HCE Voices - Meet Ladd Epp, Cyber Security Manager

What is Holy Cross Energy (HCE) doing to keep our members’ information safe?

To break this down a little bit, consider two broad categories that we focus on when securing our members’ data. The first category is technical. Think firewalls, anti-virus, multifactor authentication, network access control – all the technology that we’ve implemented to keep member data safe. The other category is administrative. This is where the Cybersecurity department plays a key role in not only monitoring the HCE network, but also develops policies and procedures, which in turn, help guide employees in keeping member data safe.

What are your top 3 tips for HCE members about how to keep their information safe?

1 –
Only communicate directly with HCE regarding service issues.

Probably the most frequent scam we see is when a member receives a cold call threatening to shut off service unless a sum of money is paid immediately. If this happens to you, hang up call our main line and let us know what happened.

2 –
Think before you click.

Before you click on any link in an email, double-check that there isn’t anything odd. Were you expecting the email, or is there an urgent call to action? Clicking the link might redirect to a bad site to install ransomware or trick you into entering your password.

3 –
Don’t use the same password everywhere.

Websites and companies continue to be frequent victims of data theft. If you’re using the same password for everything and it is stolen on one site, the bad guys will start trying your credentials on other sites. Password managers, and enabling multifactor authentication where possible, are extremely helpful in preventing this kind of attack.

What does a typical day look like for you?

A typical day is really a mixed bag for me and there are more things than I can list. I’m asked a lot of questions! Which is great and means employees are paying attention to ensure member data is safe. I read a lot – we receive reports from other utilities regarding various security events, which helps us understand what to look out for. I spend a lot of time writing, whether it’s developing policy or responding to various cybersecurity-related requests. Finally, our Security Operation Center monitors for threats on our network so there various dashboard screens that we look at.

What’s the best part of your job?

Serving HCE members and employees is the most satisfying part of this role. The Cybersecurity Department spends a lot of time educating employees.  If I can give a presentation that resonates and encourages employees to make a small change to better protect our members, that really gives a sense of purpose to the job.

How has technology changed at the co-op since you started at HCE in 2009?

It’s amazing how much has changed in the last decade. We are leveraging so much more technology, there are many new faces, new ideas, and true digital natives joining our ranks. We’ve become a company that really leans into technology, and I think that only enhances the member experience.