The Data Divide
With the holiday season upon us, there is no better time for a discussion of cyber security. According to the National Retail Federation, consumers are forecasted to increase online spending by seven to 10 percent, or as much as $117 billion for the months of November and December.
In recent years, news stories have abounded detailing data breaches by large retailers, government agencies and health care providers. It is a fact of modern life that more of us are spending more of our waking time online. In addition to the increased amount of time we spend online for school, work and entertainment, the number of devices in our daily life which connect to the internet have, and will likely continue to increase. This increase in online activity has created new opportunities for cyber criminals and identity thieves.
With all of this technology at our fingertips, there is increased pressure on consumers and businesses alike to protect data. Cybersecurity is big business, namely because cyber crime is big business. Your personal and financial data has value not only to you but also to would be cyber criminals filling inboxes with virus-laden emails. While it is not likely that many of us will unplug and give up the efficiency and convenience technology has brought us, being savvy consumers of technology will provide an added layer of protection.
Over the past several years, Missoula Electric Cooperative (MEC) has implemented numerous new technologies to increase efficiency, convenience and quality of service. Our outside employees have swapped paper maps for electronic tablets and GPS devices which provide mapping capabilities that allow for more efficient navigation of our electric system. In addition, we are currently replacing our existing automated meter reading system including the replacement of all existing meters.
Automated metering infrastructure or AMI provides more timely readings than traditional meter readers while offering the ability for the system to communicate with the office aiding with outage detection and power restoration efforts.
Technology has also allowed many new options for members to pay bills and better understand their energy usage. Members can access their accounts to examine energy usage, or pay their bill from anywhere in the world using a mobile device, computer or telephone. However, for every gain we make in efficiency or member service there comes with it an ever-increasing focus on compliance and security.
In order to manage all of these cyber assets, and the mountains of data that come with them, utilities like MEC must maintain a robust data integrity and security program. At MEC, working safe is part of our culture, and our approach to cyber security is much the same as our approach to safety. We recognize that safety is the responsibility of every employee and that when we all do our part individually, the safety culture as a whole is strengthened. Likewise, when it comes to cyber security, our individual efforts bolster the overall program for the benefit of the cooperative and its membership.
As a cooperative, we are owned by those we serve. Having a robust cyber security program not only protects the Cooperative, it protects our members.
Securing our members’ financial data is also a priority. In 2015, we implemented a new point of sale system with the inclusion of credit and debit card scanners. This means our members’ cards never leave their possession, and payments pass though a secure payment portal to our software provider’s payment server. In addition, any sensitive data including social security numbers and credit card numbers stored for recurring payments are encrypted and cannot be viewed by employees.
To stay on the cutting edge, one of the many steps we take in our cyber security program is to contract with security experts to test the pieces and parts that make up our cyber defense system. One of the main tests conducted is called a penetration test. A comprehensive penetration test is a “red team” exercise, where a company’s safeguards are thoroughly tested from all possible attack vectors including human, physical and technical attacks. Participating in a penetration test will yield an assessment of your defense strategy, prioritize areas for improvement and offer best practices from the information security industry.
Speaking of best practices, much of what these companies examine are behaviors or practices employees within an organization may have with regard to data integrity and security. Having a well-trained staff that can identify security threats either online or even in the lobby is just as valuable as, or more so than, the lock on the front door.
Ultimately, by taking a holistic approach to cyber security similar to the cultural model we use with safety, our goal is to raise individual awareness and focus on risk identification and mitigation.
The evolution and integration of technology in our industry is not likely to reverse course anytime soon, and it is our obligation as stewards of an ever increasing amount of data to put our consumers first by maintaining cyber security as not just a top priority but a core value in all that we do.
Reader Comments(0)