Illustration of data security best practices for energy utilities

Data Security: Critical Trends for Energy Utilities

Few industries reach as wide and varied an audience as energy utilities. In fact, just about everyone is an energy utility customer — which means, when it comes to the growing challenges around data and email security, energy utilities have a lot more customer information to protect compared to other companies.

It is a critical responsibility to protect private data on behalf of our customers and communities. And yet, just like all other companies, utilities are often at risk for malicious attacks. As such, it’s imperative for energy utilities to stay informed of the latest trends in data security and compliance.

Understand how the risks of data management are assessed

Depending on the particular use case, your energy utility may need to comply with one or a variety of types of data management standards, whether directly through your utility or third-party vendors. These could include:

  • PCI DSS: Payment Card Industry Data Security Standard applies to any company that stores, processes or transmits cardholder data or sensitive authentication data
  • SOC 2: Auditing procedure that ensures data is securely managed and protects the privacy of customers
  • FedRAMP: Federal Risk and Authorization Management Program is a federal initiative that provides a standardized approach to cloud security
  • NIST 800-53: Provides a catalog of security and privacy controls for all U.S. federal information systems and are continuously updated for federal agencies
  • NERC CIP: North American Electric Reliability Corporation distributes standards of security for all North American bulk electric system providers

If you work with third-party vendors, you need to understand what standards they follow. For example, Questline is SOC 2 certified and rigorously undergoes a yearly audit to ensure conpliance. This means that we are verified in complying with the trust principles of SOC 2, including security, availability, processing integrity, confidentiality and privacy.

Data security in the cloud

According to GreatHorn’s 2021 Email Security Benchmark Report, “Organizations are continuing their migration from on-premise email solutions to cloud native solutions. While 24% of organizations are still running on-premise email solutions, 77% have plans to move to cloud native email solutions.”

The cloud has the potential for quicker customer responses, increased reliability and lower costs. However, it needs a strategic approach to security. By using cloud servers over the internet, your energy utility would no longer need to manage physical servers or manually run software applications.

Although there are many benefits to cloud computing, there are security risks. If moving to the cloud, your energy utility needs to ensure plans are in place to maintain security and privacy.

Data security is a concern for IT pros and customers

Your customers’ privacy is of utmost importance. Energy utilities are already a target for malicious users. Phishing schemes are one of the most common tactics used by hackers to attempt to obtain sensitive information. They pretend to be a utility employee and threaten power shutoffs if the customer doesn’t pay. In fact, the GreatHorn Email Security Benchmark Report says the top threat that concerns most IT professionals are “people impersonations” followed by “payload attacks.”

The report also says that daily phishing attacks have decreased from 35% to 25% from 2020 to 2021. In contrast, weekly and monthly attacks have increased from 28% to 42% and 11% to 17% respectively, “supporting evidence that cybercriminals are becoming more sophisticated and targeted in their attacks.”

If IT professionals are most concerned with these cyberattacks, then it can be said that your customers are as well. No one likes to be misled, especially when it comes to finances. Your energy utility needs to make sure it is listening to your customers’ concerns about their privacy and security, while highlighting how your energy utility is working to alleviate those concerns. To gain greater trust with your customers, continue to warn and educate them about the possibilities of these attacks and what to do when one happens.

What energy utilities should know about data security

In today’s digital age, security and privacy are always top-of-mind concerns for consumers. Transparency and education about how companies use this information is important to share with customers, no matter the industry. For energy utilities, in particular, it’s vital to ensure you’re achieving security and compliance best practices and shedding light on these initiatives. Your energy utility will be better protected, and your customers will thank you for it.

Questline’s experts understand the unique regulatory and data security needs of energy utilities.