Are you the weak link exposing the data of thousands of farmers?
Why would cyber criminals be interested in the data on your farm? Because cyber criminals are looking for easy access to insecure information all the time. Afterall you’re a business, likely with good credit ratings and lines – you are quite attractive to a cyber criminal.
Of course, they are also attracted by your access to large companies, such as your chemical companies, or farm management technology – hack into their systems and the cyber criminals have access to all kinds of lucrative data. You are the weak point in the chain. If your security is weak, you could be the entry point to access the data of thousands of other farmers.
Have you ever thought about what would happen is someone stole your data from your last planting season, or turned off the barn ventilator on a hot day?
What if your data was kidnapped and you had to pay ransom to get it back? If these seem like far-fetched scenarios, you might be surprised to learn that each one of these scenarios, and many more, had already happened to farmers?
During the 2020 Farms.com Virtual Precision Ag Conference, Dr. Hadis Karimpour reviewed some of the potential risks that farmers face.
Managing data on farms is increasing important with the emergence of smart farming over the past several years says Dr. Karimpour. Smart farming refers to technologies used on a farm, such as the Internet of Things (IoT), robotics, precision agriculture, livestock monitoring, drones, farm management systems, etc. Dr Karimpour shared that there has been a 20% annual increase in the number of IoT devices on farms.
Dr Karimpour says that her research has unfortunately revealed that security is not a priority for farmers and that many farmers believe their Internet service provider is responsible for Internet security, but she points out that this is not true.
“The connected nature of the digital technology in agriculture means there are lots of different end points, such as laptops, monitors,” she says. But she warns that if farmers are using an unsecure system, they are putting their farm at risk. She says it is like having a strong house, but leaving the house door opens so thieves can get in.
Awareness of the issue is key to any defence, a little prevention can make a big difference. Most system breaches are caused by users (people) and their behavior, such as they click on links in phishing emails.
Dr Karimpour made a number of suggestions to ensure your on-farm computer systems are secure. Farms.com also spoke to our own IT services division and came up with the following recommendations.
- Use different passwords for each account that you have. For example, don’t use the same login and password for your Amazon.ca account and your Bank Account. If one of those accounts gets hacked, then the other account also has the potential to be accessed by a hacker.
- Make sure to use a complex Password (including capitals, numbers and special characters) and/or a pass phrase (a simple sentence or phrase that you can easily remember)
- Do not share passwords between farm team members
- Passwords should also expire and be reset at least every 3 to 6 months. This will naturally stop any hacked account logins that exist in shared hacker databases
- Use MFA or Multi Factor Authentication, such as the Microsoft or Google Authenticator app on Apple or Android Phone
- Use a Password management tool like Last Pass, which can be installed on your phone and integrated into browsers to easily store and use complex passwords for all your websites and applications
Software Updates and Antivirus
- Keep your computers and server software up to date to prevent hackers from easily accessing your device due to newly discovered “Zero Day” vulnerabilities
- Make sure you have an up to date antivirus to stop any of the common threats that can be installed on your system
- Even the built in Windows anti-virus can help mitigate many of these threats if you don’t have a centrally managed business class antivirus.
Migrate Away from Unsecure Technologies
- Old technologies such as FTP for file uploads should be avoided, as account info can be easily accessed by attackers
- Websites should have SSLs in front, especially if it passes along sensitive data like user account information and online purchases
Email Best Practices
- Be aware of the following threats when reading your email:
- Phishing Emails
- Some phishing emails will pretend to be a trusted contact such as a Bank, trusted website, or even an employee from your business, in order to make you interact with them – look carefully at the senders email to see if it is authentic.
- Do not open attachments you are not expecting
- some hackers may send the following
- modified invoice documents with their banking details to send money to
- custom malware such as ransomware that encrypts and locks all files on your network
- They may also send these malicious attachments by linking them to another website
- These websites will often ask you to provide your login info as well as sensitive information
- Emailing sensitive data, such as credit card numbers, social insurance numbers, passwords etc, should be avoided as most emails are plain text and not encrypted. Treat sending an email like sending a postcard in the mail, when any person that delivered your postcard could have read what was on it.
- Protecting and securing your business is not just about securing your network for threats. A large majority of compromises come from users that inadvertently either by providing credentials or mistakenly installs a piece of malware granting network access to an attacker
- As much as you try to physically and electronically protect your business, the weakest link in any structure will be the first to get exploited
- Training your users about potential risks and proper protocols is just as important as locking down your infrastructure
Business Continuity and Disaster Recovery Planning
- With the ever-increasing risk of online and physical disasters, it is extremely important to keep updated backups of your company data offsite in a separate location, either with USBs, external hard drives, or a cloud backup service
- 1 in 8 Businesses that suffer a large data loss or data breach will typically go into bankruptcy
- Make sure to have an up to date Disaster Recovery plan to know who the key people and vendors are in case of a network or physical disaster
- Take advantage of Cloud Platforms such as Office 365 for
- Email with Outlook
- Communications with Teams (Video, Team chat and file sharing)
- Office applications
- This can help to centrality manage all your employee accounts and promote communications and collaboration
- All your data will be securely stored and backed up in Microsoft’s Cloud
If you need help with security for your farm or agribusiness, be sure to contact the Farms.com Professional Services Team.