Editor’s Note: DTN / Progressive Farmer recently released a special series titled Cybersecurity and Ag to examine the threat cyber attackers pose to agriculture and explore what farmers, ranchers and agribusiness can do to protect themselves. against these high tech criminals. This is the fifth story in the series.
Sarah Engstrom, Chief Information Security Officer and CHS Vice President of Computer Security, outlines practical steps anyone can take to protect their information and thwart hackers.
1. MAIL FROM EMPLOYEES. Email scams are rife and the primary means for hackers to gain access to data. Email has traditionally been a “one-factor” entry, meaning that the username and password are all that was needed to allow the user to enter. A SAFER WAY is to use multi-factor authentication using authenticator apps through cell phones or other devices.
2. EQUIPMENT HYGIENE. System updates are often released to correct a security issue. The old way was to define it and forget about it when it came to technology. A SAFER WAY is to make updates as soon as they are available. This is called the “fix”. When a system is old and no longer updating its major operating systems, consider replacing the device.
3. BUSINESS OWNERS NEED UPDATES. Assuming your data and connections are secure is wrong in today’s environment. A SAFER WAY is to have a monthly or quarterly conversation with your organization’s IT team or any third-party entity you share data with. Ask if they are spending to secure their platforms, if they have been hacked, and what they have in place to combat future threats.
4. RETHINK INSURANCE. Insurance isn’t just for your home and car anymore. More and more claims are being filed with insurance companies for cyber attacks and related damages; in some cases, insurers refuse to compensate for these losses. A SAFER AVERAGE is for business owners to talk to insurance providers and find out if they are covered for hack loss. Those who find that they are not covered for this type of loss should investigate coverage that will cover the damage.
5. INCIDENT RESPONSE TEAMS. Incident response companies are called in, usually before paying any type of ransom, to assess a hacking situation. Sometimes cybercriminals claim to have stolen data even though they haven’t taken anything important. Maybe this is all a bluff, or enough redundancies are built in that a workaround is achievable. Incident response companies are overwhelmed by the increasing number of cyber attacks. They prioritize customers with existing contractual relationships. A SAFER WAY is to talk to your insurer about the incident response companies they use and would recommend. Examine the cost of a contract with one of these companies for a faster response in the event of a hack.