2017 CORPORATE RESPONSIBILITY REPORT
SUSTAINABLE GROWTH

Cybersecurity

In an increasingly interconnected world, having insufficient cybersecurity can lead to severe legal and financial consequences. We have a responsibility to protect the security and privacy of data related to our stakeholders, including our associates, residents, tenants, and visitors. Our proactive approach to cybersecurity takes into account not only our internal level of security but also the security needs and requirements of the entities with which we interact.

We have implemented several measures to ensure an effective balance between data security and data accessibility. We require associates to complete cybersecurity training modules covering a range of threats that can occur in the workplace. Our IT department conducts regular internal and external audits and risk assessments, and monitors our network and infrastructure to identify and address potential issues before they arise. Our cross-functional Cybersecurity Governance & Risk Council is comprised of IT professionals and Forest City executives and managers. The committee assesses and prioritizes cyber risks and meets quarterly to evaluate Forest City’s performance toward reducing and managing these risks. The committee also provides quarterly cybersecurity updates to the Audit Committee of the board.

The company requires 100 percent compliance with Forest City’s IT Security Policies among our associates. We provide cybersecurity awareness training to all new hires during the onboarding process and on a regular basis to all associates throughout the year. Our goal is to ensure continual improvement in our associates’ ability to deal with cyber threats over time. We use periodic training modules to test associates’ cybersecurity awareness. Our IT department tracks the results and implements refresher training as needed. Ongoing training ensures that our associates keep cybersecurity in mind at all times.

Forest City IT monitors government and vendor threat feeds and is also an active member of the Northeast Ohio Cyber Consortium (NEOCC), a group comprised of regional business leaders and IT professionals to address and mitigate cyber threats across various industries. The group meets monthly to report recent trends and share timely information on cyberattacks, particularly at the local level. NEOCC members also discuss strategies to mitigate threats and identify best practices and lessons learned.

DEFINITION