Continued Commitment to Cybersecurity
In a time when our industry’s infrastructure, technologies and information systems are under new threats and security risks from cyberattacks, a key focus for CenterPoint Energy is proactively protecting our digital systems and data through a comprehensive cybersecurity management program.
CenterPoint Energy’s Cybersecurity Operations Center (CSOC) is the hub of our companywide cybersecurity program. CSOC personnel analyze threat information from external sources, monitor network activity and respond to users who receive questionable emails. Phishing campaigns conducted by bad actors are a serious threat to our network, employees and data.
CenterPoint Energy’s Cybersecurity Awareness Program
A robust Cybersecurity Awareness Program helps employees and contractors across the company identify vulnerabilities and minimize risks. Cybersecurity-focused employee communications, one-click phishing reporting and other tracking and reporting tools help protect our company’s information assets.
The Phishing Education and Resistance Program provides employees the knowledge to avoid social-engineering attacks by offering:
- Cybersecurity awareness and proactive training
- Educational experiences in the form of monthly phishing simulations and response training
- Remedial response steps for failures to simulated phishing campaigns or actual social engineering attacks
CenterPoint Energy’s Phishing Education and Resistance Program for Employees
As part of CenterPoint Energy’s Phishing Education and Resistance Program, which was launched in early 2020, simulated emails are sent to employees monthly to help sensitize them to social engineering attacks and help Information Technology address the risk presented by actual attacks. Phishing campaign results are included as a safety metric for CenterPoint Energy’s short-term incentive program.
CenterPoint Energy’s Phishing Education and Resistance Program for Contractors
Contractors are covered by a separate Phishing Contractor Compliance initiative, which is detailed in the company’s Contractor Phishing Compliance Program Charter.
National Cybersecurity Awareness Month
CenterPoint Energy is a proud champion of National Cybersecurity Awareness Month, an effort to raise awareness about the importance of cybersecurity and encourage online safety. Throughout the month of October, we distribute various cybersecurity safety tips via email, posters and social media posts.
The Governance, Environmental and Sustainability Committee of the Board oversees cybersecurity for the company and regularly reviews cybersecurity programs, practices, initiatives, risks and mitigations, and strategies. The full Board of Directors receives periodic updates regarding these cybersecurity matters.
The Information Security Team, under the Director of Corporate Cybersecurity, is responsible for running and maintaining the methodology, processes and architecture that support the company’s Enterprise Systems Cybersecurity Plan.
Information Security’s responsibilities include:
- Ensuring management is aware and knowledgeable of potential and identified risks and mitigations.
- Ensuring regulatory requirements are up to date and have been fulfilled.
- Performing Enterprise Systems Risk Assessments.
- Interpreting policies and standards as they relate to enterprise systems.
- Helping in the development, execution and implementation of remediation management.
- Remaining abreast of current cybersecurity trends and threats.