By: Sarah Cornelisse*
How many people use the computer through which you access your business’s financial accounts? Have you shared your Facebook password with an employee so that they can post to the business’s page? Have you ever clicked on a link in an email even though you weren’t sure of the sender? You may think nothing serious could happen, but…
How many people use the computer through which you access your business’s financial accounts? Have you shared your Facebook password with an employee so that they can post to the business’s page? Have you ever clicked on a link in an email even though you weren’t sure of the sender?
You may think nothing serious could happen – you trust your family and employees, you think your business is small and unimportant compared to businesses such as Amazon, PepsiCo, or financial institutions.
“However, the food and agriculture industries of all sizes is increasingly reliant on computerized systems and continues to adopt smart technologies. Coupled with the vital function of the industry, food, and agriculture businesses are prime targets for cybercriminals.”
Recent examples of cybersecurity breaches include an attack on JBS USA in 2021 and on Dole Food Company in early 2023 (Lyngaas, 2023).
While these are large agribusinesses, a 2014 survey of Illinois farmers found that just over half of respondents had experienced a computer security breach, and almost half of those breaches had occurred within the previous year (Geil et al., 2018).
Successful attacks have the power to disrupt production operations and negatively impact the supply chain. Consider the ramifications of a network breach on records required for the timely sale and transport of your products, for instance.
Cyberattacks can result in significant financial losses as well. Costs can accrue from needing to hire specialists to diagnose and fix the immediate problem, the purchase of new software or software updates, and the replacement of damaged hardware, to the payment of a ransom to regain control of your system or access to your data.
Finally, there are intangible outcomes as well, such as the loss of peace of mind and reputational damage.
Types of threats
The key threats to be aware of are ransomware, malware, and phishing.
Ransomware is malicious software that allows a hacker to take control of your website or aspects of your system that are online while also locking you out. The hacker will usually contact you or leave a message somewhere for you to see, demanding money in exchange for returning control back to you.
“The hacker may deface your website or leverage its features in ways your customers will notice to encourage quick payment while also demonstrating they have the control they claim.”
Malware is malicious software that you may or may not notice. Either the hacker uses it to quietly capture data coming and going from your network or website or they use it to run their own software from your website, in the background.
In some cases, malware is simply used to deface your website for no specific reason. Both ransomware and malware typically use security flaws in your website, software applications, or hosting to get in. Keeping your software up to date is critical to reducing avenues for malicious software to be installed.
However, sometimes these types of programs can be found within infected copies of software that would normally be trusted. Therefore, it’s also important to be very careful to only install software directly from trusted sources.
Phishing occurs when an attacker tricks someone into providing personal or private information, such as contact details, important numbers like a social security number, or credit card information.
Hackers will employ methods to make their attempts to get information appear official or trustworthy. Phishing will use logos, text, email addresses, and domain names that are copied or very similar to the real business or organization.
Understanding the types of threats your business is faced with is just one step toward protecting yourself. It is equally important to assess your systems and business operations to identify potential vulnerabilities. By doing so, you can develop a defensive strategy and response plan.
Start with your employees. Are they aware of the types of cybersecurity threats that exist and areas of the business that could be exposed points, such as email communications or cloud-based software applications? If not, consider developing a training program that includes routine refreshers.
“Employees who understand the severity of a cyberattack on the business side, there will be more likely to follow best practices, such as those outlined in the next section.”
Assess how computers are being used and by whom. Are networked computers used for managing operations or financial accounts also being used to browse the internet?
Are family members using business computers for non-business purposes, such as accessing social media or playing online games? Computers used for sensitive information and systems should not be used in a manner that opens the door for a potential attacker.
Is the business’s wifi network secure? If you allow family or employees to connect additional devices (personal cell phones, tablets, etc.) to the network, this provides another pathway for a cybercriminal to gain access. This same situation exists if you leave your network unsecured.
Passwords are another point of vulnerability. Password strength, or complexity, is critical because it may determine how quickly your password can be guessed. Hackers will use information gathered from phishing or other stolen data to make educate guesses.
“They may also employ special programs that are designed to test word and character combinations until the correct password is discovered.”
Passwords should be lengthy and contain a variety of letters, case, numbers and symbols while avoiding names and words to maximize the time password guessing software may take to find your password. Weak passwords may be guessed in just hours or days, while strong passwords could take months or years and require lots of resources.
Steps to protect yourself
The best protection is to create a cyber defense strategy. What can you do to protect your business?
1.Never respond to requests for social security numbers, bank account numbers, or other identifiable information via email.
2.Create strong passwords and store them in a secure manner. Don’t leave a list of passwords lying on your desk or in a file on the desktop of your computer. Consider using a password manager. What can you do to protect your business?
3.Install critical software updates in a timely manner. Updates take time, often require restarting computers, and become available at inopportune times, making it easy to postpone their installation, but the 5-10 minutes required to install updates will be nothing compared to the time, and money lost from a security breach.
4.Train employees to identify vulnerabilities, such as email phishing, and to employ the best practices, such as using strong passwords.
5.Regularly back-up data. Having data backed up means that you have something to go back to should an attacker gain control or destroy data that they are able to access.
Taking the steps to protect your business on an ongoing basis will be well worth the time and effort. Not only will your risk be minimized, but you’ll also be prepared to respond and recover quickly should an attack occur.
Where trade names appear, no discrimination is intended, and no endorsement by Penn State Extension is implied.
References and sources consulted by the author on the elaboration of this article are available under previous request to our editorial staff.
*Sarah Cornelisse is a Senior Extension Associate of agricultural entrepreneurship and business management at Penn State University in the Department of Agricultural Economics, Sociology and Education.
Sarah has expertise in direct marketing, valueadded dairy entrepreneurship and marketing, the use of digital and social media for agricultural farm and food business marketing, and business and marketing planning and decision making.
Originally from New York State, she has a B.A in mathematics from the State University of New York at Geneseo, and M.S. degrees in Agricultural Economics and Animal Science, both from Penn State University.
Correspondence email: firstname.lastname@example.org
Editor’s note: references cited by the author within the text are available under previous request to our editorial team.