Situation
Serving the community takes on different faces—non-profit groups, corporate outreach programs, neighborhood churches. But, what about an energy efficiency company? Since 1977, CMC Energy Services (CMC Energy) has empowered communities by delivering energy efficiency solutions for a more comfortable, affordable, and equitable future. CMC Energy is driven by a simple vision of creating a more livable and sustainable planet for all. For nearly 45 years, the team of technical experts at CMC Energy, a certified womenowned business (WBENC), has managed electric and gas energy efficiency programs and water conservation programs. At the heart of their work is a history of support for more than 100 energy efficiency programs for a complex network of more than 35 utility clients spread across ten states. CMC offers expertise managing a wide range of programs, targeting audiences from homeowners to plant managers through a comprehensive suite of program management and on-the-ground customer services. The best cyber defense is vital to protect their data with a network responsible for serving millions of people.
Paul Mackay, MBA, Chief Information Officer (CIO) of CMC Energy, reached out to a proven leader in the cybersecurity space, Vancord, which he commissioned to perform a vulnerability assessment.
“CMC Energy has been driven by a simple mission: to deliver energy savings to America’s neediest families,” said Mackay
CMC Energy requested Vancord to look over their entire infrastructure to determine risks, unfortified areas of data, and evaluate their current resources to safeguard hacker tools like spear phishing, denial of service (DDoS), viruses, and specifically, ransomware. CMC Energy believed ransomware was one of the most critical areas of concern for their business. Vancord agreed and got to work shaping a proactive approach to protecting the company’s customers, data, and reputation.
Solution
“It is essential to validate,” said Mackay. “Making sure no stone was unturned is critical to the success of any vulnerability assessment. Vancord’s expertise and experience provided the insights needed to ensure the most critical vulnerabilities were addressed.” Together, CMC Energy and Vancord began a comprehensive vulnerability assessment of information technology resources to discover how to fortify the energy efficiency company best to protect its customers and their data.
Results
Vancord put its insight and ability to the test and prepared a comprehensive assessment through vulnerability scans, technical observations of systems, and an administrative review of critical business processes. By scrutinizing CMC Energy’s security posture, Vancord provided a prioritized roadmap of areas they can strengthen along with specific remediation guidance.
The vulnerability assessment process includes:
- Proactively identifying potential gaps in IT infrastructure
- Evaluating overall adherence to industry standards and best practices
- Analyzing perimeter and internal defenses and system configurations
- Assessing authorization levels for access to networks and systems
As an outcome of Vancord’s combined automated industry-standard scanning and manual analysis of configurations and environments, CMC Energy became aware of potential cybersecurity gaps and received practical guidance on how best to prioritize and mitigate vulnerabilities. CMC Energy has increased hypervigilance to protect their clients’ information by upgrading their cybersecurity.
Safeguarding data and achieving the best cyber health allows CMC Energy to supply outstanding customer service. In addition, they continue to find innovative ways to deliver value to their customers and communities.
