Identify
- Understand what sensitive, personal, and critical data, assets, processes, and systems your co-op stores and uses.
- Determine what threats and vulnerabilities your co-op faces.
- Understand what access third-party vendors have to your system.
- Assign responsibility for enforcing cybersecurity policies to a senior manager.
Protect
- Restrict network access to an employee’s specific job requirements.
- Use firewalls to segment your internal network.
- Use two-factor authentication and consider IP whitelisting for sensitive and critical systems.
- Change all default passwords on your computers and operational devices.
- Use long, strong passwords and update passwords every six months.
- Eliminate unnecessary communications between all computers and devices on your network.
- Disable all unnecessary services running on your computers/servers.
- Update and patch operating systems and software on a regular basis.
- Perform regular security awareness training for all employees.
Detect
- Maintain anti-virus and anti-malware solutions and review firewall rules regularly.
- Perform regular vulnerability assessments, at least once a year.
- Maintain and monitor logs on sensitive and critical systems.
- Consider using an intrusion-detection system to identify anomalous behavior on your network.
- Hold monthly calls with other co-ops on the latest cyberthreats and solutions.
Respond
- Integrate cybersecurity into incident-response, business-continuity, and crisis-communications plans, and hold practice drills regularly.
- Isolate the impacted computers, devices, and/or systems, and work with professionals to perform forensic analyses.
- If you have cybersecurity insurance, contact your insurance provider for assistance.
- Contact the Electricity Information Sharing and Analysis Center (E-ISAC) if appropriate.
- Consider contacting the Electricity Sector Coordinating Council’s Cyber Mutual Assistance (CMA) Program.
Recover
- Back-up files, store back-ups in locations not connected to your network, and test back-ups regularly.
- Understand your legal obligations with the assistance of counsel.
- Perform a post-incident review, and update policies and procedures as needed.
NOTE: This list does not include all options and is provided as a general resource.
Cybersecurity Insert Featured Stories
Main Story: Cyber Cooperation
Defense in Depth: Who Should have Access?
Human Resources' Role in Cybersecurity
Defending Your Co-op's Network: Options and Resources to Help
Taking Stock: A New Tool to Assess Cybersecurity