Cybersecurity at Sempra Energy is about people, process and technology working together.
People
The information security team conducts regular penetration tests and analyzes the results to improve existing controls and identify opportunities for improvement. Members of this team also participate in department staff meetings, safety stand downs and safety congresses to provide perspective and training on cybersecurity issues. Individual employees across the company support these efforts as “cybersecurity champions,” sharing relevant information with their teams.
Process
Our information security awareness program includes periodic communications, company-wide events and campaigns, mandatory annual web-based training, facility-specific town hall events and a cross-business advocacy program. The company supports these efforts with articles, website communications and digital signage.
Technology
An automated SPAM reporting button in Microsoft Outlook allows easy one-click reporting of suspicious and unwanted emails. In fact, to keep this reporting option top-of-mind, the cybersecurity team utilizes “fake” phishing attempts and sends congratulatory messages when employees take the correct action by clicking the SPAM button. Sempra’s 24/7 Information Security Operations Center (SOC) also responds to reports of suspicious email. The SOC can pull a suspicious email from the enterprise, reducing the risk of infecting other users or devices.
Protecting company information and digital assets remains a top management priority.