• Understand what sensitive, personal, and critical data, assets, processes, and systems your co-op stores and uses.
  • Determine what threats and vulnerabilities your co-op faces.
  • Understand what access third-party vendors have to your system.
  • Assign responsibility for enforcing cybersecurity policies to a senior manager.


  • Restrict network access to an employee’s specific job requirements.
  • Use firewalls to segment your internal network.
  • Use two-factor authentication and consider IP whitelisting for sensitive and critical systems.
  • Change all default passwords on your computers and operational devices.
  • Use long, strong passwords and update passwords every six months.
  • Eliminate unnecessary communications between all computers and devices on your network.
  • Disable all unnecessary services running on your computers/servers.
  • Update and patch operating systems and software on a regular basis.
  • Perform regular security awareness training for all employees.


  • Maintain anti-virus and anti-malware solutions and review firewall rules regularly.
  • Perform regular vulnerability assessments, at least once a year.
  • Maintain and monitor logs on sensitive and critical systems.
  • Consider using an intrusion-detection system to identify anomalous behavior on your network.
  • Hold monthly calls with other co-ops on the latest cyberthreats and solutions.


  • Integrate cybersecurity into incident-response, business-continuity, and crisis-communications plans, and hold practice drills regularly.
  • Isolate the impacted computers, devices, and/or systems, and work with professionals to perform forensic analyses.
  • If you have cybersecurity insurance, contact your insurance provider for assistance.
  • Contact the Electricity Information Sharing and Analysis Center (E-ISAC) if appropriate.
  • Consider contacting the Electricity Sector Coordinating Council’s Cyber Mutual Assistance (CMA) Program.


  • Back-up files, store back-ups in locations not connected to your network, and test back-ups regularly.
  • Understand your legal obligations with the assistance of counsel.
  • Perform a post-incident review, and update policies and procedures as needed.

NOTE:  This list does not include all options and is provided as a general resource.


Cybersecurity Insert Featured Stories

Main Story: Cyber Cooperation
Defense in Depth: Who Should have Access?
Human Resources' Role in Cybersecurity
Defending Your Co-op's Network: Options and Resources to Help
Taking Stock: A New Tool to Assess Cybersecurity