02/04/2021
When a customer selects a utilities company to receive electricity services, they must provide several key pieces of information to confirm their residence such as home address, date of birth, driver’s license number, social security number, and bank account information.
It’s no secret that customers provide this data, also known as Personally Identifiable Information (PII), to their utilities expecting for it to be kept secure and private. Doing so is a baseline component in providing an excellent customer experience. Failing to do so can pose a critical risk for utilities companies.
Why should utilities prioritize customer data protection?
It is important to stay compliant: Data protection laws have been put in place to protect customers and motivate businesses to secure PII data. If a data breach occurs and personally identifiable information is stolen, the ramifications can include legal penalties such as fines or even imprisonment.
It is important to build protection: Due to the amount of PII information stored by utilities, they are frequently targeted by hackers and are at high risk of malicious activity. By building secure systems and processes, the risk of a breach is lowered.
It is important to make money: Outside of legal fines, a data breach can impact your business financially by damaging your brand and ultimately losing current and future customers. According to IBM’s 2020 Data Breach Report, the energy industry has the second highest cost of data breaches at $6.39 million.
It is important to build trust: Customers shouldn’t have to worry if their data is at risk with a utility company. Putting processes and systems in place to protect PII data shows your customers that they are top of mind.
What are some strategies for protecting customer data?
Sendero has partnered with utilities clients to find the best solution to improve current data protection processes and systems. Simple steps and maintenance can drastically decrease the likelihood of a data breach:
Consider priority of data
– When reviewing an effort to protect customer data, take it one step at a time and determine what information is most important to protect. Classification criteria could include public data, private data, and restricted data.
Identify and document processes that use customer data
– Once your data is classified, dive into the processes and systems that handle the highest priority data. You are likely to find opportunities to improve availability, storage, and processing of that PII data.
– At Sendero, we are diligent in defining key processes and identifying gaps where customer data may be at risk. We partner with our clients to determine a mitigation plan and can help manage the overall data protection initiative.
Change processes and communicate value
– Document opportunities found in your company’s processes and systems and gain buy-in from those involved in the day-to-day process. When changes in data availability and handling need to be implemented, the business will ultimately be your ally to champion the change and affect the overall success of the effort.
– Involving change management activities is a major component to a successful data protection initiative. We have experience in driving communication efforts with business stakeholders to ensure they understand the purpose of the change and how to work in the “new normal” in a way that generates excitement.
How can companies go the extra mile to protect customer data?
As the intelligence of security technology evolves, so do cyber criminals and malicious software. Continually staying ahead of the curve can decrease the likelihood of a data breach. In order to keep pace with the evolution of security technology, some utility clients are exploring additional solutions to go one step further in protecting PII data.
- Encryption: Encrypting PII is a solution to protect your data at rest or in transit. Depending on where your data lives, this may be possible to do as an out-of-the-box feature or could require some configuration changes. In addition, there are several tools you can implement to automate the encryption process based on the previously defined data classification.
- Tokenization: Technical solutions that implement tokenization of PII data make it so that the data does not leave the organization because it requires access to a token vault or database. Tokenization is a step up from encryption based on security strength, but is best used to protect structured data.
- Tabletop Exercises: Facilitate a session for incident response team members to discuss roles and processes during an emergency situation. Schedule on a quarterly or annual basis to ensure these processes are discussed regularly so opportunities can be identified and remediated. This way, if a data breach does occur, your company is prepared.
When data is breached, not only is the company’s image damaged, but so is the customer’s trust, resulting in a potential loss of business. As a utilities provider, ensuring customer data is secure will set the company up for success and help maintain trust so you can continue to “keep the lights on” with an exceptional customer experience.