Above-and-Beyond Cybersecurity Measures

Last November, a small electric cooperative in Colorado became the victim of a cybersecurity attack that paralyzed the co-op’s payment processing, billing, and other internal systems. Industry news reported the co-op suffered a massive data loss and likely was the victim of ransomware, a type of malware that threatens to publish or block access to data until a ransom is paid. It took the co-op weeks to bring its systems back online.

What transpired at Delta-Montrose Electric Association—a co-op with 35,000 meters—is a sober reminder that small and rural co-ops are targets too.

Cybercriminals have expanded their targets beyond big business as they realize enormous profits by casting an ever-widening and deeper net. As a result, small business security breaches are escalating.

The amount of potential money to be extorted proves too tempting. The cybersecurity industry reported ransomware victims paid a total of $18 billion in ransoms worldwide in 2020. Another study reported the average ransomware payment jumped to over $300,000 in 2020, from $115,000 in 2019.

First and foremost, Central Electric focuses on keeping members’ data safe. Throughout the years, our information technology team has implemented multiple layers of security protection to safeguard the co-op and members’ information. To learn more, I encourage you to read the article on page 4, which highlights those measures and suggests steps you can take to protect yourself from cybercrime.

Just more than 85% of data breaches involve a “human element” as cybercriminals prey on individuals to gain access to one’s computer or a business’ computer system’s portal. The primary tactic deployed by cybercriminals is through social engineering, the attempt to manipulate an individual’s emotions to prompt them to take immediate action. The most common tools of their trade to do this are phishing (emails), smishing (text messages), vishing (voice messages).

Phishing is the most prevalent. Almost anyone who has an email account has received one. A relative or friend who needs money sent to them immediately or your credit card company is urging you to take action because of fraudulent use are just two of countless scenarios. While some phishing emails are easy to detect, cybercriminals have become increasingly sophisticated in their deception and luring individuals to act before realizing their mistake too late.

While CEC employees are daily targets of numerous phishing emails, one rarely shows up in their inbox. Our information technology team has implemented extensive technological controls that scan and filter out malicious emails.

If, however, a phishing email breaks through, our employees—the human firewall—are trained year-round to recognize them and report them immediately to our IT personnel. Our mantra is: STOP, LOOK, and THINK.

While past success is no guarantee for the future, members can take comfort in knowing we continually strive to go above and beyond to ensure our IT systems and your data remains protected.