Editor’s Note: Over the past two weeks and next week, DTN / Progressive Farmer is releasing a special series called Cybersecurity and Ag to investigate the threat posed by cyberattacks to agriculture and what farmers, ranchers and agribusinesses can do to protect yourself from high-tech criminals. This is the fifth story in the series.
Sarah Engstrom, CHS Chief Information Security Officer and Vice President, IT Security, offers practical steps anyone can take to protect their information and deter hackers.
1. EMPLOYEE MAIL. Email fraud is widespread and one of the main ways hackers can access data. Email is traditionally a “single factor” entry, meaning that username and password are all that is required to let the user in. A SECURE WAY is to use multi-factor authentication with authentication apps on cell phones or other devices.
2. EQUIPMENT HYGIENE. System updates are often released to address a security issue. The old way was to set it and forget about it when it came to technology. A SAFE WAY is to provide updates as they become available. This is known as “patching”. When a system is old and has stopped updating its major operating systems, consider replacing the device.
3. BUSINESS OWNERS NEED IT UPDATES. Assuming your data and connections are secure is a mistake in today’s environment. A SAFE WAY is to have a monthly or quarterly meeting with your company’s IT team or with any third party you share data with. Ask if they are spending money securing their platforms, whether they have been hacked, and what they are doing to ward off future threats.
4. RETHINK INSURANCE. The insurance no longer only applies to home and car. More and more claims are being asserted against insurance companies for cyber attacks and the associated damage; in some cases, insurers refuse to compensate for these losses. A SAFE WAY is for business owners to speak to insurance providers and know if they are insured for losses in the event of a hack. Those who find they are not insured for this type of loss should seek coverage that covers damage.
5. INCIDENT HANDLING TEAMS. Incident response companies are usually called in before paying a ransom to assess a hacking situation. Sometimes cyber criminals claim they stole data even though they didn’t take anything important. Maybe the whole thing is a bluff, or there is enough redundancy built in to allow a workaround. Incident response companies are overwhelmed by the increasing number of cyber attacks. You prioritize customers with existing contractual relationships. A SAFE WAY is to talk to your insurer about the incident response companies they use and recommend. Check out the cost of contracting one of these companies to be able to react faster in the event you get hacked.