Lower your risk of a cyberattack
What you can do to prevent the bad guys from breaching your network, stealing your data and compromising your operations
The recent ransomware attacks on JBS Foods and Colonial Pipeline brought home—once again—the growing threats that businesses face from cyber criminals and the risks you run if your computer systems aren’t protected.
Operations at both companies were disrupted for days after their computer systems were breached. Colonial Pipeline paid $4.4 million in ransom last month, although the Justice Department said authorities recovered $2.3 million in the digital currency used to pay the suspected Russian hackers.
JBS Foods, the world’s largest beef and poultry producer, shut down its Australian and United States beef plants after the May 30 cyberattack. It recovered quickly, but the breach has deepened concerns about the vulnerability of our food supply chain.
Cyberattacks are increasing, not just on the largest businesses but small ones too—including those in rural America. Ethanol plants, water systems and other ag-related production facilities have all experienced security breaches.
“Hackers will penetrate and steal from any size of business if they are able to,” says my colleague Melissa DeDonder, business technology consultant at K·Coe Isom.
Small businesses can be vulnerable because they often haven’t kept up with technology. They often believe, wrongly, they’re not big enough to attract tech thieves. And their employees may not be trained to identify and fix security risks.
Whatever the size of your business, it’s crucial that you implement an ongoing prevention plan at your business, along with detection strategies, so if a security breach occurs, you can act quickly to identify it and minimize potential losses.
Here are some vital areas for ag businesses to consider when assessing cybersecurity vulnerability and ways to implement control processes across the entire operation, according to DeDonder and other K·Coe technology advisors:
1. Learn your operation’s cybersecurity risks—and then act. Get help in identifying and evaluating potential risks and their sources. Find out how to address them. Develop a cyber risk-management program to meet every regulatory obligation. Make sure you or another executive manager receive regular updates on operational security. Consider forming a steering committee to regularly review metrics and help balance business goals and security measures.
2. Regularly conduct a penetration test of your cyber defenses. This will help identify vulnerabilities and reveal whether your business’s security program can handle cyber risks. Put a recognized, accepted framework in place. Set up a framework such as the NIST Cybersecurity Framework (https://www.nist.gov/cyberframework) to tackle cybersecurity defense in depth.
3. Keep an inventory of systems, software, data and information. In addition to your equipment inventory, make sure to include all cloud and mobile applications and other third parties who may have access to or control of your data and information. Don’t forget to include a financial ledger or physical-assets inventory for your business and identify the risks associated with each.
4. Evaluate internal and external cybersecurity controls. Check your cybersecurity-related deficiencies in internal controls over financial reporting. Assess and remedy any weaknesses, since these can indicate broader cybersecurity failings. Further, check third-party sources to ensure they align with your policies and controls for data protection. Check to see if they monitor their controls. Consider any risks with suppliers, sellers and contractors that could harm your company.
5. Practice ongoing employee awareness and training for cybersecurity best practices. Make sure employees know their roles and understand how to handle and secure sensitive information.
Remember, ag businesses aren’t immune from data breaches, ransomware attacks or other cyberattacks. Prepare now to avoid big problems later.
Editor’s note: Maxson Irsik, a certified public accountant, advises owners of professionally managed agribusinesses and family-owned ranches on ways to achieve their goals. Whether an owner’s goal is to expand and grow the business, discover and leverage core competencies, or protect the current owners’ legacy through careful structuring and estate planning, Max applies his experience working on and running his own family’s farm to find innovative ways to make it a reality. Contact him at [email protected].