to cybersecurity incidents,
determining their scope and risk, developing an
appropriate response to mitigate and remediate
the incident, communicating effectively to all
stakeholders and participants and reducing the
likelihood of similar future incidents.
As part of our overall enterprise risk management
process and to better evaluate our cybersecurity
risks, we perform periodic business impact analyses
by leveraging our annual company-wide enterprise
risk management assessment to understand the
relationship between our critical business operations
and our information technology systems. We partner
with a third-party service provider to assist us on
a real-time basis with detecting advanced threats,
streamline and collaborate on investigations and
recommend actions to further strengthen our
systems and, if and when necessary, respond to
incidents. Additionally, we maintain a cyber risk
insurance policy designed to help us mitigate risk
exposure by offsetting costs involved with recovery
and remediation after a cybersecurity breach or
similar event.
part of this program, we also take reasonable steps to
ensure any employee who may come into possession
of confidential financial or health information has
received appropriate cybersecurity awareness training
and, if applicable, payment card industry training.
We conduct quarterly cybersecurity training to ensure
all coworkers are aware of cybersecurity risks and to
enable them to take steps to mitigate such risks. As
A key element of our program focuses on not only
preventing potential breaches, but the timely
detection, response and recovery of critical data.
Meeting and exceeding regulatory requirements, our
cyber security program is comprehensive, adaptive
and is continually evolving to keep pace with the
changing threat landscape.
TWO-FACTOR
AUTHENTICATION
SECURED
PAYMENT
DATA
PROTECTION
CYBERSECURITY
TRAINING
SOFTWARE
UPDATES
VIRTUAL PRIVATE
NETWORK
44
