By Cathy Lennon, General Manager, Ontario Federation of Agriculture Experts agree that in today’s connected world, it’s a matter of when, not if, a business will face a cyber security problem. Breaching incidents of all kinds, whether it’s compromised information, financial fraud or data that is held hostage until a ransom is paid are on the rise, and agriculture is not immune to these threats. Recent incidents in our sector have affected Quebec’s general farm organization, the Union des Producteurs Agricoles, and Ontario crop input retailers who had customer lists and credit card information held for ransom. Business was severely interrupted – and the path to not just regain access to data, but the trust and confidence of customers, employees or other stakeholders is a long and costly one. Outdated, unmaintained systems running old software no longer being updated is one of the most common vulnerabilities – and is widespread, especially in small businesses. Research by Professor Ali Dehghantanha, a University of Guelph Canada Research Chair in cyber security and threat intelligence, shows that the last software update in 90% of farming systems was years ago, and most farms don’t have a software patching or updating policy. Lack of data backup leaves a business particularly vulnerable in a security breach, and can also be a serious problem in case of computer or server failure, or a virus, for example. People also represent a cyber security risk. Lenient approaches to who has access to on-farm systems, such as sharing passwords, using a single login for all users or not removing system access from employees who no longer work for the business can leave a business vulnerable. As well, a lack of awareness amongst farmers, their families or their employees of scams like phishing emails, where fake messages encourage users to click on potentially damaging links or share information, is also a challenge. It used to be easy to pick out a phishing email through a strange sender address, poor grammar or content that didn’t make sense. Now, cyber criminals are getting more and more sophisticated, such as, sending a clear, concise message to the HR department from an email address that is incredibly close to an employee email address and advising of an address or bank account change with a request to “update the employee records”. If the person reading that email doesn’t notice any inconsistencies or a business or organization doesn’t have a multi-step authentication policy, this can easily lead to a non-recoverable financial loss if a payroll deposit goes into an incorrect bank account, for example. There is no such thing as 100% security, but with cyber criminals looking for weak or vulnerable targets, experts suggest taking steps to minimize risk as much as possible. A few simple steps include:
Yes, it can be tedious and there is some cost involved, but every day, week or year that we protect our businesses and prevent problems is invaluable. For more information, contact: Tyler Brooks Director of Communications and Stakeholder Relations Ontario Federation of Agriculture 519-821-8883 ext. 218 [email protected]
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
Archives
April 2024
Categories |