LAS VEGAS—Yours is a small co-op, maybe a few thousand members and two dozen or so employees. Who could possibly want to target you for a cybercrime?

"The amount of money that comes from cybercrime is really driving a lot of these incidents and I definitely think that any small business is susceptible—including the co-ops. This is not about being big," said Cynthia Hsu, cybersecurity program manager in NRECA's Business and Technology Strategies Department (BTS).

"When some of these automated attacks go out they're not looking at how big you are. They're just looking for an opening in your IT system, in your network. They're looking for a door that's open."

Contrary to the stereotype of a kid in his room with a laptop, Hsu stressed that automated attacks are commonplace.

"Who you are, how big you are is invisible in some of these cybercrime attacks."

In many cases, clicking on an email link can unleash a ransomware attack that holds your co-op hostage, Hsu told the 2018 NRECA Directors Conference.

For small co-ops without IT departments, she said to make sure both the co-op and the IT provider have a clear understanding of what you want from them in terms of cybersecurity.

"Have a very candid conversation about what they do and what they don't do," she said. "No one is going to be able to do all of this for you. It's going to be a variety of service providers."

Cybersecurity is a process of continuous improvement. Hsu likened it to another co-op priority: safety.

"How many of you are going to be done with your safety programs?" she asked and then looked at the crowd for raised hands. "Right. Not going to happen."

Cybersecurity is the same, she said. You get better, but you never get to "done."

For co-ops with limited or no IT staff, Hsu recommends NRECA's Rural Cooperative Cybersecurity Capabilities Program, or RC3. Using a $7.5 million U.S. Department of Energy grant, Hsu and her team developed a self-assessment toolkit to help co-ops begin or enhance their cybersecurity efforts. The toolkit will be released soon, and Hsu called it a great way to assess where your co-op is and where it needs improvement.

More news on co-ops and cybersecurity:
Cybersecurity Questions You Need to Be Asking
Cybersecurity Responsibility Belongs to Every Co-op Employee